|
298891
|
- |
|
smartertools
|
smarterstats
|
The SmarterTools SmarterStats 6.0 web server allows remote attackers to obtain directory listings via a direct request for the (1) Admin/, (2) Admin/Defaults/, (3) Admin/GettingStarted/, (4) Admin/Po…
|
CWE-200
Information Exposure
|
CVE-2011-2156
|
2024-11-21 10:27 |
2011-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298892
|
- |
|
smartertools
|
smarterstats
|
Login.aspx in the SmarterTools SmarterStats 6.0 web server generates a ctl00$MPH$txtPassword password form field without disabling the autocomplete feature, which makes it easier for remote attackers…
|
CWE-287
Improper Authentication
|
CVE-2011-2155
|
2024-11-21 10:27 |
2011-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298893
|
- |
|
smartertools
|
smarterstats
|
login.aspx in the SmarterTools SmarterStats 6.0 web server does not include the HTTPOnly flag in a Set-Cookie header for the loginsettings cookie, which makes it easier for remote attackers to obtain…
|
CWE-200
Information Exposure
|
CVE-2011-2154
|
2024-11-21 10:27 |
2011-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298894
|
- |
|
smartertools
|
smarterstats
|
Login.aspx in the SmarterTools SmarterStats 6.0 web server supports URLs containing txtUser and txtPass parameters in the query string, which makes it easier for context-dependent attackers to discov…
|
CWE-200
Information Exposure
|
CVE-2011-2153
|
2024-11-21 10:27 |
2011-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298895
|
- |
|
smartertools
|
smarterstats
|
The SmarterTools SmarterStats 6.0 web server generates web pages containing external links in response to GET requests with query strings for (1) Client/frmViewReports.aspx or (2) UserControls/Popups…
|
CWE-200
Information Exposure
|
CVE-2011-2152
|
2024-11-21 10:27 |
2011-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298896
|
- |
|
smartertools
|
smarterstats
|
The (1) Admin/frmEmailReportSettings.aspx, (2) Admin/frmGeneralSettings.aspx, (3) Admin/frmSite.aspx, (4) Client/frmUser.aspx, and (5) Login.aspx components in the SmarterTools SmarterStats 6.0 web s…
|
CWE-310
Cryptographic Issues
|
CVE-2011-2151
|
2024-11-21 10:27 |
2011-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298897
|
- |
|
smartertools
|
smarterstats
|
The SmarterTools SmarterStats 6.0 web server does not properly validate string data that is intended for storage in an XML document, which allows remote attackers to cause a denial of service (parsin…
|
CWE-20
Improper Input Validation
|
CVE-2011-2150
|
2024-11-21 10:27 |
2011-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298898
|
- |
|
smartertools
|
smarterstats
|
Multiple SQL injection vulnerabilities in the SmarterTools SmarterStats 6.0 web server allow remote attackers to execute arbitrary SQL commands via certain parameters to (1) Admin/frmSite.aspx, (2) D…
|
CWE-89
SQL Injection
|
CVE-2011-2149
|
2024-11-21 10:27 |
2011-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298899
|
- |
|
openswan
|
openswan
|
Openswan 2.2.x does not properly restrict permissions for (1) /var/run/starter.pid, related to starter.c in the IPsec starter, and (2) /var/lock/subsys/ipsec, which allows local users to kill arbitra…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-2147
|
2024-11-21 10:27 |
2011-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298900
|
- |
|
tibco
|
iprocess_engine
iprocess_workspace
|
Session fixation vulnerability in TIBCO iProcess Engine before 11.1.3 and iProcess Workspace before 11.3.1 allows remote attackers to hijack web sessions via unspecified vectors.
|
NVD-CWE-Other
|
CVE-2011-2021
|
2024-11-21 10:27 |
2011-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
