CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2011-4751
https://notcve.org/view.php?id=CVE-2011-4751
16 Dec 2011 — SmarterTools SmarterStats 6.2.4100 generates web pages containing external links in response to GET requests with query strings for frmGettingStarted.aspx, which makes it easier for remote attackers to obtain sensitive information by reading (1) web-server access logs or (2) web-server Referer logs, related to a "cross-domain Referer leakage" issue. SmarterTools SmarterStats 6.2.4100 genera páginas web que contienen enlaces externos en respuesta a peticiones GET con cadenas de texto de búsqueda para frmGett... • http://xss.cx/examples/exploits/stored-reflected-xss-cwe79-smarterstats624100.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2011-4752
https://notcve.org/view.php?id=CVE-2011-4752
16 Dec 2011 — SmarterTools SmarterStats 6.2.4100 sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving frmCustomReport.aspx and certain other files. NOTE: it is possible that only clients, not the SmarterStats product, could be affected by this issue. SmarterTools SmarterStats 6.2.4100 envía cabeceras Content-Type incorrectas para determinados recursos, lo que puede permitir a atacantes remotos tener ... • http://xss.cx/examples/exploits/stored-reflected-xss-cwe79-smarterstats624100.html •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2011-2149
https://notcve.org/view.php?id=CVE-2011-2149
20 May 2011 — Multiple SQL injection vulnerabilities in the SmarterTools SmarterStats 6.0 web server allow remote attackers to execute arbitrary SQL commands via certain parameters to (1) Admin/frmSite.aspx, (2) Default.aspx, (3) Services/SiteAdmin.asmx, or (4) Client/frmViewReports.aspx; certain cookies to (5) Services/SiteAdmin.asmx or (6) login.aspx; the Referer HTTP header to (7) Services/SiteAdmin.asmx or (8) login.aspx; or (9) the User-Agent HTTP header to Services/SiteAdmin.asmx. Múltiples vulnerabilidades de inye... • http://www.kb.cert.org/vuls/id/240150 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2011-2150
https://notcve.org/view.php?id=CVE-2011-2150
20 May 2011 — The SmarterTools SmarterStats 6.0 web server does not properly validate string data that is intended for storage in an XML document, which allows remote attackers to cause a denial of service (parsing error and daemon pause) via vectors involving (1) certain cookies in a SiteInfoLookup action to Admin/frmSites.aspx, or certain (2) cookies or (3) parameters to (a) Client/frmViewOverviewReport.aspx, (b) Client/frmViewReports.aspx, or (c) Services/SiteAdmin.asmx, as demonstrated by a ]]>> string, related to an... • http://www.kb.cert.org/vuls/id/240150 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2011-2151
https://notcve.org/view.php?id=CVE-2011-2151
20 May 2011 — The (1) Admin/frmEmailReportSettings.aspx, (2) Admin/frmGeneralSettings.aspx, (3) Admin/frmSite.aspx, (4) Client/frmUser.aspx, and (5) Login.aspx components in the SmarterTools SmarterStats 6.0 web server accept cleartext passwords, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. Los componentes (1) Admin/frmEmailReportSettings.aspx, (2) Admin/frmGeneralSettings.aspx, (3) Admin/frmSite.aspx, (4) Client/frmUser.aspx, y (5) Login.aspx en el servidor web Smar... • http://www.kb.cert.org/vuls/id/240150 • CWE-310: Cryptographic Issues •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2011-2152
https://notcve.org/view.php?id=CVE-2011-2152
20 May 2011 — The SmarterTools SmarterStats 6.0 web server generates web pages containing external links in response to GET requests with query strings for (1) Client/frmViewReports.aspx or (2) UserControls/Popups/frmHelp.aspx, which makes it easier for remote attackers to obtain sensitive information by reading (a) web-server access logs or (b) web-server Referer logs, related to a "cross-domain Referer leakage" issue. El servidor web SmarterTools SmarterStats v6.0 genera páginas web que contienen enlaces externos en re... • http://www.kb.cert.org/vuls/id/240150 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2011-2153
https://notcve.org/view.php?id=CVE-2011-2153
20 May 2011 — Login.aspx in the SmarterTools SmarterStats 6.0 web server supports URLs containing txtUser and txtPass parameters in the query string, which makes it easier for context-dependent attackers to discover credentials by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history, related to a "cross-domain Referer leakage" issue. Login.aspx en el servidor web SmarterTools SmarterStats v6.0 admite URL que contienen parámetros txtUser y txtPass en la cadena de consulta, lo que hac... • http://www.kb.cert.org/vuls/id/240150 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2011-2154
https://notcve.org/view.php?id=CVE-2011-2154
20 May 2011 — login.aspx in the SmarterTools SmarterStats 6.0 web server does not include the HTTPOnly flag in a Set-Cookie header for the loginsettings cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. login.aspx en el servidor we SmarterTools SmarterStats v6.0 no incluye la bandera HTTPOnly en un encabezado Set-Cookie para la cookie loginsettings, lo que hace que sea más fácil para los atacantes remotos obtener información sensible a través ... • http://www.kb.cert.org/vuls/id/240150 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2011-2155
https://notcve.org/view.php?id=CVE-2011-2155
20 May 2011 — Login.aspx in the SmarterTools SmarterStats 6.0 web server generates a ctl00$MPH$txtPassword password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation. Login.aspx en el servidor we SmarterTools SmarterStats v6.0 genera un campo de contraseñactl00$MPH$txtPassword sin desactivar la función de autocompletar, lo que hace que sea más fácil para los atacantes remotos evitar la autenticación mediante e... • http://www.kb.cert.org/vuls/id/240150 • CWE-287: Improper Authentication •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2011-2156
https://notcve.org/view.php?id=CVE-2011-2156
20 May 2011 — The SmarterTools SmarterStats 6.0 web server allows remote attackers to obtain directory listings via a direct request for the (1) Admin/, (2) Admin/Defaults/, (3) Admin/GettingStarted/, (4) Admin/Popups/, (5) App_Themes/, (6) Client/, (7) Client/Popups/, (8) Services/, (9) Temp/, (10) UserControls/, (11) UserControls/PanelBarTemplates/, (12) UserControls/Popups/, (13) aspnet_client/, or (14) aspnet_client/system_web/ directory name, or (15) certain directory names under App_Themes/Default/. El servidor web... • http://www.kb.cert.org/vuls/id/240150 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •