7656 matches found
CVE-2014-2928
CVE-2014-2928 (F5 iControl remote command execution) affects F5 BIG-IP products that expose the iControl API (LTM, APM, ASM, GTM, Link Controller, PSM, AAM, AFM, PEM, Analytics, Edge Gateway, WebAccelerator, WOM, Enterprise Manager, BIG-IQ variants). The vulnerability arises from insufficient val...
Skybox 6.x Authentication Bypass / Information Disclosure
Exploit Title: SKYBOX Security – Multiple Information Disclosure Date: 22-Jan-2014 Exploit Author: Luigi Vezzoso Vendor Homepage: http://www.skyboxsecurity.com Version: Skybox View Appliances with ISO versions: 6.3.33-2.14, 6.3.31-2.14, 6.4.42-2.54, 6.4.45-2.56, 6.4.46-2.57 Tested on: Centos 6.4...
Skybox Security 6.3.x - 6.4.x - Multiple Information Disclosure
Exploit for hardware platform in category web applications Exploit Title: SKYBOX Security – Multiple Information Disclosure Date: 22-Jan-2014 Exploit Author: Luigi Vezzoso Vendor Homepage: http://www.skyboxsecurity.com Version: Skybox View Appliances with ISO versions: 6.3.33-2.14, 6.3.31-2.14,...
Open Web Analytics Password Reset Page owa_email_address Parameter SQL Injection
SQL injection vulnerability in the password reset page in Open Web Analytics OWA before 1.5.5 allows remote attackers to execute arbitrary SQL commands via the owaemailaddress parameter in a base.passwordResetRequest action to index.php. Vulnerability Type: SQL Injection For the exploit source co...
[SWRX-2014-001] Open Web Analytics Pre-Auth SQL Injection
Dell SecureWorks Security Advisory SWRX-2014-001 Open Web Analytics Pre-Auth SQL Injection Advisory Information Title: Open Web Analytics Pre-Auth SQL Injection Advisory ID: SWRX-2014-001 Advisory URL: http://www.secureworks.com/cyber-threat-intelligence/advisories/SWRX-2014-001/ Date published:...
Oracle Identity Analytics Detection
Binary data oracleidentityanalyticsdetect.nbin...
Oracle Identity Analytics / Sun Role Manager Unspecified Remote Vulnerability (April 2014 CPU)
The remote Oracle Identity Analytics formerly known as Sun Role Manager install is affected by an unspecified vulnerability that can be exploited by remote, authenticated attackers. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if...
CVE-2013-6738
Cross-site scripting XSS vulnerability in IBM SmartCloud Analytics Log Analysis 1.1 and 1.2 before 1.2.0.0-CSI-SCALA-IF0003 allows remote attackers to inject arbitrary web script or HTML via an invalid query parameter in a response from an OAuth authorization endpoint...
Cross site scripting
Cross-site scripting XSS vulnerability in IBM SmartCloud Analytics Log Analysis 1.1 and 1.2 before 1.2.0.0-CSI-SCALA-IF0003 allows remote attackers to inject arbitrary web script or HTML via an invalid query parameter in a response from an OAuth authorization endpoint...
CVE-2013-6738
Cross-site scripting XSS vulnerability in IBM SmartCloud Analytics Log Analysis 1.1 and 1.2 before 1.2.0.0-CSI-SCALA-IF0003 allows remote attackers to inject arbitrary web script or HTML via an invalid query parameter in a response from an OAuth authorization endpoint...
CVE-2013-6738
CVE-2013-6738 is an XSS vulnerability in IBM SmartCloud Analytics Log Analysis (OAuth endpoint) and in IBM WebSphere Application Server OAuth functionality. The initial entry states that IBM SmartCloud Analytics Log Analysis 1.1 and 1.2 prior to 1.2.0.0-CSI-SCALA-IF0003 can be exploited to inject...
CVE-2014-2411
Unspecified vulnerability in the Oracle Identity Analytics component in Oracle Fusion Middleware Oracle Identity Analytics 11.1.1.5 and Sun Role Manager 5.0 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Security...
Design/Logic Flaw
Unspecified vulnerability in the Oracle Identity Analytics component in Oracle Fusion Middleware Oracle Identity Analytics 11.1.1.5 and Sun Role Manager 5.0 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Security...
CVE-2014-2411
Unspecified vulnerability in the Oracle Identity Analytics component in Oracle Fusion Middleware Oracle Identity Analytics 11.1.1.5 and Sun Role Manager 5.0 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Security...
CVE-2014-2411
CVE-2014-2411 affects Oracle Identity Analytics (Oracle Fusion Middleware) 11.1.1.5 and Sun Role Manager 5.0. an unspecified vulnerability could be exploited by remote authenticated users to impact confidentiality, integrity, and availability via unknown vectors related to Security. The connected...
CVE-2013-5374: IBM PureData System for Analytics file manipulation
IBM’s advisory confirms CVE-2013-5374 affects all Netezza Performance Server versions before 7.1.0.1 in the IBM PureData System for Analytics. The issue allows reading and modifying local files via unknown vectors, with exploitation requiring authentication and specific permissions. Impact includ...
Yahoo!: XSS in Yahoo! Web Analytics
Thank you for your submission to the Yahoo Bug Bounty program. We were able to reproduce the issue you reported and have implemented appropriate fixes. We appreciate your adherence to responsible disclosure guidelines and look forward to your future participation in the program...
Research Finds MAC Address Hashing Not a Fix for Privacy Problems
UPDATE–Cryptographic algorithms and hash functions are designed to be resistant to a variety of attacks, but one of the things that they can’t defend against is time. Time and the inevitable advancement of technology have turned out to be the greatest enemies of cryptography, and a quick research...
Open Web Analytics 'owa_event'参数PHP对象注入漏洞
Bugtraq ID:66076 CVE ID:CVE-2014-2294 Open Web Analytics是一款基于PHP+MySQL开发的、开源的网络分析软件,可以用来追踪和分析人们是怎样访问你的网站和应用程序的。 Open Web Analytics queue.php不正确过滤通过"owaevent" POST参数提交给"unserialize"的输入,允许远程攻击者利用漏洞通过特制的序列化对象操作部分受限配置选项或创建或覆盖任意文件。 0 Open Web Analytics 1.5.6 厂商补丁: Open Web Analytics ----- Open Web...
WordPress Google Analytics MU插件跨站请求伪造漏洞
Bugtraq ID:65926 WordPress是一种使用PHP语言开发的博客平台,用户可以在支持PHP和MySQL数据库的服务器上架设自己的网志。 WordPress Google Analytics MU存在跨站请求伪造漏洞,允许远程攻击者构建恶意URI,诱使用户解析,可以目标用户上下文执行恶意操作。 0 WordPress Google Analytics MU 2.3 目前没有详细解决方案提供: http://wordpress.org/plugins/google-analytics-mu/ A simple form which changes the analytics...