Lucene search
K

92 matches found

OSV
OSV
added 2022/03/18 12:0 a.m.18 views

CVE-2022-24637

Open Web Analytics OWA before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files generated with '?php instead of the intended "?php sequence aren't handled by the PH...

9.8CVSS9.6AI score0.99134EPSS
Exploits14References6
CNNVD
CNNVD
added 2022/03/18 12:0 a.m.3 views

Open Web Analytics Server 安全漏洞

Open Web Analytics Server is an open source alternative for commercial web analytics tools such as Google Analytics. A security vulnerability exists in Open Web Analytics version 1.7.4, which stems from the use of php-generated files instead of the expected php sequences that are not processed by...

9.8CVSS8.2AI score0.99134EPSS
Exploits14References8
Positive Technologies
Positive Technologies
added 2022/03/18 12:0 a.m.6 views

PT-2022-16769

Name of the Vulnerable Software and Affected Versions Open Web Analytics versions prior to 1.7.4 Description The issue allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files...

9.8CVSS9.6AI score0.99134EPSS
Exploits14References21
Check Point Advisories
Check Point Advisories
added 2021/06/24 12:0 a.m.33 views

Open Web Analytics SQL Injection (CVE-2014-1206)

An SQL Injection vulnerability exists in Open Web Analytics. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

7.5CVSS5.3AI score0.02495EPSS
Exploits7
OpenVAS
OpenVAS
added 2018/04/26 12:0 a.m.19 views

Open Web Analytics < 1.5.7 PHP Object Injection Vulnerability

Open Web Analytics is prone to a PHP object injection vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

9.8CVSS9.6AI score0.02808EPSS
Exploits2References5
NVD
NVD
added 2018/04/17 7:29 p.m.16 views

CVE-2014-2294

Open Web Analytics OWA before 1.5.7 allows remote attackers to conduct PHP object injection attacks via a crafted serialized object in the owaevent parameter to queue.php...

9.8CVSS9.4AI score0.02808EPSS
Exploits2References5
Cvelist
Cvelist
added 2018/04/17 7:0 p.m.26 views

CVE-2014-2294

Open Web Analytics OWA before 1.5.7 allows remote attackers to conduct PHP object injection attacks via a crafted serialized object in the owaevent parameter to queue.php...

9.5AI score0.02808EPSS
Exploits2References5
CVE
CVE
added 2018/04/17 7:0 p.m.48 views

CVE-2014-2294

Open Web Analytics (OWA) before 1.5.7 is vulnerable to PHP object injection via the owa_event parameter to queue.php. The root cause is unsafe unserialize() of a crafted serialized object (after decoding base64) in queue.php, enabling remote attackers to manipulate configuration or achieve arbitr...

9.8CVSS9.3AI score0.02808EPSS
Exploits2References5Affected Software1
CNVD
CNVD
added 2018/04/12 12:0 a.m.5 views

Open Web Analytics Heap Buffer Overflow Vulnerability

Open Web Analytics OWA is a PHP and MySQL based open source web traffic statistics software from the Open Web Analytics team. The software can be used to track and analyze the websites and applications visited by users, and can be used with WordPress, MediaWiki integration. Open Web Analytics OWA...

8.8CVSS7.7AI score0.01828EPSS
Exploits0References1
NVD
NVD
added 2018/03/20 9:29 p.m.18 views

CVE-2014-1457

Open Web Analytics OWA before 1.5.6 improperly generates random nonce values, which makes it easier for remote attackers to bypass a CSRF protection mechanism by leveraging knowledge of an OWA user name...

8.8CVSS8.8AI score0.01171EPSS
Exploits1References4
Prion
Prion
added 2018/03/20 9:29 p.m.13 views

Cross site request forgery (csrf)

Open Web Analytics OWA before 1.5.6 improperly generates random nonce values, which makes it easier for remote attackers to bypass a CSRF protection mechanism by leveraging knowledge of an OWA user name...

