Open Web Analytics 1.5.4 - (owa_email_address param) - SQL Injection Vulnerability

No description provided by source...

Yoast Google Analytics for WordPress Plugin 3.2.4 404 Error Page Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/37209/info Yoast Google Analytics for WordPress Plugin is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary...

SpagoBI 4.0 - Persistent HTML Script Insertion

No description provided by source. 01. Advisory Information Title: Persistent HTML Script Insertion permits offsite-bound forms Date published: 2014-03-01 Date of last update: 2014-03-01 Vendors contacted: Engineering Group Discovered by: Christian Catalano Severity: Medium 02. Vulnerability...

Sonicwall Scrutinizer 9.5.2 - SQL Injection Vulnerability

No description provided by source. Title: ====== Sonicwall Scrutinizer v9.5.2 - SQL Injection Vulnerability Date: ===== 2013-02-13 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=789 9984: Investigate Vulnerability Lab issues this ticket included tracking the creation o...

Piwik Open Flash Chart Remote Code Execution Vulnerability

No description provided by source. Bugtraq ID: 37314 Class: Input Validation Error CVE: Remote: Yes Local: No Published: Dec 14 2009 12:00AM Updated: Dec 17 2009 06:03PM Credit: Braeden Thomas Vulnerable: Piwik Piwik 0.4.3 Piwik Piwik 0.4.2 Piwik Piwik 0.4.1 Piwik Piwik 0.4 Piwik Piwik 0.2.37 Piw...

Internet Explorer Developer Channel - Early Access to Next-Generation Features For Developers

In an effort to create more open and accessible atmosphere between the Internet Explorer team and the Web development community, Microsoft today announced the launch of The Developer Channel for Internet Explorer. Internet Explorer Developer Channel is a fully-functioning browser designed to...

CVE-2014-0935

Unspecified vulnerability in IBM Smart Analytics System 7700 before FP 2.1.3.0 and 7710 before FP 2.1.3.0 allows local users to gain privileges via vectors related to events...

Code injection

Unspecified vulnerability in IBM Smart Analytics System 7700 before FP 2.1.3.0 and 7710 before FP 2.1.3.0 allows local users to gain privileges via vectors related to events...

CVE-2014-0935

CVE-2014-0935 affects IBM Smart Analytics System 7700 (before FP 2.1.3.0) and 7710 (before FP 2.1.3.0). The vulnerability is described as an unspecified local privilege escalation via vectors related to events. The connected documentation provides affected versions but does not supply concrete ro...

CVE-2014-0935

Unspecified vulnerability in IBM Smart Analytics System 7700 before FP 2.1.3.0 and 7710 before FP 2.1.3.0 allows local users to gain privileges via vectors related to events...

X (Formerly Twitter): [mobile.twitter.com / twitter.com] CSRF protection bypass

I shall explain all the steps to create the final PoC in order to be more clear. Part 1. Cookie Injection via Google Analytics 1 Google Analytics sets the cookie to track user source: 123456.123456789.11.2.utmcsr=HOST|utmccn=referral|utmcmd=referral|utmcct=PATH For example:...

Open Web Analytics Detection

Binary data openwebanalyticsdetect.nbin...

Open Web Analytics < 1.5.6 Multiple Vulnerabilities

According to its banner, the version of Open Web Analytics installed on the remote host is prior to version 1.5.6. It is, therefore, affected by the following vulnerabilities : - A cross-site scripting flaw exists with the login page where input to the 'owauserid' parameter is not properly...

Open Web Analytics owa_email_address SQL Injection

The version of Open Web Analytics hosted on the remote web server fails to sanitize input to the 'owaemailaddress' parameter of the 'index.php' script before using it in a database query. An unauthenticated remote attacker can leverage this issue to manipulate database queries, resulting in the...

CVE-2014-0643

EMC RSA NetWitness before 9.8.5.19 and RSA Security Analytics before 10.2.4 and 10.3.x before 10.3.2, when Kerberos PAM is enabled, do not require a password, which allows remote attackers to bypass authentication by leveraging knowledge of a valid account name...

Authentication flaw

EMC RSA NetWitness before 9.8.5.19 and RSA Security Analytics before 10.2.4 and 10.3.x before 10.3.2, when Kerberos PAM is enabled, do not require a password, which allows remote attackers to bypass authentication by leveraging knowledge of a valid account name...

CVE-2014-0643

EMC RSA NetWitness before 9.8.5.19 and RSA Security Analytics before 10.2.4 and 10.3.x before 10.3.2, when Kerberos PAM is enabled, do not require a password, which allows remote attackers to bypass authentication by leveraging knowledge of a valid account name...

CVE-2014-0643

CVE-2014-0643 affects EMC RSA NetWitness (before 9.8.5.19) and RSA Security Analytics (before 10.2.4 and before 10.3.2) where Kerberos PAM is enabled. The vulnerability allows remote attackers to bypass authentication by using a valid account name without a password, due to an authentication bypa...

RSA NetWitness / RSA Security Analytics authentication bypass

Under some conditions, login with empty password is allowed...

ESA-2014-027: RSA® NetWitness and RSA® Security Analytics Authentication Bypass Vulnerability

ESA-2014-027.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-027: RSA® NetWitness and RSA® Security Analytics Authentication Bypass Vulnerability EMC Identifier: ESA-2014-027 CVE Identifier: CVE-2014-0643 Severity Rating: CVSS v2 Base Score: 7.6 AV:N/AC:H/Au:N/C:C/I:C/A:C Affected...