Lucene search
K

187 matches found

The Hacker News
The Hacker News
added 2018/11/08 11:13 a.m.1 views

StatCounter Analytics Code Hijacked to Steal Bitcoins from Cryptocurrency Users

Late last week an unknown hacker or a group of hackers successfully targeted a cryptocurrency exchange with an aim to steal Bitcoins by compromising the web analytics service it was using. ESET malware researcher Matthieu Faou this weekend spotted malicious JavaScript code on up to 700,000 websit...

7.2AI score
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/16 7:36 p.m.51 views

Security Bulletin: IBM Tealeaf Customer Experience (CX) is affected by a vulnerability in OpenSSL (CVE-2014-0160)

Summary A security vulnerability has been discovered in OpenSSL. Vulnerability Details CVE-ID: CVE-2014-0160 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the TLS/DTLS heartbeat functionality. An attacker could exploit this vulnerability...

7.5CVSS0.8AI score0.99999EPSS
Exploits87Affected Software1
OpenVAS
OpenVAS
added 2018/04/26 12:0 a.m.18 views

Open Web Analytics < 1.5.7 PHP Object Injection Vulnerability

Open Web Analytics is prone to a PHP object injection vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

9.8CVSS9.6AI score0.02808EPSS
Exploits2References5
NVD
NVD
added 2018/04/17 7:29 p.m.15 views

CVE-2014-2294

Open Web Analytics OWA before 1.5.7 allows remote attackers to conduct PHP object injection attacks via a crafted serialized object in the owaevent parameter to queue.php...

9.8CVSS9.4AI score0.02808EPSS
Exploits2References5
Cvelist
Cvelist
added 2018/04/17 7:0 p.m.25 views

CVE-2014-2294

Open Web Analytics OWA before 1.5.7 allows remote attackers to conduct PHP object injection attacks via a crafted serialized object in the owaevent parameter to queue.php...

9.5AI score0.02808EPSS
Exploits2References5
CVE
CVE
added 2018/04/17 7:0 p.m.48 views

CVE-2014-2294

Open Web Analytics (OWA) before 1.5.7 is vulnerable to PHP object injection via the owa_event parameter to queue.php. The root cause is unsafe unserialize() of a crafted serialized object (after decoding base64) in queue.php, enabling remote attackers to manipulate configuration or achieve arbitr...

9.8CVSS9.3AI score0.02808EPSS
Exploits2References5Affected Software1
CNVD
CNVD
added 2018/04/12 12:0 a.m.4 views

Open Web Analytics Heap Buffer Overflow Vulnerability

Open Web Analytics OWA is a PHP and MySQL based open source web traffic statistics software from the Open Web Analytics team. The software can be used to track and analyze the websites and applications visited by users, and can be used with WordPress, MediaWiki integration. Open Web Analytics OWA...

8.8CVSS7.7AI score0.01828EPSS
Exploits0References1
NVD
NVD
added 2018/03/20 9:29 p.m.17 views

CVE-2014-1457

Open Web Analytics OWA before 1.5.6 improperly generates random nonce values, which makes it easier for remote attackers to bypass a CSRF protection mechanism by leveraging knowledge of an OWA user name...

8.8CVSS8.8AI score0.01171EPSS
Exploits1References4
Prion
Prion
added 2018/03/20 9:29 p.m.13 views

Cross site request forgery (csrf)

Open Web Analytics OWA before 1.5.6 improperly generates random nonce values, which makes it easier for remote attackers to bypass a CSRF protection mechanism by leveraging knowledge of an OWA user name...

6.8CVSS7.3AI score0.01171EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2018/03/20 9:0 p.m.18 views

CVE-2014-1457

Open Web Analytics OWA before 1.5.6 improperly generates random nonce values, which makes it easier for remote attackers to bypass a CSRF protection mechanism by leveraging knowledge of an OWA user name...

