20 matches found
EUVD-2005-4009
Malware in sbrugna...
EUVD-2005-4008
Malware in sbrugna...
EUVD-2005-4007
Malware in sbrugna...
EUVD-2005-4010
Malware in sbrugna...
PHP Web Statistik 1.4 Content Injection Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/15603/info PHP Web Statistik is prone to multiple content injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. The vulnerabilities could allow for HTML...
CVE-2005-4014
stat.php in PHP Web Statistik 1.4 allows remote attackers to cause a denial of service CPU consumption via a large lastnumber value...
CVE-2005-4015
PHP Web Statistik 1.4 does not rotate the log database or limit the size of the referer field, which allows remote attackers to fill the log files via a large number of requests, as demonstrated using pixel.php...
CVE-2005-4013
PHP Web Statistik 1.4 stores the stat.cfg file under the web root with insufficient access control, which allows remote attackers to obtain sensitive information such as statistics and the log directory location, possibly including the logdb.dta file...
CVE-2005-4012
Multiple cross-site scripting XSS vulnerabilities in PHP Web Statistik 1.4 allows remote attackers to inject arbitrary web script or HTML via 1 the lastnumber parameter to stat.php and 2 the HTTP referer to pixel.php...
CVE-2005-4012
The CVE-2005-4012 entry describes multiple cross-site scripting (XSS) vulnerabilities in PHP Web Statistik 1.4 . An attacker can inject arbitrary script via (1) the lastnumber parameter to stat.php and (2) the HTTP Referer to pixel.php. The NVD entry lists a Medium base score (4.3) with no authen...
CVE-2005-4014
CVE-2005-4014 concerns PHP Web Statistik 1.4 where stat.php can be abused to trigger a denial of service (high CPU usage) by sending a large lastnumber value. This is the vulnerability described in the NVD entry for CVE-2005-4014, with a network-remote impact and no confidentiality/integrity loss...
CVE-2005-4014
stat.php in PHP Web Statistik 1.4 allows remote attackers to cause a denial of service CPU consumption via a large lastnumber value...
CVE-2005-4013
PHP Web Statistik 1.4 stores the stat.cfg file under the web root with insufficient access control, allowing remote attackers to read sensitive information such as statistics and the log directory location, and possibly the logdb.dta file. Root cause: weak access permissions on stat.cfg exposed v...
CVE-2005-4015
CVE-2005-4015 affects PHP Web Statistik 1.4. The issue is that the log database is not rotated and the referer field size is not limited, enabling a remote attacker to exhaust log files by issuing a very high number of HTTP requests (demonstrated via pixel.php). The available references describe ...
CVE-2005-4013
PHP Web Statistik 1.4 stores the stat.cfg file under the web root with insufficient access control, which allows remote attackers to obtain sensitive information such as statistics and the log directory location, possibly including the logdb.dta file...
CVE-2005-4015
PHP Web Statistik 1.4 does not rotate the log database or limit the size of the referer field, which allows remote attackers to fill the log files via a large number of requests, as demonstrated using pixel.php...
CVE-2005-4012
Multiple cross-site scripting XSS vulnerabilities in PHP Web Statistik 1.4 allows remote attackers to inject arbitrary web script or HTML via 1 the lastnumber parameter to stat.php and 2 the HTTP referer to pixel.php...
PHP Web Statistik 1.4 - Content Injection
PHP Web Statistik 1.4 - Content Injection source: https://www.securityfocus.com/bid/15603/info PHP Web Statistik is prone to multiple content injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. The vulnerabilities could allow f...
[Full-disclosure] Php Web Statistik Multiple Vulnerabilities
PHP Web Statistik Multiple Vulnerabilities Name Multiple Vulnerabilities in PHP Web Statistik Systems Affected PHP Web Statistik verified on 1.4 Severity Medium Risk Vendor www.php-web-statistik.de Advisory http://www.ush.it/2005/11/19/php-web-statistik/ Author Francesco ‘aScii’ Ongaro ascii at...
PHP Web Statistik 1.4 - Content Injection
source: https://www.securityfocus.com/bid/15603/info PHP Web Statistik is prone to multiple content injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. The vulnerabilities could allow for HTML injection and cross-site scripting...