98 matches found
CVE-2011-2148
Admin/frmSite.aspx in the SmarterTools SmarterStats 6.0 web server allows remote attackers to execute arbitrary commands via vectors involving a leading and trailing & ampersand character, and 1 an STTTState cookie, 2 the ctl00%24MPH%24txtAdminNewPasswordSettingText parameter, 3 the...
CVE-2011-2155
The CVE-2011-2155 entry concerns SmarterTools SmarterStats 6.0. The vulnerability arises in Login.aspx where a password form field (ctl00$MPH$txtPassword) is generated with autocomplete enabled, which can enable an attacker to bypass authentication when a workstation is left unattended. According...
CVE-2011-2152
The CVE-2011-2152 entry concerns SmarterTools SmarterStats 6.0 web server behavior: responses to GET requests with certain query strings (Client/frmViewReports.aspx or UserControls/Popups/frmHelp.aspx) generate pages containing external links, enabling cross-domain Referer leakage. This can allow...
CVE-2011-2157
CVE-2011-2157 affects SmarterTools SmarterStats 6.0 web server. The Admin/frmEmailReportSettings.aspx and Admin/frmGeneralSettings.aspx pages generate web pages that contain e-mail addresses, allowing remote attackers to read the default values of form fields and disclose potentially sensitive in...
CVE-2011-2153
CVE-2011-2153 affects SmarterTools SmarterStats 6.0 Web server. The vulnerability arises from Login.aspx accepting txtUser/txtPass in the query string, enabling context-dependent attackers to discover credentials by reading server access logs, Referer logs, or browser history (cross-domain Refere...
CVE-2011-2151
CVE-2011-2151 concerns SmarterTools SmarterStats 6.0 where several admin and login pages (Admin/frmEmailReportSettings.aspx, Admin/frmGeneralSettings.aspx, Admin/frmSite.aspx, Client/frmUser.aspx, Login.aspx) accept cleartext passwords. The root cause is transmission of credentials in cleartext o...
CVE-2011-2152
The SmarterTools SmarterStats 6.0 web server generates web pages containing external links in response to GET requests with query strings for 1 Client/frmViewReports.aspx or 2 UserControls/Popups/frmHelp.aspx, which makes it easier for remote attackers to obtain sensitive information by reading a...
CVE-2011-2157
The 1 Admin/frmEmailReportSettings.aspx and 2 Admin/frmGeneralSettings.aspx components in the SmarterTools SmarterStats 6.0 web server generate web pages containing e-mail addresses, which allows remote attackers to obtain potentially sensitive information by reading the default values of form...
CVE-2011-2154
login.aspx in the SmarterTools SmarterStats 6.0 web server does not include the HTTPOnly flag in a Set-Cookie header for the loginsettings cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie...
SmarterStats 6.0 Multiple Vulnerabilities
Exploit for asp platform in category web applications Vendor: SmarterTools Application: SmarterStats 6.0 Bugs: Directory Traversal, File Upload, OS Execution, XML Injection, SQL Injection, DoS Patch: The Vendor has released SmarterStats Version 6.2 at URI...
SmarterStats 6.0 - Multiple Vulnerabilities
Hoyt LLC Research | SmarterStats 6.0, OS Command Execution, Directory Traversal, DoS, Coordinated Disclosure Author: Hoyt LLC Research | http://xss.cx | http://cloudscan.me Vendor: SmarterTools Application: SmarterStats 6.0 Bugs: Directory Traversal, File Upload, OS Execution, XML Injection, SQL...
SmarterStats 6.0 - Multiple Vulnerabilities
SmarterStats 6.0 - Multiple Vulnerabilities Hoyt LLC Research | SmarterStats 6.0, OS Command Execution, Directory Traversal, DoS, Coordinated Disclosure Author: Hoyt LLC Research | http://xss.cx | http://cloudscan.me Vendor: SmarterTools Application: SmarterStats 6.0 Bugs: Directory Traversal, Fi...
CVE-2010-3425
Cross-site scripting XSS vulnerability in UserControls/Popups/frmHelp.aspx in SmarterStats 5.3, 5.3.3819, and possibly other 5.3 versions, allows remote attackers to inject arbitrary web script or HTML via the url parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in UserControls/Popups/frmHelp.aspx in SmarterStats 5.3, 5.3.3819, and possibly other 5.3 versions, allows remote attackers to inject arbitrary web script or HTML via the url parameter...
CVE-2010-3425
Cross-site scripting XSS vulnerability in UserControls/Popups/frmHelp.aspx in SmarterStats 5.3, 5.3.3819, and possibly other 5.3 versions, allows remote attackers to inject arbitrary web script or HTML via the url parameter...
CVE-2010-3425
CVE-2010-3425 is a cross-site scripting vulnerability in SmarterStats 5.3 (including 5.3.3819) where an attacker can inject arbitrary script or HTML through the url parameter in UserControls/Popups/frmHelp.aspx. The NVD entry scores impact as CVSSv2: 4.3 (Medium) with network attack vector and us...
SmarterTools SmarterStats 5.3.3819 - frmHelp.aspx Cross-Site Scripting
SmarterTools SmarterStats 5.3.3819 - frmHelp.aspx Cross-Site Scripting source: https://www.securityfocus.com/bid/43110/info SmarterTools SmarterStats is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to...
SmarterTools SmarterStats 5.3.3819 - 'frmHelp.aspx' Cross-Site Scripting
source: https://www.securityfocus.com/bid/43110/info SmarterTools SmarterStats is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in...