EUVD-2011-0426

Malware in sbrugna...

EUVD-2015-7713

Malware in sbrugna...

EUVD-2013-2572

Malware in sbrugna...

Piwik (now Matomo) Reveals Sensitive Information by Accepting Input from `POST` Requests

Piwik before 1.11 accepts input from a POST request instead of a GET request in unspecified circumstances, which might allow attackers to obtain sensitive information by leveraging the logging of parameters...

CVE-2015-7816

The DisplayTopKeywords function in plugins/Referrers/Controller.php in Piwik before 2.15.0 allows remote attackers to conduct PHP object injection attacks, conduct Server-Side Request Forgery SSRF attacks, and execute arbitrary PHP code via a crafted HTTP header...

Piwik <= 1357 2009-08-02 file upload and code execution

No description provided by source...

CVE-2013-2633

Piwik before 1.11 accepts input from a POST request instead of a GET request in unspecified circumstances, which might allow attackers to obtain sensitive information by leveraging the logging of parameters...

piwik -- unknown critical vulnerabilities

Secunia reports: Multiple vulnerabilities with an unknown impact have been reported in Piwik. The vulnerabilities are caused due to unspecified errors. No further information is currently available...

Information disclosure

Piwik 1.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by plugins/Widgetize/Widgetize.php and certain other files...

CVE-2009-1085

Piwik 0.2.32 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the API key and other sensitive information via a direct request for misc/cron/archive.sh...

CVE-2009-1085

Piwik 0.2.32 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the API key and other sensitive information via a direct request for misc/cron/archive.sh...