6.8CVSS7.3AI score0.01171EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2018/03/20 9:0 p.m.40 views

CVE-2014-1457

Open Web Analytics (OWA) before 1.5.6 is affected by CVE-2014-1457: it generates nonces for CSRF protection in a way that can be bypassed by knowledge of an OWA user name. Affects the OWA component responsible for CSRF defense; root cause is nonce generation not sufficiently random. Impact is par...

8.8CVSS8.6AI score0.01171EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2018/03/20 9:0 p.m.19 views

CVE-2014-1457

Open Web Analytics OWA before 1.5.6 improperly generates random nonce values, which makes it easier for remote attackers to bypass a CSRF protection mechanism by leveraging knowledge of an OWA user name...

8.8AI score0.01171EPSS
Exploits1References4
Packet Storm
Packet Storm
added 2016/02/25 12:0 a.m.26 views

Open Web Analytics 1.5.7 Cross Site Scripting

Exploit Title: Open Web Analytics v1.5.7 Cross-Site Scripting Author: 1N3 @CrowdShield https://crowdshield.com Vendor: http://www.openwebanalytics.com/ Date: 02/24/2016 Description: Open Web Analytics suffers from a Cross-Site Scripting vulnerability in the owasiteid parameter because it fails to...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2015/07/27 12:0 a.m.45 views

Open-Web-Analytics-1.5.7 Cryptographic, Password Disclosure &amp; XSS Vulnerabilities

Credits: John Page hyp3rlinx + Domains: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-OPENWEBANALYTICS0721.txt Vendor: ================================ www.openwebanalytics.com Product: ================================ Open-Web-Analytics-1.5.7 Advisory...

6.5AI score
Exploits0
0day.today
0day.today
added 2015/07/23 12:0 a.m.30 views

Open Web Analytics 1.5.7 Multiple Vulnerabilities

Open Web Analytics version 1.5.7 suffers from password disclosure, weak cryptographic control, and cross site scripting vulnerabilities. + Credits: John Page hyp3rlinx + Domains: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-OPENWEBANALYTICS0721.txt Vendor:...

6.9AI score
Exploits0
Packet Storm
Packet Storm
added 2015/07/22 12:0 a.m.41 views

Open Web Analytics 1.5.7 XSS / Password Disclosure / Crypto Weakness

Credits: John Page hyp3rlinx + Domains: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AS-OPENWEBANALYTICS0721.txt Vendor: ================================ www.openwebanalytics.com Product: ================================ Open-Web-Analytics-1.5.7 Advisory...

0.1AI score
Exploits0
0day.today
0day.today
added 2014/11/30 12:0 a.m.44 views

Open Web Analytics 1.5.6 PHP Object Injection Vulnerability

Exploit for php platform in category web applications Open Web Analytics setSetting'base', 'isremoteeventqueue', true; $owa-e-debug$POST; $rawevent = owacoreAPI::getRequestParam'event'; if $rawevent $dispatch = owacoreAPI::getEventDispatch; $event = unserialize base64decode $rawevent ;...

9.2AI score0.02808EPSS
Exploits2
Packet Storm
Packet Storm
added 2014/07/16 12:0 a.m.43 views

Open Web Analytics 1.5.7 Cross Site Scripting / Remote File Inclusion

Exploit Title : Open Web Analytics - v: 1.5.7 multiple vulnerability Author : Govind Singh aka NullPort Vendor : http://www.openwebanalytics.com/ Download Link : http://downloads.openwebanalytics.com/ Google Dork : "powered by Open Web Analytics" Date : 14/07/2014 Discovered at : IHT Lab 1ND14N...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.17 views

Open Web Analytics 1.2.3 multi file include

No description provided by source. =========================================================================== Topic : Open Web Analytics 1.2.3 Bug type : multi file include Download : http://downloads.openwebanalytics.com/owa/owa123.tar Advisory :...

7.1AI score
Exploits0
Rows per page
Query Builder