187 matches found
Improper Privilege Management in Open Web Analytics
Open Web Analytics OWA before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files generated with '?php instead of the intended "?php sequence aren't handled by the PH...
CVE-2022-24637
Open Web Analytics OWA before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files generated with '?php instead of the intended "?php sequence aren't handled by the PH...
CVE-2022-24637
Open Web Analytics OWA before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files generated with '?php instead of the intended "?php sequence aren't handled by the PH...
CVE-2022-24637
Open Web Analytics OWA before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files generated with '...
Design/Logic Flaw
Open Web Analytics OWA before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files generated with '?php instead of the intended "?php sequence aren't handled by the PH...
CVE-2022-24637
Open Web Analytics OWA before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files generated with '?php instead of the intended "?php sequence aren't handled by the PH...
PT-2022-16769
Name of the Vulnerable Software and Affected Versions Open Web Analytics versions prior to 1.7.4 Description The issue allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files...
Open Web Analytics Server 安全漏洞
Open Web Analytics Server is an open source alternative for commercial web analytics tools such as Google Analytics. A security vulnerability exists in Open Web Analytics version 1.7.4, which stems from the use of php-generated files instead of the expected php sequences that are not processed by...
CVE-2022-24637
Open Web Analytics (OWA) 1.7.3 is vulnerable to unauthenticated remote code execution due to improper handling of PHP-generated cache files (files generated with '<?php instead of '
CVE-2021-2474
Vulnerability in the Oracle Web Analytics product of Oracle E-Business Suite component: Admin. Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Web Analytics. Successful attack...
CVE-2021-2474
Vulnerability in the Oracle Web Analytics product of Oracle E-Business Suite component: Admin. Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Web Analytics. Successful attack...
Design/Logic Flaw
Vulnerability in the Oracle Web Analytics product of Oracle E-Business Suite component: Admin. Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Web Analytics. Successful attack...
CVE-2021-2474
Vulnerability in the Oracle Web Analytics product of Oracle E-Business Suite component: Admin. Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Web Analytics. Successful attack...
CVE-2021-2474
CVE-2021-2474 affects Oracle E-Business Suite Web Analytics (Admin) with affected 12.1.1–12.1.3. The vulnerability allows a low-privileged, network-accessing attacker over HTTP to compromise data, enabling unauthorized creation, deletion or modification of Oracle Web Analytics data, or broader ac...
CVE-2021-2474
Vulnerability in the Oracle Web Analytics product of Oracle E-Business Suite component: Admin. Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Web Analytics. Successful attack...
Oracle E-Business Suite 安全漏洞
Oracle E-Business Suite E-Business Suite is a set of fully integrated global business management software from Oracle Oracle. The software provides customer relationship management, service management, financial management, and other functions. A security vulnerability exists in the Oracle Web...
Open Web Analytics SQL Injection (CVE-2014-1206)
An SQL Injection vulnerability exists in Open Web Analytics. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
Webtrekk Detection (HTTP)
HTTP based detection of Webtrekk. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.113749";...
Mail.ru: sql
SQL interface for web analytics was available at terrhq.ru subdomain...
StatCounter Analytics Code Hijacked to Steal Bitcoins from Cryptocurrency Users
Late last week an unknown hacker or a group of hackers successfully targeted a cryptocurrency exchange with an aim to steal Bitcoins by compromising the web analytics service it was using. ESET malware researcher Matthieu Faou this weekend spotted malicious JavaScript code on up to 700,000 websit...