|
302351
|
- |
|
smartertools
|
smarterstats
|
The SmarterTools SmarterStats 6.0 web server omits the Content-Type header for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conf…
|
NVD-CWE-Other
|
CVE-2011-2159
|
2024-11-21 10:27 |
2011-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
302352
|
- |
|
smartertools
|
smarterstats
|
The SmarterTools SmarterStats 6.0 web server allows remote attackers to obtain directory listings via a direct request for the (1) Admin/, (2) Admin/Defaults/, (3) Admin/GettingStarted/, (4) Admin/Po…
|
CWE-200
Information Exposure
|
CVE-2011-2156
|
2024-11-21 10:27 |
2011-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
302353
|
- |
|
smartertools
|
smarterstats
|
Login.aspx in the SmarterTools SmarterStats 6.0 web server generates a ctl00$MPH$txtPassword password form field without disabling the autocomplete feature, which makes it easier for remote attackers…
|
CWE-287
Improper Authentication
|
CVE-2011-2155
|
2024-11-21 10:27 |
2011-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
302354
|
- |
|
smartertools
|
smarterstats
|
login.aspx in the SmarterTools SmarterStats 6.0 web server does not include the HTTPOnly flag in a Set-Cookie header for the loginsettings cookie, which makes it easier for remote attackers to obtain…
|
CWE-200
Information Exposure
|
CVE-2011-2154
|
2024-11-21 10:27 |
2011-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
302355
|
- |
|
smartertools
|
smarterstats
|
Login.aspx in the SmarterTools SmarterStats 6.0 web server supports URLs containing txtUser and txtPass parameters in the query string, which makes it easier for context-dependent attackers to discov…
|
CWE-200
Information Exposure
|
CVE-2011-2153
|
2024-11-21 10:27 |
2011-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
302356
|
- |
|
smartertools
|
smarterstats
|
The SmarterTools SmarterStats 6.0 web server generates web pages containing external links in response to GET requests with query strings for (1) Client/frmViewReports.aspx or (2) UserControls/Popups…
|
CWE-200
Information Exposure
|
CVE-2011-2152
|
2024-11-21 10:27 |
2011-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
302357
|
- |
|
smartertools
|
smarterstats
|
The (1) Admin/frmEmailReportSettings.aspx, (2) Admin/frmGeneralSettings.aspx, (3) Admin/frmSite.aspx, (4) Client/frmUser.aspx, and (5) Login.aspx components in the SmarterTools SmarterStats 6.0 web s…
|
CWE-310
Cryptographic Issues
|
CVE-2011-2151
|
2024-11-21 10:27 |
2011-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
302358
|
- |
|
smartertools
|
smarterstats
|
The SmarterTools SmarterStats 6.0 web server does not properly validate string data that is intended for storage in an XML document, which allows remote attackers to cause a denial of service (parsin…
|
CWE-20
Improper Input Validation
|
CVE-2011-2150
|
2024-11-21 10:27 |
2011-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
302359
|
- |
|
smartertools
|
smarterstats
|
Multiple SQL injection vulnerabilities in the SmarterTools SmarterStats 6.0 web server allow remote attackers to execute arbitrary SQL commands via certain parameters to (1) Admin/frmSite.aspx, (2) D…
|
CWE-89
SQL Injection
|
CVE-2011-2149
|
2024-11-21 10:27 |
2011-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
302360
|
- |
|
openswan
|
openswan
|
Openswan 2.2.x does not properly restrict permissions for (1) /var/run/starter.pid, related to starter.c in the IPsec starter, and (2) /var/lock/subsys/ipsec, which allows local users to kill arbitra…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-2147
|
2024-11-21 10:27 |
2011-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
