Lucene search
K

33 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2011-2142

Malware in sbrugna...

5CVSS6.4AI score0.03024EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2011-2151

Malware in sbrugna...

10CVSS6.4AI score0.04377EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2011-2150

Malware in sbrugna...

10CVSS6.4AI score0.04384EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2011-2141

Malware in sbrugna...

7.5CVSS6.4AI score0.0235EPSS
Exploits0References5
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.24 views

SmarterStats 6.0 - Multiple Vulnerabilities

No description provided by source. Hoyt LLC Research | SmarterStats 6.0, OS Command Execution, Directory Traversal, DoS, Coordinated Disclosure Author: Hoyt LLC Research | http://xss.cx | http://cloudscan.me Vendor: SmarterTools Application: SmarterStats 6.0 Bugs: Directory Traversal, File Upload...

7.1AI score
Exploits0
NVD
NVD
added 2011/05/20 10:55 p.m.16 views

CVE-2011-2155

Login.aspx in the SmarterTools SmarterStats 6.0 web server generates a ctl00$MPH$txtPassword password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation...

7.5CVSS7AI score0.03913EPSS
Exploits0References5
NVD
NVD
added 2011/05/20 10:55 p.m.17 views

CVE-2011-2154

login.aspx in the SmarterTools SmarterStats 6.0 web server does not include the HTTPOnly flag in a Set-Cookie header for the loginsettings cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie...

5CVSS6.1AI score0.02667EPSS
Exploits0References5
NVD
NVD
added 2011/05/20 10:55 p.m.14 views

CVE-2011-2152

The SmarterTools SmarterStats 6.0 web server generates web pages containing external links in response to GET requests with query strings for 1 Client/frmViewReports.aspx or 2 UserControls/Popups/frmHelp.aspx, which makes it easier for remote attackers to obtain sensitive information by reading a...

5CVSS6.1AI score0.0264EPSS
Exploits0References4
NVD
NVD
added 2011/05/20 10:55 p.m.20 views

CVE-2011-2158

The SmarterTools SmarterStats 6.0 web server sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving 1 Admin/frmSite.aspx, 2 Admin/frmSites.aspx, 3 Admin/frmViewReports.aspx, 4...

10CVSS6.7AI score0.04384EPSS
Exploits0References5
NVD
NVD
added 2011/05/20 10:55 p.m.15 views

CVE-2011-2157

The 1 Admin/frmEmailReportSettings.aspx and 2 Admin/frmGeneralSettings.aspx components in the SmarterTools SmarterStats 6.0 web server generate web pages containing e-mail addresses, which allows remote attackers to obtain potentially sensitive information by reading the default values of form...

5CVSS6.2AI score0.0264EPSS
Exploits0References4
NVD
NVD
added 2011/05/20 10:55 p.m.15 views

CVE-2011-2156

The SmarterTools SmarterStats 6.0 web server allows remote attackers to obtain directory listings via a direct request for the 1 Admin/, 2 Admin/Defaults/, 3 Admin/GettingStarted/, 4 Admin/Popups/, 5 AppThemes/, 6 Client/, 7 Client/Popups/, 8 Services/, 9 Temp/, 10 UserControls/, 11...

5CVSS6.6AI score0.0264EPSS
Exploits0References4
NVD
NVD
added 2011/05/20 10:55 p.m.22 views

CVE-2011-2148

Admin/frmSite.aspx in the SmarterTools SmarterStats 6.0 web server allows remote attackers to execute arbitrary commands via vectors involving a leading and trailing & ampersand character, and 1 an STTTState cookie, 2 the ctl00%24MPH%24txtAdminNewPasswordSettingText parameter, 3 the...

10CVSS7.7AI score0.05321EPSS
Exploits0References4
Prion
Prion
added 2011/05/20 10:55 p.m.14 views

Command injection

Admin/frmSite.aspx in the SmarterTools SmarterStats 6.0 web server allows remote attackers to execute arbitrary commands via vectors involving a leading and trailing & ampersand character, and 1 an STTTState cookie, 2 the ctl00%24MPH%24txtAdminNewPasswordSettingText parameter, 3 the...

10CVSS8.3AI score0.05321EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2011/05/20 10:55 p.m.13 views

Authentication flaw

Login.aspx in the SmarterTools SmarterStats 6.0 web server generates a ctl00$MPH$txtPassword password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation...

7.5CVSS7.6AI score0.03913EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2011/05/20 10:55 p.m.17 views

Design/Logic Flaw

The SmarterTools SmarterStats 6.0 web server omits the Content-Type header for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving 1 Admin/Defaults/frmDefaultSiteSettings.aspx, 2...

10CVSS7.3AI score0.04377EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2011/05/20 10:55 p.m.23 views

Cross site scripting

Login.aspx in the SmarterTools SmarterStats 6.0 web server supports URLs containing txtUser and txtPass parameters in the query string, which makes it easier for context-dependent attackers to discover credentials by reading 1 web-server access logs, 2 web-server Referer logs, or 3 the browser...

5CVSS7AI score0.02014EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2011/05/20 10:55 p.m.13 views

Cross site scripting

The SmarterTools SmarterStats 6.0 web server generates web pages containing external links in response to GET requests with query strings for 1 Client/frmViewReports.aspx or 2 UserControls/Popups/frmHelp.aspx, which makes it easier for remote attackers to obtain sensitive information by reading a...

5CVSS6.6AI score0.0264EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2011/05/20 10:55 p.m.14 views

Design/Logic Flaw

The SmarterTools SmarterStats 6.0 web server allows remote attackers to obtain directory listings via a direct request for the 1 Admin/, 2 Admin/Defaults/, 3 Admin/GettingStarted/, 4 Admin/Popups/, 5 AppThemes/, 6 Client/, 7 Client/Popups/, 8 Services/, 9 Temp/, 10 UserControls/, 11...

5CVSS7AI score0.0264EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2011/05/20 10:55 p.m.12 views

Design/Logic Flaw

The 1 Admin/frmEmailReportSettings.aspx, 2 Admin/frmGeneralSettings.aspx, 3 Admin/frmSite.aspx, 4 Client/frmUser.aspx, and 5 Login.aspx components in the SmarterTools SmarterStats 6.0 web server accept cleartext passwords, which makes it easier for remote attackers to obtain sensitive information...

5CVSS6.7AI score0.02667EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2011/05/20 10:0 p.m.23 views

CVE-2011-2153

Login.aspx in the SmarterTools SmarterStats 6.0 web server supports URLs containing txtUser and txtPass parameters in the query string, which makes it easier for context-dependent attackers to discover credentials by reading 1 web-server access logs, 2 web-server Referer logs, or 3 the browser...

6.5AI score0.02014EPSS
Exploits0References4
Rows per page
Query Builder