CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2011-2149
https://notcve.org/view.php?id=CVE-2011-2149
20 May 2011 — Multiple SQL injection vulnerabilities in the SmarterTools SmarterStats 6.0 web server allow remote attackers to execute arbitrary SQL commands via certain parameters to (1) Admin/frmSite.aspx, (2) Default.aspx, (3) Services/SiteAdmin.asmx, or (4) Client/frmViewReports.aspx; certain cookies to (5) Services/SiteAdmin.asmx or (6) login.aspx; the Referer HTTP header to (7) Services/SiteAdmin.asmx or (8) login.aspx; or (9) the User-Agent HTTP header to Services/SiteAdmin.asmx. Múltiples vulnerabilidades de inye... • http://www.kb.cert.org/vuls/id/240150 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2011-2150
https://notcve.org/view.php?id=CVE-2011-2150
20 May 2011 — The SmarterTools SmarterStats 6.0 web server does not properly validate string data that is intended for storage in an XML document, which allows remote attackers to cause a denial of service (parsing error and daemon pause) via vectors involving (1) certain cookies in a SiteInfoLookup action to Admin/frmSites.aspx, or certain (2) cookies or (3) parameters to (a) Client/frmViewOverviewReport.aspx, (b) Client/frmViewReports.aspx, or (c) Services/SiteAdmin.asmx, as demonstrated by a ]]>> string, related to an... • http://www.kb.cert.org/vuls/id/240150 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2011-2151
https://notcve.org/view.php?id=CVE-2011-2151
20 May 2011 — The (1) Admin/frmEmailReportSettings.aspx, (2) Admin/frmGeneralSettings.aspx, (3) Admin/frmSite.aspx, (4) Client/frmUser.aspx, and (5) Login.aspx components in the SmarterTools SmarterStats 6.0 web server accept cleartext passwords, which makes it easier for remote attackers to obtain sensitive information by sniffing the network. Los componentes (1) Admin/frmEmailReportSettings.aspx, (2) Admin/frmGeneralSettings.aspx, (3) Admin/frmSite.aspx, (4) Client/frmUser.aspx, y (5) Login.aspx en el servidor web Smar... • http://www.kb.cert.org/vuls/id/240150 • CWE-310: Cryptographic Issues •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2011-2152
https://notcve.org/view.php?id=CVE-2011-2152
20 May 2011 — The SmarterTools SmarterStats 6.0 web server generates web pages containing external links in response to GET requests with query strings for (1) Client/frmViewReports.aspx or (2) UserControls/Popups/frmHelp.aspx, which makes it easier for remote attackers to obtain sensitive information by reading (a) web-server access logs or (b) web-server Referer logs, related to a "cross-domain Referer leakage" issue. El servidor web SmarterTools SmarterStats v6.0 genera páginas web que contienen enlaces externos en re... • http://www.kb.cert.org/vuls/id/240150 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2011-2153
https://notcve.org/view.php?id=CVE-2011-2153
20 May 2011 — Login.aspx in the SmarterTools SmarterStats 6.0 web server supports URLs containing txtUser and txtPass parameters in the query string, which makes it easier for context-dependent attackers to discover credentials by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history, related to a "cross-domain Referer leakage" issue. Login.aspx en el servidor web SmarterTools SmarterStats v6.0 admite URL que contienen parámetros txtUser y txtPass en la cadena de consulta, lo que hac... • http://www.kb.cert.org/vuls/id/240150 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2011-2154
https://notcve.org/view.php?id=CVE-2011-2154
20 May 2011 — login.aspx in the SmarterTools SmarterStats 6.0 web server does not include the HTTPOnly flag in a Set-Cookie header for the loginsettings cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. login.aspx en el servidor we SmarterTools SmarterStats v6.0 no incluye la bandera HTTPOnly en un encabezado Set-Cookie para la cookie loginsettings, lo que hace que sea más fácil para los atacantes remotos obtener información sensible a través ... • http://www.kb.cert.org/vuls/id/240150 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2011-2155
https://notcve.org/view.php?id=CVE-2011-2155
20 May 2011 — Login.aspx in the SmarterTools SmarterStats 6.0 web server generates a ctl00$MPH$txtPassword password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation. Login.aspx en el servidor we SmarterTools SmarterStats v6.0 genera un campo de contraseñactl00$MPH$txtPassword sin desactivar la función de autocompletar, lo que hace que sea más fácil para los atacantes remotos evitar la autenticación mediante e... • http://www.kb.cert.org/vuls/id/240150 • CWE-287: Improper Authentication •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2011-2156
https://notcve.org/view.php?id=CVE-2011-2156
20 May 2011 — The SmarterTools SmarterStats 6.0 web server allows remote attackers to obtain directory listings via a direct request for the (1) Admin/, (2) Admin/Defaults/, (3) Admin/GettingStarted/, (4) Admin/Popups/, (5) App_Themes/, (6) Client/, (7) Client/Popups/, (8) Services/, (9) Temp/, (10) UserControls/, (11) UserControls/PanelBarTemplates/, (12) UserControls/Popups/, (13) aspnet_client/, or (14) aspnet_client/system_web/ directory name, or (15) certain directory names under App_Themes/Default/. El servidor web... • http://www.kb.cert.org/vuls/id/240150 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2011-2157
https://notcve.org/view.php?id=CVE-2011-2157
20 May 2011 — The (1) Admin/frmEmailReportSettings.aspx and (2) Admin/frmGeneralSettings.aspx components in the SmarterTools SmarterStats 6.0 web server generate web pages containing e-mail addresses, which allows remote attackers to obtain potentially sensitive information by reading the default values of form fields. Los componentes (1) Admin/frmEmailReportSettings.aspx y (2) Admin/frmGeneralSettings.aspx en el servidor web SmarterTools SmarterStats v6.0, genera páginas web que contienen direcciones de correo electróni... • http://www.kb.cert.org/vuls/id/240150 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2011-2148
https://notcve.org/view.php?id=CVE-2011-2148
20 May 2011 — Admin/frmSite.aspx in the SmarterTools SmarterStats 6.0 web server allows remote attackers to execute arbitrary commands via vectors involving a leading and trailing & (ampersand) character, and (1) an STTTState cookie, (2) the ctl00%24MPH%24txtAdminNewPassword_SettingText parameter, (3) the ctl00%24MPH%24txtSmarterLogDirectory parameter, (4) the ctl00%24MPH%24ucSiteSeoSearchEngineSettings%24chklistEngines_SettingCheckBox%2414 parameter, (5) the ctl00%24MPH%24ucSiteSeoSettings%24txtSeoMaxKeywords_SettingTex... • http://www.kb.cert.org/vuls/id/240150 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •