37 matches found
EUVD-2011-4670
Malware in sbrugna...
EUVD-2011-2143
Malware in sbrugna...
EUVD-2011-4669
Malware in sbrugna...
EUVD-2011-2147
Malware in sbrugna...
SmarterTools SmarterStats Multiple Vulnerabilities
This host is SmarterTools SmarterStats and is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2011-4752
SmarterTools SmarterStats 6.2.4100 sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving frmCustomReport.aspx and certain other files. NOTE: it is possible that only clients,...
CVE-2011-4751
SmarterTools SmarterStats 6.2.4100 generates web pages containing external links in response to GET requests with query strings for frmGettingStarted.aspx, which makes it easier for remote attackers to obtain sensitive information by reading 1 web-server access logs or 2 web-server Referer logs,...
Design/Logic Flaw
SmarterTools SmarterStats 6.2.4100 sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving frmCustomReport.aspx and certain other files. NOTE: it is possible that only clients,...
CVE-2011-4751
CVE-2011-4751 affects SmarterTools SmarterStats 6.2.4100. The issue arises when responses to GET requests with query strings for frmGettingStarted.aspx generate pages containing external links, enabling cross-domain Referer leakage. This can let remote attackers read web-server access logs or web...
CVE-2011-2158
The SmarterTools SmarterStats 6.0 web server sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving 1 Admin/frmSite.aspx, 2 Admin/frmSites.aspx, 3 Admin/frmViewReports.aspx, 4...
CVE-2011-2159
The SmarterTools SmarterStats 6.0 web server omits the Content-Type header for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving 1 Admin/Defaults/frmDefaultSiteSettings.aspx, 2...
CVE-2011-2152
The SmarterTools SmarterStats 6.0 web server generates web pages containing external links in response to GET requests with query strings for 1 Client/frmViewReports.aspx or 2 UserControls/Popups/frmHelp.aspx, which makes it easier for remote attackers to obtain sensitive information by reading a...
CVE-2011-2155
Login.aspx in the SmarterTools SmarterStats 6.0 web server generates a ctl00$MPH$txtPassword password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation...
CVE-2011-2154
login.aspx in the SmarterTools SmarterStats 6.0 web server does not include the HTTPOnly flag in a Set-Cookie header for the loginsettings cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie...
CVE-2011-2151
The 1 Admin/frmEmailReportSettings.aspx, 2 Admin/frmGeneralSettings.aspx, 3 Admin/frmSite.aspx, 4 Client/frmUser.aspx, and 5 Login.aspx components in the SmarterTools SmarterStats 6.0 web server accept cleartext passwords, which makes it easier for remote attackers to obtain sensitive information...
CVE-2011-2150
The SmarterTools SmarterStats 6.0 web server does not properly validate string data that is intended for storage in an XML document, which allows remote attackers to cause a denial of service parsing error and daemon pause via vectors involving 1 certain cookies in a SiteInfoLookup action to...
CVE-2011-2149
Multiple SQL injection vulnerabilities in the SmarterTools SmarterStats 6.0 web server allow remote attackers to execute arbitrary SQL commands via certain parameters to 1 Admin/frmSite.aspx, 2 Default.aspx, 3 Services/SiteAdmin.asmx, or 4 Client/frmViewReports.aspx; certain cookies to 5...
CVE-2011-2156
The SmarterTools SmarterStats 6.0 web server allows remote attackers to obtain directory listings via a direct request for the 1 Admin/, 2 Admin/Defaults/, 3 Admin/GettingStarted/, 4 Admin/Popups/, 5 AppThemes/, 6 Client/, 7 Client/Popups/, 8 Services/, 9 Temp/, 10 UserControls/, 11...
Command injection
Admin/frmSite.aspx in the SmarterTools SmarterStats 6.0 web server allows remote attackers to execute arbitrary commands via vectors involving a leading and trailing & ampersand character, and 1 an STTTState cookie, 2 the ctl00%24MPH%24txtAdminNewPasswordSettingText parameter, 3 the...
Design/Logic Flaw
The SmarterTools SmarterStats 6.0 web server does not properly validate string data that is intended for storage in an XML document, which allows remote attackers to cause a denial of service parsing error and daemon pause via vectors involving 1 certain cookies in a SiteInfoLookup action to...