Lucene search
K
OpenwebanalyticsOpen Web Analytics

7 matches found

CVE
CVE
added 2022/03/18 12:0 a.m.239 views

CVE-2022-24637

Open Web Analytics (OWA) 1.7.3 is vulnerable to unauthenticated remote code execution due to improper handling of PHP-generated cache files (files generated with '<?php instead of '

9.8CVSS9.4AI score0.99134EPSS
CVE
CVE
added 2014/01/15 4:0 p.m.94 views

CVE-2014-1206

Open Web Analytics (OWA)

7.5CVSS8.4AI score0.02495EPSS
CVE
CVE
added 2010/07/08 10:0 p.m.53 views

CVE-2010-2677

Open Web Analytics (OWA) 1.2.3 is affected by a PHP remote file inclusion due to mw_plugin.php, where enabling register_globals and disabling magic_quotes_gpc allows an attacker to execute arbitrary PHP code via a URL in the IP parameter. The root cause is improper handling of user input in the R...

5.1CVSS7.8AI score0.02687EPSS
CVE
CVE
added 2018/04/17 7:0 p.m.49 views

CVE-2014-2294

Open Web Analytics (OWA) before 1.5.7 is vulnerable to PHP object injection via the owa_event parameter to queue.php. The root cause is unsafe unserialize() of a crafted serialized object (after decoding base64) in queue.php, enabling remote attackers to manipulate configuration or achieve arbitr...

9.8CVSS9.3AI score0.02808EPSS
CVE
CVE
added 2010/07/08 10:0 p.m.48 views

CVE-2010-2676

Open Web Analytics (OWA) 1.2.3 is affected by multiple directory traversal flaws in index.php, exploitable via the owa_action and owa_do parameters. The underlying issue allows remote attackers to read arbitrary files, as described in CVE-2010-2676. Attack surface is network-exposed and does not ...

5CVSS7.1AI score0.02862EPSS
CVE
CVE
added 2014/02/28 5:0 p.m.47 views

CVE-2014-1456

Open Web Analytics (OWA) prior to version 1.5.6 is affected by CVE-2014-1456, a cross-site scripting (XSS) vulnerability in the login page. The issue allows injection of arbitrary script or HTML via the owa_user_id parameter to index.php, with impact described as partial integrity impact and no c...

4.3CVSS5.8AI score0.01807EPSS
CVE
CVE
added 2018/03/20 9:0 p.m.40 views

CVE-2014-1457

Open Web Analytics (OWA) before 1.5.6 is affected by CVE-2014-1457: it generates nonces for CSRF protection in a way that can be bypassed by knowledge of an OWA user name. Affects the OWA component responsible for CSRF defense; root cause is nonce generation not sufficiently random. Impact is par...

8.8CVSS8.6AI score0.01171EPSS