8.8AI score0.01171EPSS
Exploits1References4
CVE
CVE
added 2018/03/20 9:0 p.m.40 views

CVE-2014-1457

Open Web Analytics (OWA) before 1.5.6 is affected by CVE-2014-1457: it generates nonces for CSRF protection in a way that can be bypassed by knowledge of an OWA user name. Affects the OWA component responsible for CSRF defense; root cause is nonce generation not sufficiently random. Impact is par...

8.8CVSS8.6AI score0.01171EPSS
Exploits1References4Affected Software1
Akamai Blog
Akamai Blog
added 2018/01/19 6:33 a.m.22 views

Gone Phishing For The Holidays

Written by Or Katz and Amiram Cohen Overview: While our team, Akamai's Enterprise Threat Protector Security Research Team, monitored internet traffic throughout the 2017 holiday season, we spotted a wide-spread phishing campaign targeting users through an advertising tactic. During the six week...

6.5AI score
Exploits0
CNVD
CNVD
added 2017/08/10 12:0 a.m.0 views

Oracle Web Analytics Unauthorized Operation Vulnerability

Oracle E-Business Suite E-Business Suite is Oracle's fully integrated suite of global business management software. web analytics is one of the components used to measure, collect, and analyze data on the Web. A security vulnerability exists in the Common Libraries subcomponent of the Web Analyti...

8.2CVSS8.3AI score0.01889EPSS
Exploits0References1
NVD
NVD
added 2017/08/08 3:29 p.m.14 views

CVE-2017-10191

Vulnerability in the Oracle Web Analytics component of Oracle E-Business Suite subcomponent: Common Libraries. Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access v...

8.2CVSS7.6AI score0.01889EPSS
Exploits0References3
OSV
OSV
added 2017/08/08 3:29 p.m.2 views

CVE-2017-10191

Vulnerability in the Oracle Web Analytics component of Oracle E-Business Suite subcomponent: Common Libraries. Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access v...

8.2CVSS7.3AI score0.01889EPSS
Exploits0References3
Prion
Prion
added 2017/08/08 3:29 p.m.10 views

Code injection

Vulnerability in the Oracle Web Analytics component of Oracle E-Business Suite subcomponent: Common Libraries. Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access v...

5.8CVSS7.5AI score0.01889EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2017/08/08 3:0 p.m.44 views

CVE-2017-10191

CVE-2017-10191 describes a vulnerability in Oracle E-Business Suite’s Web Analytics (Common Libraries). Affected versions: 12.1.1, 12.1.2, 12.1.3, 12.2.3–12.2.6. The flaw allows an unauthenticated attacker with network access via HTTP to compromise Oracle Web Analytics, with human interaction req...

8.2CVSS8.2AI score0.01889EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2017/08/08 3:0 p.m.17 views

CVE-2017-10191

Vulnerability in the Oracle Web Analytics component of Oracle E-Business Suite subcomponent: Common Libraries. Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access v...

8.3AI score0.01889EPSS
Exploits0References3
CNVD
CNVD
added 2017/03/02 12:0 a.m.4 views

Multiple F5 BIG-IP Products Privilege Enhancement Vulnerability

F5 BIG-IP Analytics and others are products of F5 Corporation in the U.S. F5 BIG-IP Analytics is a suite of Web application performance analytics software. the APM is a suite of solutions that provide secure and unified access to business-critical applications and networks. and the LTM is a local...

7.5CVSS7AI score0.01041EPSS
Exploits0References1
ThreatPost
ThreatPost
added 2017/02/14 11:38 a.m.25 views

Adobe Patches 13 Code Execution Vulnerabilities in Flash

Adobe patched 13 code execution vulnerabilities in Flash Player today as part of its regular patch update cycle. All of the flaws were rated the highest severity for Windows, macOS and Chrome. Adobe said that Flash version 24.0.0.194 and earlier are vulnerable and that users should update...

10CVSS0.4AI score0.09307EPSS
Exploits0References4
Rows per page
Query Builder