15 matches found
EUVD-2005-4009
Malware in sbrugna...
EUVD-2005-4008
Malware in sbrugna...
EUVD-2005-4007
Malware in sbrugna...
EUVD-2005-4010
Malware in sbrugna...
PHP Web Statistik 1.4 Content Injection Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/15603/info PHP Web Statistik is prone to multiple content injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. The vulnerabilities could allow for HTML...
CVE-2005-4014
stat.php in PHP Web Statistik 1.4 allows remote attackers to cause a denial of service CPU consumption via a large lastnumber value...
CVE-2005-4015
PHP Web Statistik 1.4 does not rotate the log database or limit the size of the referer field, which allows remote attackers to fill the log files via a large number of requests, as demonstrated using pixel.php...
CVE-2005-4013
PHP Web Statistik 1.4 stores the stat.cfg file under the web root with insufficient access control, which allows remote attackers to obtain sensitive information such as statistics and the log directory location, possibly including the logdb.dta file...
CVE-2005-4012
Multiple cross-site scripting XSS vulnerabilities in PHP Web Statistik 1.4 allows remote attackers to inject arbitrary web script or HTML via 1 the lastnumber parameter to stat.php and 2 the HTTP referer to pixel.php...
CVE-2005-4012
The CVE-2005-4012 entry describes multiple cross-site scripting (XSS) vulnerabilities in PHP Web Statistik 1.4 . An attacker can inject arbitrary script via (1) the lastnumber parameter to stat.php and (2) the HTTP Referer to pixel.php. The NVD entry lists a Medium base score (4.3) with no authen...
CVE-2005-4013
PHP Web Statistik 1.4 stores the stat.cfg file under the web root with insufficient access control, allowing remote attackers to read sensitive information such as statistics and the log directory location, and possibly the logdb.dta file. Root cause: weak access permissions on stat.cfg exposed v...
CVE-2005-4012
Multiple cross-site scripting XSS vulnerabilities in PHP Web Statistik 1.4 allows remote attackers to inject arbitrary web script or HTML via 1 the lastnumber parameter to stat.php and 2 the HTTP referer to pixel.php...
[Full-disclosure] Php Web Statistik Multiple Vulnerabilities
PHP Web Statistik Multiple Vulnerabilities Name Multiple Vulnerabilities in PHP Web Statistik Systems Affected PHP Web Statistik verified on 1.4 Severity Medium Risk Vendor www.php-web-statistik.de Advisory http://www.ush.it/2005/11/19/php-web-statistik/ Author Francesco ‘aScii’ Ongaro ascii at...
PHP Web Statistik 1.4 - Content Injection
source: https://www.securityfocus.com/bid/15603/info PHP Web Statistik is prone to multiple content injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. The vulnerabilities could allow for HTML injection and cross-site scripting...
PHP Web Statistik 1.4 - Content Injection
PHP Web Statistik 1.4 - Content Injection source: https://www.securityfocus.com/bid/15603/info PHP Web Statistik is prone to multiple content injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. The vulnerabilities could allow f...