4 matches found
Design/Logic Flaw
The SmarterTools SmarterStats 6.0 web server allows remote attackers to obtain directory listings via a direct request for the 1 Admin/, 2 Admin/Defaults/, 3 Admin/GettingStarted/, 4 Admin/Popups/, 5 AppThemes/, 6 Client/, 7 Client/Popups/, 8 Services/, 9 Temp/, 10 UserControls/, 11...
Code injection
The SmarterTools SmarterStats 6.0 web server sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving 1 Admin/frmSite.aspx, 2 Admin/frmSites.aspx, 3 Admin/frmViewReports.aspx, 4...
Design/Logic Flaw
The SmarterTools SmarterStats 6.0 web server omits the Content-Type header for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving 1 Admin/Defaults/frmDefaultSiteSettings.aspx, 2...
CVE-2011-2158
The SmarterTools SmarterStats 6.0 web server sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving 1 Admin/frmSite.aspx, 2 Admin/frmSites.aspx, 3 Admin/frmViewReports.aspx, 4...