7647 matches found
Hack Puts Spotlight on Malware's Long Tail: Parked Domains
They’re the dusty corners of the Web: so-called “parked” domains. But these little trafficked sites are attracting the attention of security experts, who say that it’s time for hosting firms and others that profit from them to clean up malware infections that may be exposing millions of Web users...
CVE-2010-2676
Multiple directory traversal vulnerabilities in index.php in Open Web Analytics OWA 1.2.3 might allow remote attackers to read arbitrary files via directory traversal sequences in the 1 owaaction and 2 owado parameters...
CVE-2010-2677
PHP remote file inclusion vulnerability in mwplugin.php in Open Web Analytics OWA 1.2.3, when magicquotesgpc is disabled and registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the IP parameter. NOTE: some of these details are obtained from third party...
Remote file inclusion
PHP remote file inclusion vulnerability in mwplugin.php in Open Web Analytics OWA 1.2.3, when magicquotesgpc is disabled and registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the IP parameter. NOTE: some of these details are obtained from third party...
Directory traversal
Multiple directory traversal vulnerabilities in index.php in Open Web Analytics OWA 1.2.3 might allow remote attackers to read arbitrary files via directory traversal sequences in the 1 owaaction and 2 owado parameters...
CVE-2010-2676
Open Web Analytics (OWA) 1.2.3 is affected by multiple directory traversal flaws in index.php, exploitable via the owa_action and owa_do parameters. The underlying issue allows remote attackers to read arbitrary files, as described in CVE-2010-2676. Attack surface is network-exposed and does not ...
CVE-2010-2677
Open Web Analytics (OWA) 1.2.3 is affected by a PHP remote file inclusion due to mw_plugin.php, where enabling register_globals and disabling magic_quotes_gpc allows an attacker to execute arbitrary PHP code via a URL in the IP parameter. The root cause is improper handling of user input in the R...
CVE-2010-2676
Multiple directory traversal vulnerabilities in index.php in Open Web Analytics OWA 1.2.3 might allow remote attackers to read arbitrary files via directory traversal sequences in the 1 owaaction and 2 owado parameters...
CVE-2010-2677
PHP remote file inclusion vulnerability in mwplugin.php in Open Web Analytics OWA 1.2.3, when magicquotesgpc is disabled and registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the IP parameter. NOTE: some of these details are obtained from third party...
This Week In Security: Privacy, RedPhone and Adobe
In case you needed any reminders that privacy is one of the more pressing problems on the Web right now, this week’s news provided plenty of them. Along with stories of Facebook’s continued privacy missteps, this week gave us the gift of Google letting users install some Google code to opt out of...
Piwik < 0.6 form_url参数跨站脚本漏洞
BugCVE: CVE-2010-1453 BUGTRAQ: 39144 Piwik是一款利用Php+MySQL技术构建的开源网页访问统计系统。 Piwik没有正确地过滤提交给index.php页面的formurl参数便返回给了用户,攻击者诱骗用户跟随恶意的登录URL链接就可以执行反射式跨站脚本攻击,导致在用户浏览器会话中执行任意HTML和脚本代码。 Piwik 0.6 厂商补丁: Piwik ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://piwik.org/latest.zip...
Open Web Analytics 1.2.3 Local / Remote File Inclusion
=========================================================================== Topic : Open Web Analytics 1.2.3 Bug type : multi file include Download : http://downloads.openwebanalytics.com/owa/owa123.tar Advisory : =========================================================================== Author ...
Open Web Analytics 1.2.3 multi file include
Exploit for php platform in category web applications =========================================== Open Web Analytics 1.2.3 multi file include =========================================== =========================================================================== Topic : Open Web Analytics 1.2.3 Bu...
Open Web Analytics 1.2.3 - Multiple File Inclusions
Open Web Analytics 1.2.3 - Multiple File Inclusions =========================================================================== Topic : Open Web Analytics 1.2.3 Bug type : multi file include Download : http://downloads.openwebanalytics.com/owa/owa123.tar Advisory :...
Open Web Analytics 1.2.3 - Multiple File Inclusions
=========================================================================== Topic : Open Web Analytics 1.2.3 Bug type : multi file include Download : http://downloads.openwebanalytics.com/owa/owa123.tar Advisory : =========================================================================== Author ...
Unrestricted file upload
Unrestricted file upload vulnerability in ofcuploadimage.php in Open Flash Chart v2 Beta 1 through v2 Lug Wyrm Charmer, as used in Piwik 0.2.35 through 0.4.3, Woopra Analytics Plugin before 1.4.3.2, and possibly other products, when registerglobals is enabled, allows remote authenticated users to...
CVE-2009-4140
Unrestricted file upload vulnerability in ofcuploadimage.php in Open Flash Chart v2 Beta 1 through v2 Lug Wyrm Charmer, as used in Piwik 0.2.35 through 0.4.3, Woopra Analytics Plugin before 1.4.3.2, and possibly other products, when registerglobals is enabled, allows remote authenticated users to...
CVE-2009-4140
Unrestricted file upload vulnerability in ofcuploadimage.php in Open Flash Chart v2 Beta 1 through v2 Lug Wyrm Charmer, as used in Piwik 0.2.35 through 0.4.3, Woopra Analytics Plugin before 1.4.3.2, and possibly other products, when registerglobals is enabled, allows remote authenticated users to...
CVE-2009-4140
CVE-2009-4140 affects Open Flash Chart’s ofc_upload_image.php in Open Flash Chart v2 Beta1 through v2 Lug Wyrm Charmer, used by Piwik 0.2.35–0.4.3 and Woopra Plugin before 1.4.3.2. The issue is an unrestricted file upload when register_globals is enabled, allowing remote authenticated users to up...
Yoast Google Analytics Cross Site Scripting
Yoast GA Plugin for WP - Cross Site Scripting Vulnerability Version Affected: 3.2.4 newest Info: The Google Analytics for WordPress plugin automatically tracks and segments all outbound links from within posts, comment author links, links within comments, blogroll links and downloads. It also...