Lucene search
K

187 matches found

Github Security Blog
Github Security Blog
added 2022/03/19 12:1 a.m.37 views

Improper Privilege Management in Open Web Analytics

Open Web Analytics OWA before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files generated with '?php instead of the intended "?php sequence aren't handled by the PH...

9.8CVSS5.1AI score0.99134EPSS
Exploits14References6Affected Software1
NVD
NVD
added 2022/03/18 4:15 p.m.8 views

CVE-2022-24637

Open Web Analytics OWA before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files generated with '?php instead of the intended "?php sequence aren't handled by the PH...

9.8CVSS0.99134EPSS
Exploits14References4
OSV
OSV
added 2022/03/18 4:15 p.m.16 views

CVE-2022-24637

Open Web Analytics OWA before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files generated with '?php instead of the intended "?php sequence aren't handled by the PH...

9.8CVSS9.6AI score
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2022/03/18 4:15 p.m.7 views

CVE-2022-24637

Open Web Analytics OWA before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files generated with '...

9.8CVSS7.3AI score0.99134EPSS
Exploits14References7
Prion
Prion
added 2022/03/18 4:15 p.m.18 views

Design/Logic Flaw

Open Web Analytics OWA before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files generated with '?php instead of the intended "?php sequence aren't handled by the PH...

5CVSS9.5AI score0.99134EPSS
Exploits14References4Affected Software1
Cvelist
Cvelist
added 2022/03/18 12:0 a.m.16 views

CVE-2022-24637

Open Web Analytics OWA before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files generated with '?php instead of the intended "?php sequence aren't handled by the PH...

9.8AI score0.99134EPSS
Exploits14References4
Positive Technologies
Positive Technologies
added 2022/03/18 12:0 a.m.6 views

PT-2022-16769

Name of the Vulnerable Software and Affected Versions Open Web Analytics versions prior to 1.7.4 Description The issue allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files...

9.8CVSS9.6AI score0.99134EPSS
Exploits14References21
CNNVD
CNNVD
added 2022/03/18 12:0 a.m.2 views

Open Web Analytics Server 安全漏洞

Open Web Analytics Server is an open source alternative for commercial web analytics tools such as Google Analytics. A security vulnerability exists in Open Web Analytics version 1.7.4, which stems from the use of php-generated files instead of the expected php sequences that are not processed by...

9.8CVSS8.2AI score0.99134EPSS
Exploits14References8
CVE
CVE
added 2022/03/18 12:0 a.m.235 views

CVE-2022-24637

Open Web Analytics (OWA) 1.7.3 is vulnerable to unauthenticated remote code execution due to improper handling of PHP-generated cache files (files generated with '<?php instead of '

9.8CVSS9.4AI score0.99134EPSS
Exploits14References4Affected Software1
NVD
NVD
added 2021/10/20 11:16 a.m.21 views

CVE-2021-2474

Vulnerability in the Oracle Web Analytics product of Oracle E-Business Suite component: Admin. Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Web Analytics. Successful attack...

8.5CVSS0.01125EPSS
Exploits0References1
OSV
OSV
added 2021/10/20 11:16 a.m.4 views

CVE-2021-2474

Vulnerability in the Oracle Web Analytics product of Oracle E-Business Suite component: Admin. Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Web Analytics. Successful attack...

8.1CVSS5.8AI score0.01125EPSS
Exploits0References1
Prion
Prion
added 2021/10/20 11:16 a.m.13 views

Design/Logic Flaw

Vulnerability in the Oracle Web Analytics product of Oracle E-Business Suite component: Admin. Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Web Analytics. Successful attack...

8.5CVSS8AI score0.01125EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2021/10/20 10:49 a.m.8 views

CVE-2021-2474

Vulnerability in the Oracle Web Analytics product of Oracle E-Business Suite component: Admin. Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Web Analytics. Successful attack...

8.1CVSS6.9AI score0.01125EPSS
Exploits0References1
CVE
CVE
added 2021/10/20 10:49 a.m.49 views

CVE-2021-2474

CVE-2021-2474 affects Oracle E-Business Suite Web Analytics (Admin) with affected 12.1.1–12.1.3. The vulnerability allows a low-privileged, network-accessing attacker over HTTP to compromise data, enabling unauthorized creation, deletion or modification of Oracle Web Analytics data, or broader ac...

8.5CVSS7.6AI score0.01125EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/10/20 10:49 a.m.20 views

CVE-2021-2474

Vulnerability in the Oracle Web Analytics product of Oracle E-Business Suite component: Admin. Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Web Analytics. Successful attack...

8.1CVSS7.8AI score0.01125EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/10/19 12:0 a.m.3 views

Oracle E-Business Suite 安全漏洞

Oracle E-Business Suite E-Business Suite is a set of fully integrated global business management software from Oracle Oracle. The software provides customer relationship management, service management, financial management, and other functions. A security vulnerability exists in the Oracle Web...

8.5CVSS8.1AI score0.01125EPSS
Exploits0References2
Check Point Advisories
Check Point Advisories
added 2021/06/24 12:0 a.m.2 views

Open Web Analytics SQL Injection (CVE-2014-1206)

An SQL Injection vulnerability exists in Open Web Analytics. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

7.5CVSS5.3AI score0.02495EPSS
Exploits7
OpenVAS
OpenVAS
added 2020/09/02 12:0 a.m.18 views

Webtrekk Detection (HTTP)

HTTP based detection of Webtrekk. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.113749";...

7.4AI score
Exploits0References1
Hacker One
Hacker One
added 2018/11/30 8:5 p.m.51 views

Mail.ru: sql

SQL interface for web analytics was available at terrhq.ru subdomain...

2.1AI score
Exploits0
The Hacker News
The Hacker News
added 2018/11/08 11:13 a.m.969 views

StatCounter Analytics Code Hijacked to Steal Bitcoins from Cryptocurrency Users

Late last week an unknown hacker or a group of hackers successfully targeted a cryptocurrency exchange with an aim to steal Bitcoins by compromising the web analytics service it was using. ESET malware researcher Matthieu Faou this weekend spotted malicious JavaScript code on up to 700,000 websit...

0.2AI score
Exploits0
Rows per page
Query Builder