ManageEngine Firewall Analyzer 8.0 - Directory Traversal / Cross-Site Scripting

...:::::ManageEngine Firewall Analyzer Directory Traversal/XSS Vulnerabilities::::.... Sobhan System Network & Security Group sobhansys ------------------------------------------------------- Date: 2015-01-28 Exploit Author: AmirHadi Yazdani Sobhansys Co Vendor Homepage:...

CVE-2014-8917

Multiple cross-site scripting XSS vulnerabilities in 1 dojox/form/resources/uploader.swf aka upload.swf, 2 dojox/form/resources/fileuploader.swf aka fileupload.swf, 3 dojox/av/resources/audio.swf, and 4 dojox/av/resources/video.swf in the IBM Dojo Toolkit, as used in IBM Social Media Analytics 1....

IBM API Management Information Disclosure Vulnerability (CNVD-2015-00567)

IBM API Management is IBM's complete solution to help organizations securely create, manage and connect application program interfaces APIs to extend their products and services to a variety of mobile channels. An information disclosure vulnerability exists in IF1, version 3.0 prior to IBM API...

Unspecified Vulnerability in Oracle Business Intelligence Enterprise Edition

Oracle Business Intelligence Enterprise Edition is a business intelligence suite enterprise edition. A security vulnerability exists in Oracle Business Intelligence Enterprise Edition Analytics Web General, which could be exploited by remote attackers to compromise system confidentiality...

CVE-2015-0399

Unspecified vulnerability in the Oracle Business Intelligence Enterprise Edition component in Oracle Fusion Middleware 10.1.3.4.2 and 11.1.1.7 allows remote authenticated users to affect confidentiality via unknown vectors related to Analytics Web General...

Design/Logic Flaw

Unspecified vulnerability in the Oracle Business Intelligence Enterprise Edition component in Oracle Fusion Middleware 10.1.3.4.2 and 11.1.1.7 allows remote authenticated users to affect confidentiality via unknown vectors related to Analytics Web General...

CVE-2015-0399

Unspecified vulnerability in the Oracle Business Intelligence Enterprise Edition component in Oracle Fusion Middleware 10.1.3.4.2 and 11.1.1.7 allows remote authenticated users to affect confidentiality via unknown vectors related to Analytics Web General...

CVE-2015-0399

Unspecified vulnerability in the Oracle Business Intelligence Enterprise Edition component in Oracle Fusion Middleware 10.1.3.4.2 and 11.1.1.7 allows remote authenticated users to affect confidentiality via unknown vectors related to Analytics Web General...

Code injection

IBM API Management 3.0 before 3.0.4.0 IF1 allows remote attackers to obtain sensitive analytics information in an encrypted form via unspecified vectors...

CVE-2014-6172

IBM API Management 3.0 before 3.0.4.0 IF1 allows remote attackers to obtain sensitive analytics information in an encrypted form via unspecified vectors...

SA-CONTRIB-2014-120 - Piwik Web Analytics - Information disclosure

This module enables you to integrate Drupal with Piwik Web Analytics. The module leaks the site specific hash salt to authenticated users when user-id tracking is turned on. This vulnerability is mitigated by the fact that user-id tracking must be turned on and the attacker needs to have an accou...

SA-CONTRIB-2014-119 - Google Analytics - Information disclosure

This module enables you to integrate Drupal with Google Analytics. The module leaks the site specific hash salt to authenticated users when user-id tracking is turned on. This vulnerability is mitigated by the fact that user-id tracking must be turned on and the attacker needs to have an account ...

CVE-2014-8730

CVE-2014-8730 is listed in Brocade ASCG advisories as addressed by security updates; the connected document shows this CVE mapped to general remote services and notes fixes are provided via ASCG updates (e.g., 3.3.0/3.3.0a). The initial description describes a POODLE-style padding issue in SSL/TL...

Avoiding Data Breaches: Context Aware Behavioral Analytics

RESTON, VA – Security, it turns out, is all about layers, where if one layer fails, there are secondary and tertiary and a long line of backup defenses. This is neither new nor revolutionary. It’s why castles had moats, drawbridges and parapets; it’s also why prisons have cells, walls and gates...

CVE-2014-9174

Cross-site scripting XSS vulnerability in the Google Analytics by Yoast google-analytics-for-wordpress plugin before 5.1.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the "Manually enter your UA code" manualuacodefield field in the General Settings...

Cross site scripting

Cross-site scripting XSS vulnerability in the Google Analytics by Yoast google-analytics-for-wordpress plugin before 5.1.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the "Manually enter your UA code" manualuacodefield field in the General Settings...

CVE-2014-9174

Cross-site scripting XSS vulnerability in the Google Analytics by Yoast google-analytics-for-wordpress plugin before 5.1.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the "Manually enter your UA code" manualuacodefield field in the General Settings...

CVE-2014-9174

The CVE-2014-9174 entry corresponds to a Cross-site scripting (XSS) vulnerability in the WordPress plugin Google Analytics by Yoast (google-analytics-for-wordpress) prior to version 5.1.3. The issue arises from unsafely handling the value entered in the General Settings field “Manually enter your...

WordPress Google Analytics Plugin <= 5.1.2 - XSS

Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "Manually enter your UA code" field in the General Settings. Solution Update the plugin...

Open Web Analytics 1.5.6 PHP Object Injection Vulnerability

Exploit for php platform in category web applications Open Web Analytics setSetting'base', 'isremoteeventqueue', true; $owa-e-debug$POST; $rawevent = owacoreAPI::getRequestParam'event'; if $rawevent $dispatch = owacoreAPI::getEventDispatch; $event = unserialize base64decode $rawevent ;...