CVE-2013-7408

Summary of CVE-2013-7408 (F5 BIG-IP Analytics): 11.x before 11.4.0 uses a predictable analytics session cookie, allowing remote attackers to guess the cookie value with unspecified impact. The vulnerability affects BIG-IP Analytics across multiple sources, with evidence in Red Hat and F5 advisory...

F5 Networks BIG-IP : iControl vulnerability (K15220)

The iControl API in F5 BIG-IP LTM, APM, ASM, GTM, Link Controller, and PSM 11.0.0 through 11.5.1, BIG-IP AAM 11.4.0 through 11.5.1, BIG-IP AFM and PEM 11.3.0 through 11.5.1, BIG-IP Analytics 11.0.0 through 11.5.1, BIG-IP Edge Gateway, WebAccelerator, WOM 11.0.0 through 11.3.0, Enterprise Manager...

Woopra - Remote Code Execution

The Woopra Analytics Plugin WordPress plugin was affected by a Remote Code Execution security vulnerability...

CVE-2014-2928

CVE-2014-2928 (F5 iControl remote command execution) affects F5 BIG-IP products that expose the iControl API (LTM, APM, ASM, GTM, Link Controller, PSM, AAM, AFM, PEM, Analytics, Edge Gateway, WebAccelerator, WOM, Enterprise Manager, BIG-IQ variants). The vulnerability arises from insufficient val...

CVE-2013-5374: IBM PureData System for Analytics file manipulation

IBM’s advisory confirms CVE-2013-5374 affects all Netezza Performance Server versions before 7.1.0.1 in the IBM PureData System for Analytics. The issue allows reading and modifying local files via unknown vectors, with exploitation requiring authentication and specific permissions. Impact includ...

CVE-2012-3000

Summary: CVE-2012-3000 is an SQL injection vulnerability affecting multiple BIG-IP components (APM WebGUI, AVR WebGUI, and related WebGUIs) on BIG-IP LTM, GTM, ASM, Link Controller, PSM, Edge Gateway, Analytics, WebAccelerator, and WOM up to 11.2.x with specific HF3 fixes. Affected path/trigger: ...

CVE-2013-6016

The Traffic Management Microkernel TMM in F5 BIG-IP LTM, APM, ASM, Edge Gateway, GTM, Link Controller, and WOM 10.0.0 through 10.2.2 and 11.0.0; Analytics 11.0.0; PSM 9.4.0 through 9.4.8, 10.0.0 through 10.2.4, and 11.0.0 through 11.4.1; and WebAccelerator 9.4.0 through 9.4.8, 10.0.0 through...

Cisco Video Surveillance 4000 Series IP Camera Default Credential Vulnerability

A vulnerability in the analytics page of the Cisco Video Surveillance 4000 Series IP Camera could allow an unauthenticated, remote attacker to gain access to the analytics pages of a Cisco Video Surveillance 4000 Series IP Camera. The vulnerability is due to an undocumented user account with a...

Amazon 1Button App for Chrome, Firefox Leaks Private Data

Amazon 1Button, a browser add-on that provides users with easy access to the Amazon online marketplace, is leaking private information like a sieve, according to a security researcher. Krzysztof Kotowicz, a researcher specializing in Web security, said the app reports every URL to visit to...

SOL14334 - BIG-IP Analytics generates predictable session cookies

Recommended action To mitigate this vulnerability, you can use an iRule to encrypt the BIG-IP Analytics session cookie sent to the client. To do so, perform the following procedure: Impact of procedure: Performing the following procedure should not have a negative impact on your system. 1. Log in...

SA-CONTRIB-2012-167 - Mixpanel - Cross site scripting (XSS)

This module provides integration with the Mixpanel real-time analytics service. The module doesn't sufficiently escape the Mixpanel token when adding the tracking Javascript to the page. This vulnerability is mitigated by the fact that an attacker must have a role with the permission "access...

Backdoor in Piwik analytics software

A backdoor has been added to the web server analytics Piwik which allows attackers to take control of a system. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Google Enable SSL-based searches, Will impact Google Analytic !

Google Enable SSL-based searches, Will impact Google Analytic ! According to a blog post by Google, the company is taking steps towards making search more secure for its users. Users will be redirected to https:// instead of https:// when going to do a Google search. By forcing SSL on...

CVE-2011-3133

The CVE affects TIBCO Spotfire Server 3.0.x before 3.0.2, 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.1, and Spotfire Analytics Server before 10.1.1. It is a session-fixation vulnerability that allows remote attackers to hijack web sessions via unspecified vectors. Remediation pe...

This Week In Security: Privacy, RedPhone and Adobe

In case you needed any reminders that privacy is one of the more pressing problems on the Web right now, this week’s news provided plenty of them. Along with stories of Facebook’s continued privacy missteps, this week gave us the gift of Google letting users install some Google code to opt out of...

SQL 2005 English x64

...