CVE-2005-4012

The CVE-2005-4012 entry describes multiple cross-site scripting (XSS) vulnerabilities in PHP Web Statistik 1.4 . An attacker can inject arbitrary script via (1) the lastnumber parameter to stat.php and (2) the HTTP Referer to pixel.php. The NVD entry lists a Medium base score (4.3) with no authen...

CVE-2005-4014

CVE-2005-4014 concerns PHP Web Statistik 1.4 where stat.php can be abused to trigger a denial of service (high CPU usage) by sending a large lastnumber value. This is the vulnerability described in the NVD entry for CVE-2005-4014, with a network-remote impact and no confidentiality/integrity loss...

CVE-2005-4015

CVE-2005-4015 affects PHP Web Statistik 1.4. The issue is that the log database is not rotated and the referer field size is not limited, enabling a remote attacker to exhaust log files by issuing a very high number of HTTP requests (demonstrated via pixel.php). The available references describe ...

CVE-2005-4013

PHP Web Statistik 1.4 stores the stat.cfg file under the web root with insufficient access control, allowing remote attackers to read sensitive information such as statistics and the log directory location, and possibly the logdb.dta file. Root cause: weak access permissions on stat.cfg exposed v...