Lucene search
K

98 matches found

Cvelist
Cvelist
added 2011/05/20 10:0 p.m.19 views

CVE-2011-2148

Admin/frmSite.aspx in the SmarterTools SmarterStats 6.0 web server allows remote attackers to execute arbitrary commands via vectors involving a leading and trailing & ampersand character, and 1 an STTTState cookie, 2 the ctl00%24MPH%24txtAdminNewPasswordSettingText parameter, 3 the...

7.7AI score0.05321EPSS
Exploits0References4
CVE
CVE
added 2011/05/20 10:0 p.m.49 views

CVE-2011-2155

The CVE-2011-2155 entry concerns SmarterTools SmarterStats 6.0. The vulnerability arises in Login.aspx where a password form field (ctl00$MPH$txtPassword) is generated with autocomplete enabled, which can enable an attacker to bypass authentication when a workstation is left unattended. According...

7.5CVSS7.2AI score0.03913EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2011/05/20 10:0 p.m.60 views

CVE-2011-2152

The CVE-2011-2152 entry concerns SmarterTools SmarterStats 6.0 web server behavior: responses to GET requests with certain query strings (Client/frmViewReports.aspx or UserControls/Popups/frmHelp.aspx) generate pages containing external links, enabling cross-domain Referer leakage. This can allow...

5CVSS6.3AI score0.0264EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2011/05/20 10:0 p.m.43 views

CVE-2011-2157

CVE-2011-2157 affects SmarterTools SmarterStats 6.0 web server. The Admin/frmEmailReportSettings.aspx and Admin/frmGeneralSettings.aspx pages generate web pages that contain e-mail addresses, allowing remote attackers to read the default values of form fields and disclose potentially sensitive in...

5CVSS6.4AI score0.0264EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2011/05/20 10:0 p.m.47 views

CVE-2011-2153

CVE-2011-2153 affects SmarterTools SmarterStats 6.0 Web server. The vulnerability arises from Login.aspx accepting txtUser/txtPass in the query string, enabling context-dependent attackers to discover credentials by reading server access logs, Referer logs, or browser history (cross-domain Refere...

5CVSS6.7AI score0.02014EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2011/05/20 10:0 p.m.49 views

CVE-2011-2151

CVE-2011-2151 concerns SmarterTools SmarterStats 6.0 where several admin and login pages (Admin/frmEmailReportSettings.aspx, Admin/frmGeneralSettings.aspx, Admin/frmSite.aspx, Client/frmUser.aspx, Login.aspx) accept cleartext passwords. The root cause is transmission of credentials in cleartext o...

5CVSS6.3AI score0.02667EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2011/05/20 10:0 p.m.20 views

CVE-2011-2152

The SmarterTools SmarterStats 6.0 web server generates web pages containing external links in response to GET requests with query strings for 1 Client/frmViewReports.aspx or 2 UserControls/Popups/frmHelp.aspx, which makes it easier for remote attackers to obtain sensitive information by reading a...

6.1AI score0.0264EPSS
Exploits0References4
Cvelist
Cvelist
added 2011/05/20 10:0 p.m.17 views

CVE-2011-2157

The 1 Admin/frmEmailReportSettings.aspx and 2 Admin/frmGeneralSettings.aspx components in the SmarterTools SmarterStats 6.0 web server generate web pages containing e-mail addresses, which allows remote attackers to obtain potentially sensitive information by reading the default values of form...

6.2AI score0.0264EPSS
Exploits0References4
Cvelist
Cvelist
added 2011/05/20 10:0 p.m.26 views

CVE-2011-2154

login.aspx in the SmarterTools SmarterStats 6.0 web server does not include the HTTPOnly flag in a Set-Cookie header for the loginsettings cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie...

6.1AI score0.02667EPSS
Exploits0References5
0day.today
0day.today
added 2011/03/12 12:0 a.m.28 views

SmarterStats 6.0 Multiple Vulnerabilities

Exploit for asp platform in category web applications Vendor: SmarterTools Application: SmarterStats 6.0 Bugs: Directory Traversal, File Upload, OS Execution, XML Injection, SQL Injection, DoS Patch: The Vendor has released SmarterStats Version 6.2 at URI...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2011/03/11 12:0 a.m.33 views

SmarterStats 6.0 - Multiple Vulnerabilities

Hoyt LLC Research | SmarterStats 6.0, OS Command Execution, Directory Traversal, DoS, Coordinated Disclosure Author: Hoyt LLC Research | http://xss.cx | http://cloudscan.me Vendor: SmarterTools Application: SmarterStats 6.0 Bugs: Directory Traversal, File Upload, OS Execution, XML Injection, SQL...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2011/03/11 12:0 a.m.20 views

SmarterStats 6.0 - Multiple Vulnerabilities

SmarterStats 6.0 - Multiple Vulnerabilities Hoyt LLC Research | SmarterStats 6.0, OS Command Execution, Directory Traversal, DoS, Coordinated Disclosure Author: Hoyt LLC Research | http://xss.cx | http://cloudscan.me Vendor: SmarterTools Application: SmarterStats 6.0 Bugs: Directory Traversal, Fi...

0.6AI score
Exploits0
NVD
NVD
added 2010/09/16 10:0 p.m.19 views

CVE-2010-3425

Cross-site scripting XSS vulnerability in UserControls/Popups/frmHelp.aspx in SmarterStats 5.3, 5.3.3819, and possibly other 5.3 versions, allows remote attackers to inject arbitrary web script or HTML via the url parameter...

4.3CVSS5.8AI score0.01482EPSS
Exploits5References4
Prion
Prion
added 2010/09/16 10:0 p.m.12 views

Cross site scripting

Cross-site scripting XSS vulnerability in UserControls/Popups/frmHelp.aspx in SmarterStats 5.3, 5.3.3819, and possibly other 5.3 versions, allows remote attackers to inject arbitrary web script or HTML via the url parameter...

4.3CVSS6.3AI score0.01482EPSS
Exploits5References4Affected Software1
Cvelist
Cvelist
added 2010/09/16 9:0 p.m.33 views

CVE-2010-3425

Cross-site scripting XSS vulnerability in UserControls/Popups/frmHelp.aspx in SmarterStats 5.3, 5.3.3819, and possibly other 5.3 versions, allows remote attackers to inject arbitrary web script or HTML via the url parameter...

5.8AI score0.01482EPSS
Exploits5References4
CVE
CVE
added 2010/09/16 9:0 p.m.64 views

CVE-2010-3425

CVE-2010-3425 is a cross-site scripting vulnerability in SmarterStats 5.3 (including 5.3.3819) where an attacker can inject arbitrary script or HTML through the url parameter in UserControls/Popups/frmHelp.aspx. The NVD entry scores impact as CVSSv2: 4.3 (Medium) with network attack vector and us...

4.3CVSS5.9AI score0.01482EPSS
Exploits5References4Affected Software1
exploitpack
exploitpack
added 2010/09/09 12:0 a.m.17 views

SmarterTools SmarterStats 5.3.3819 - frmHelp.aspx Cross-Site Scripting

SmarterTools SmarterStats 5.3.3819 - frmHelp.aspx Cross-Site Scripting source: https://www.securityfocus.com/bid/43110/info SmarterTools SmarterStats is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to...

Exploits0
Exploit DB
Exploit DB
added 2010/09/09 12:0 a.m.13 views

SmarterTools SmarterStats 5.3.3819 - 'frmHelp.aspx' Cross-Site Scripting

source: https://www.securityfocus.com/bid/43110/info SmarterTools SmarterStats is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in...

7.4AI score
Exploits0
Rows per page
Query Builder