19 matches found
EUVD-2021-25032
Malware in sbrugna...
CVE-2021-38590
In cPanel before 96.0.8, weak permissions on web stats can lead to information disclosure SEC-584...
CVE-2025-28856
Cross-Site Request Forgery CSRF vulnerability in dangrossman W3Counter Free Real-Time Web Stats blog-stats-by-w3counter allows Cross Site Request Forgery.This issue affects W3Counter Free Real-Time Web Stats: from n/a through = 4.1...
WordPress W3Counter Free Real-Time Web Stats plugin <= 4.1 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Thi Huyen Trang - Skalucy in WordPress Plugin W3Counter Free Real-Time Web Stats versions = 4.1...
CVE-2025-28856
Cross-Site Request Forgery CSRF vulnerability in dangrossman W3Counter Free Real-Time Web Stats allows Cross Site Request Forgery. This issue affects W3Counter Free Real-Time Web Stats: from n/a through 4.1...
CVE-2025-28856
Cross-Site Request Forgery CSRF vulnerability in dangrossman W3Counter Free Real-Time Web Stats blog-stats-by-w3counter allows Cross Site Request Forgery.This issue affects W3Counter Free Real-Time Web Stats: from n/a through = 4.1...
CVE-2025-28856 WordPress W3Counter Free Real-Time Web Stats plugin <= 4.1 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in dangrossman W3Counter Free Real-Time Web Stats blog-stats-by-w3counter allows Cross Site Request Forgery.This issue affects W3Counter Free Real-Time Web Stats: from n/a through = 4.1...
CVE-2025-28856
CVE-2025-28856 describes a cross-site request forgery (CSRF) in the WordPress plugin W3Counter Free Real-Time Web Stats (affected versions:
WordPress 3dady Real Time Web Stats plugin <= 1.0 - Stored Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability
Stored Cross-Site Scripting XSS via Cross-Site Request Forgery CSRF vulnerability discovered by UnD3sc0n0c1d0 in WordPress 3dady Real Time Web Stats plugin versions = 1.0. Solution Deactivate and delete. This plugin has been closed as of December 14, 2018 and is not available for download. Reason...
3dady Real Time Web Stats <= 1.0 - Stored Cross-Site Scripting via CSRF
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Furthermore, due to the lack of escaping, it could also lead to Stored Cross-Site Scripting issue Make a logged in admin open a...
Wordpress Plugin 3dady real-time web stats 1.0 - Stored Cross Site Scripting (XSS)
Exploit Title: Wordpress Plugin 3dady real-time web stats 1.0 - Stored Cross Site Scripting XSS Google Dork: inurl:/wp-content/plugins/3dady-real-time-web-stats/ Date: 2022-08-24 Exploit Author: UnD3sc0n0c1d0 Vendor Homepage: https://profiles.wordpress.org/3dady/ Software Link:...
CVE-2021-38590
In cPanel before 96.0.8, weak permissions on web stats can lead to information disclosure SEC-584...
Information disclosure
In cPanel before 96.0.8, weak permissions on web stats can lead to information disclosure SEC-584...
CVE-2021-38590
In cPanel before 96.0.8, weak permissions on web stats can lead to information disclosure SEC-584...
CVE-2021-38590
CVE-2021-38590 affects cPanel before 96.0.8 where weak permissions on web statistics can lead to information disclosure (SEC-584). The vulnerability is caused by insufficient access controls on web stats, enabling local attackers to read information that should be restricted. Impact is informatio...
osCommerce Visitor Web Stats AddOn - Accept-Language Header SQL Injection
osCommerce Visitor Web Stats AddOn - Accept-Language Header SQL Injection source: https://www.securityfocus.com/bid/40425/info osCommerce Visitor Web Stats is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query...
SQL injection in OSCommerce Add-On Visitor Web Stats
Popular OSC add-on Visitor Web Stats is completely vulnerable to SQL injections. Although it uses request data i. e. the Accept-Language header, there's no escaping at all. This also applies to the extension's derivative for OSC 3, who's author completely inherited the insufficient code structure...
OSC Visitor Web Stats SQL Injection
Popular OSC add-on Visitor Web Stats is completely vulnerable to SQL injections. Although it uses request data i. e. the Accept-Language header, there's no escaping at all. This also applies to the extension's derivative for OSC 3, who's author completely inherited the insufficient code structure...
Piwik ofc_upload_image.php远程PHP代码执行漏洞
BUGTRAQ ID: 37314 CVECAN ID: CVE-2009-4140 Piwik是一款利用Php+MySQL技术构建的开源网页访问统计系统。 Piwik中使用了open-flash-chart模块执行制表操作,该模块没有正确的过滤提交给ofcuploadimage.php文件的name和HTTPRAWPOSTDATA参数便用于创建文件: ? $defaultpath = '../tmp-upload-images/'; if !fileexists$defaultpath mkdir$defaultpath, 0777, true; $destination =...