19 matches found
EUVD-2021-25032
Malware in sbrugna...
CVE-2021-38590
In cPanel before 96.0.8, weak permissions on web stats can lead to information disclosure SEC-584...
CVE-2025-28856
Cross-Site Request Forgery CSRF vulnerability in dangrossman W3Counter Free Real-Time Web Stats blog-stats-by-w3counter allows Cross Site Request Forgery.This issue affects W3Counter Free Real-Time Web Stats: from n/a through = 4.1...
WordPress W3Counter Free Real-Time Web Stats plugin <= 4.1 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Thi Huyen Trang - Skalucy in WordPress Plugin W3Counter Free Real-Time Web Stats versions = 4.1...
CVE-2025-28856
Cross-Site Request Forgery CSRF vulnerability in dangrossman W3Counter Free Real-Time Web Stats blog-stats-by-w3counter allows Cross Site Request Forgery.This issue affects W3Counter Free Real-Time Web Stats: from n/a through = 4.1...
CVE-2025-28856
Cross-Site Request Forgery CSRF vulnerability in dangrossman W3Counter Free Real-Time Web Stats allows Cross Site Request Forgery. This issue affects W3Counter Free Real-Time Web Stats: from n/a through 4.1...
CVE-2025-28856
CVE-2025-28856 describes a cross-site request forgery (CSRF) in the WordPress plugin W3Counter Free Real-Time Web Stats (affected versions:
CVE-2025-28856 WordPress W3Counter Free Real-Time Web Stats plugin <= 4.1 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in dangrossman W3Counter Free Real-Time Web Stats blog-stats-by-w3counter allows Cross Site Request Forgery.This issue affects W3Counter Free Real-Time Web Stats: from n/a through = 4.1...
WordPress 3dady Real Time Web Stats plugin <= 1.0 - Stored Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability
Stored Cross-Site Scripting XSS via Cross-Site Request Forgery CSRF vulnerability discovered by UnD3sc0n0c1d0 in WordPress 3dady Real Time Web Stats plugin versions = 1.0. Solution Deactivate and delete. This plugin has been closed as of December 14, 2018 and is not available for download. Reason...
3dady Real Time Web Stats <= 1.0 - Stored Cross-Site Scripting via CSRF
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. Furthermore, due to the lack of escaping, it could also lead to Stored Cross-Site Scripting issue Make a logged in admin open a...
Wordpress Plugin 3dady real-time web stats 1.0 - Stored Cross Site Scripting (XSS)
Exploit Title: Wordpress Plugin 3dady real-time web stats 1.0 - Stored Cross Site Scripting XSS Google Dork: inurl:/wp-content/plugins/3dady-real-time-web-stats/ Date: 2022-08-24 Exploit Author: UnD3sc0n0c1d0 Vendor Homepage: https://profiles.wordpress.org/3dady/ Software Link:...
CVE-2021-38590
In cPanel before 96.0.8, weak permissions on web stats can lead to information disclosure SEC-584...
Information disclosure
In cPanel before 96.0.8, weak permissions on web stats can lead to information disclosure SEC-584...
CVE-2021-38590
CVE-2021-38590 affects cPanel before 96.0.8 where weak permissions on web statistics can lead to information disclosure (SEC-584). The vulnerability is caused by insufficient access controls on web stats, enabling local attackers to read information that should be restricted. Impact is informatio...
CVE-2021-38590
In cPanel before 96.0.8, weak permissions on web stats can lead to information disclosure SEC-584...
SQL injection in OSCommerce Add-On Visitor Web Stats
Popular OSC add-on Visitor Web Stats is completely vulnerable to SQL injections. Although it uses request data i. e. the Accept-Language header, there's no escaping at all. This also applies to the extension's derivative for OSC 3, who's author completely inherited the insufficient code structure...
osCommerce Visitor Web Stats AddOn - Accept-Language Header SQL Injection
osCommerce Visitor Web Stats AddOn - Accept-Language Header SQL Injection source: https://www.securityfocus.com/bid/40425/info osCommerce Visitor Web Stats is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query...
OSC Visitor Web Stats SQL Injection
Popular OSC add-on Visitor Web Stats is completely vulnerable to SQL injections. Although it uses request data i. e. the Accept-Language header, there's no escaping at all. This also applies to the extension's derivative for OSC 3, who's author completely inherited the insufficient code structure...
Piwik ofc_upload_image.php远程PHP代码执行漏洞
BUGTRAQ ID: 37314 CVECAN ID: CVE-2009-4140 Piwik是一款利用Php+MySQL技术构建的开源网页访问统计系统。 Piwik中使用了open-flash-chart模块执行制表操作,该模块没有正确的过滤提交给ofcuploadimage.php文件的name和HTTPRAWPOSTDATA参数便用于创建文件: ? $defaultpath = '../tmp-upload-images/'; if !fileexists$defaultpath mkdir$defaultpath, 0777, true; $destination =...