Searching statistics software vulnerabilities

QNX Embedded Resource Manager in Voyager web se

Resource | Embedded | Voyager | Manager | server | disks | demo | 201B | web | QNX |

QNX Embedded Resource Manager in Voyager web server 2.01B in the demo disks for QNX 405 allows remote attackers to read sensitive system statistics information via the embedded.html web page.


Sendmail 8.9.0 through 8.12.3 allows local user

Sendmail |

Sendmail 8.9.0 through 8.12.3 allows local users to cause a denial of service by obtaining an exclusive lock on the (1) alias, (2) map, (3) statistics, and (4) pid files.


TeeKai Forum 1.2 uses weak encryption of web us

data/member_logtxt | insufficient | encryption | statistics | attackers | dividing | document | visiting | identify | control | TeeKai | access | remote | allows | stored | Forum | octet | usage | under | which | each | uses | hash | '20' | IP's | root | site | weak | web | MD5 |

TeeKai Forum 1.2 uses weak encryption of web usage statistics in data/member_log.txt, which is stored under the web document root with insufficient access control, which allows remote attackers to identify IP's visiting the site by dividing each octet by the MD5 hash of '20'.


TeeKai Tracking Online 1.0 uses weak encryption

data/userlog/logtxt | encryption | statistics | attackers | dividing | Tracking | identify | visiting | remote | allows | Online | TeeKai | usage | which | octet | '20' | hash | each | uses | weak | site | IP's | web | MD5 |

TeeKai Tracking Online 1.0 uses weak encryption of web usage statistics in data/userlog/log.txt, which allows remote attackers to identify IP's visiting the site by dividing each octet by the MD5 hash of '20'.


Cross-site scripting (XSS) vulnerability in the

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in the Statistics module for PHP-Nuke 6.0 and earlier allows remote attackers to insert arbitrary web script via the year parameter.


Multiple cross-site scripting (XSS) vulnerabili

cross-site | scripting | Multiple |

Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 6.x through 7.3 allow remote attackers inject arbitrary HTML or web script into the (1) optionbox parameter in the News module, (2) date parameter in the Statistics module, (3) year, month, and month_1 parameters in the Stories_Archive module, (4) mode, order, and thold parameters in the Surveys module, or (5) a SQL statement to index.php, as processed by mainfile.php.


Format string vulnerability in the log_do funct

vulnerability | function | mtftpd | YepYep | string | Format | log_do | logc |

Format string vulnerability in the log_do function in log.c for YepYep mtftpd 0.0.3, when the statistics option is enabled, allows remote attackers to execute arbitrary code via the CWD command.


Multiple cross-site scripting (XSS) vulnerabili

cross-site | scripting | Multiple |

Multiple cross-site scripting (XSS) vulnerabilities in PHPKIT 1.6.1 R2 and earlier allow remote attackers to inject arbitrary web script or HTML via multiple vectors in (1) login/profile.php, (2) login/userinfo.php, (3) admin/admin.php, (4) imcenter.php, and the (5) referer statistics, the (6) HTML title element and (7) logo alt attributes in forum postings, and the (8) Homepage field in the Guestbook.


PHP Web Statistik 1.4 stores the stat.cfg file

insufficient | information | statistics | directory | sensitive | attackers | Statistik | including | location | logdbdta | possibly | statcfg | control | obtain | access | stores | remote | allows | under | which | file | such | root | PHP | Web | log |

PHP Web Statistik 1.4 stores the stat.cfg file under the web root with insufficient access control, which allows remote attackers to obtain sensitive information such as statistics and the log directory location, possibly including the logdb.dta file.


Multiple unspecified vulnerabilities in Etherea

vulnerabilities | unspecified | Ethereal | Multiple | 010x |

Multiple unspecified vulnerabilities in Ethereal 0.10.x up to 0.10.14 allow remote attackers to cause a denial of service (crash from null dereference) via (1) multiple vectors in H.248, and the (2) X.509if, (3) SRVLOC, (4) H.245, (5) AIM, and (6) general packet dissectors; and (7) the statistics counter.


The web interface for AWStats 6.4 and 6.5, when

metacharacters | statistics | attackers | parameter | arbitrary | interface | execute | AWStats | migrate | enabled | updates | allows | remote | shell | code | web | via |

The web interface for AWStats 6.4 and 6.5, when statistics updates are enabled, allows remote attackers to execute arbitrary code via shell metacharacters in the migrate parameter.


SQL injection vulnerability in the add_hit func

include/functionincphp | vulnerability | Coppermine | injection | function | Gallery | add_hit | Photo | SQL |

SQL injection vulnerability in the add_hit function in include/function.inc.php in Coppermine Photo Gallery (CPG) 1.4.8, when "Keep detailed hit statistics" is enabled, allows remote attackers to execute arbitrary SQL commands via the (1) referer and (2) user-agent HTTP headers.


Multiple cross-site scripting (XSS) vulnerabili

cross-site | scripting | Multiple |

Multiple cross-site scripting (XSS) vulnerabilities in Jetbox CMS 2.1 SR1 allow remote attackers to inject arbitrary web script or HTML via the (1) login parameter in admin/cms/index.php, (2) unspecified parameters in the "Supply news" page in formmail.php, (3) the URL in the "Site statistics" page, and the (5) query_string parameter when performing a search.


Multiple unspecified vulnerabilities in Oracle

vulnerabilities | unspecified | Database | Multiple | Oracle |

Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB21 for Statistics and (2) DB22 for Upgrade & Downgrade. NOTE: as of Wednesday, July 19, 2006, Oracle has not disputed a claim by a reliable researcher that DB21 is for a local SQL injection vulnerability in SYS.DBMS_STATS, and that DB22 is for SQL injection in SYS.DBMS_UPGRADE.


SQL injection vulnerability in x-statistics.php

x-statisticsphp | vulnerability | X-Statistics | X-Scripts | injection | SQL |

SQL injection vulnerability in x-statistics.php in X-Scripts X-Statistics 1.20 allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header.


Cross-site scripting (XSS) vulnerability in Joo

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in Joomla BSQ Sitestats 1.8.0 and 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header, which is not properly handled when the administrator views site statistics.


Cross-site scripting (XSS) vulnerability in cgi

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in cgi-bin/admin/logs.cgi in web-app.net WebAPP before Monday, April 03, 2006 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the Statistics Log Viewer.


Multiple cross-site scripting (XSS) vulnerabili

cross-site | scripting | Multiple |

Multiple cross-site scripting (XSS) vulnerabilities in phpTrafficA before 1.2beta2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to keywords results in the (1) main, (2) daily, (3) weekly, (4) monthly, (5) new trends, (6) individual page, and (7) search engine statistics.


Multiple cross-site scripting (XSS) vulnerabili

cross-site | scripting | Multiple |

Multiple cross-site scripting (XSS) vulnerabilities in WebAPP before 0.9.9.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) Gallery Comments pages, (2) Feedback pages, (3) Search Results pages, and (4) the Statistics Log viewer.


The process scheduler in the Sun Solaris kernel

statistics | scheduling | scheduler | gathered | sampling | performs | periodic | process | service | Solaris | billing | denial | kernel | allows | cause | users | local | which | ticks | based | does | make | kept | upon | Sun | not | CPU | use |

The process scheduler in the Sun Solaris kernel does not make use of the process statistics kept by the kernel and performs scheduling based upon CPU billing gathered from periodic process sampling ticks, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the CPU Without Superuser Privileges."


Software vulnerabilities results 1 to 20 of 24     
Page: 12