187 matches found
StatCounter Analytics Code Hijacked to Steal Bitcoins from Cryptocurrency Users
Late last week an unknown hacker or a group of hackers successfully targeted a cryptocurrency exchange with an aim to steal Bitcoins by compromising the web analytics service it was using. ESET malware researcher Matthieu Faou this weekend spotted malicious JavaScript code on up to 700,000 websit...
Security Bulletin: IBM Tealeaf Customer Experience (CX) is affected by a vulnerability in OpenSSL (CVE-2014-0160)
Summary A security vulnerability has been discovered in OpenSSL. Vulnerability Details CVE-ID: CVE-2014-0160 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the TLS/DTLS heartbeat functionality. An attacker could exploit this vulnerability...
Open Web Analytics < 1.5.7 PHP Object Injection Vulnerability
Open Web Analytics is prone to a PHP object injection vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2014-2294
Open Web Analytics OWA before 1.5.7 allows remote attackers to conduct PHP object injection attacks via a crafted serialized object in the owaevent parameter to queue.php...
CVE-2014-2294
Open Web Analytics OWA before 1.5.7 allows remote attackers to conduct PHP object injection attacks via a crafted serialized object in the owaevent parameter to queue.php...
CVE-2014-2294
Open Web Analytics (OWA) before 1.5.7 is vulnerable to PHP object injection via the owa_event parameter to queue.php. The root cause is unsafe unserialize() of a crafted serialized object (after decoding base64) in queue.php, enabling remote attackers to manipulate configuration or achieve arbitr...
Open Web Analytics Heap Buffer Overflow Vulnerability
Open Web Analytics OWA is a PHP and MySQL based open source web traffic statistics software from the Open Web Analytics team. The software can be used to track and analyze the websites and applications visited by users, and can be used with WordPress, MediaWiki integration. Open Web Analytics OWA...
CVE-2014-1457
Open Web Analytics OWA before 1.5.6 improperly generates random nonce values, which makes it easier for remote attackers to bypass a CSRF protection mechanism by leveraging knowledge of an OWA user name...
Cross site request forgery (csrf)
Open Web Analytics OWA before 1.5.6 improperly generates random nonce values, which makes it easier for remote attackers to bypass a CSRF protection mechanism by leveraging knowledge of an OWA user name...
CVE-2014-1457
Open Web Analytics OWA before 1.5.6 improperly generates random nonce values, which makes it easier for remote attackers to bypass a CSRF protection mechanism by leveraging knowledge of an OWA user name...
CVE-2014-1457
Open Web Analytics (OWA) before 1.5.6 is affected by CVE-2014-1457: it generates nonces for CSRF protection in a way that can be bypassed by knowledge of an OWA user name. Affects the OWA component responsible for CSRF defense; root cause is nonce generation not sufficiently random. Impact is par...
Gone Phishing For The Holidays
Written by Or Katz and Amiram Cohen Overview: While our team, Akamai's Enterprise Threat Protector Security Research Team, monitored internet traffic throughout the 2017 holiday season, we spotted a wide-spread phishing campaign targeting users through an advertising tactic. During the six week...
Oracle Web Analytics Unauthorized Operation Vulnerability
Oracle E-Business Suite E-Business Suite is Oracle's fully integrated suite of global business management software. web analytics is one of the components used to measure, collect, and analyze data on the Web. A security vulnerability exists in the Common Libraries subcomponent of the Web Analyti...
CVE-2017-10191
Vulnerability in the Oracle Web Analytics component of Oracle E-Business Suite subcomponent: Common Libraries. Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access v...
CVE-2017-10191
Vulnerability in the Oracle Web Analytics component of Oracle E-Business Suite subcomponent: Common Libraries. Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access v...
Code injection
Vulnerability in the Oracle Web Analytics component of Oracle E-Business Suite subcomponent: Common Libraries. Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access v...
CVE-2017-10191
CVE-2017-10191 describes a vulnerability in Oracle E-Business Suite’s Web Analytics (Common Libraries). Affected versions: 12.1.1, 12.1.2, 12.1.3, 12.2.3–12.2.6. The flaw allows an unauthenticated attacker with network access via HTTP to compromise Oracle Web Analytics, with human interaction req...
CVE-2017-10191
Vulnerability in the Oracle Web Analytics component of Oracle E-Business Suite subcomponent: Common Libraries. Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access v...
Multiple F5 BIG-IP Products Privilege Enhancement Vulnerability
F5 BIG-IP Analytics and others are products of F5 Corporation in the U.S. F5 BIG-IP Analytics is a suite of Web application performance analytics software. the APM is a suite of solutions that provide secure and unified access to business-critical applications and networks. and the LTM is a local...
Adobe Patches 13 Code Execution Vulnerabilities in Flash
Adobe patched 13 code execution vulnerabilities in Flash Player today as part of its regular patch update cycle. All of the flaws were rated the highest severity for Windows, macOS and Chrome. Adobe said that Flash version 24.0.0.194 and earlier are vulnerable and that users should update...