RSS   Podatności dla 'Piwik'   RSS

2015-11-16
 
CVE-2015-7816

CWE-Other
 

 
The DisplayTopKeywords function in plugins/Referrers/Controller.php in Piwik before 2.15.0 allows remote attackers to conduct PHP object injection attacks, conduct Server-Side Request Forgery (SSRF) attacks, and execute arbitrary PHP code via a crafted HTTP header.

 
 
CVE-2015-7815

CWE-22
 

 
Directory traversal vulnerability in core/ViewDataTable/Factory.php in Piwik before 2.15.0 allows remote attackers to include and execute arbitrary local files via the viewDataTable parameter.

 
2013-03-21
 
CVE-2013-2633

 

 
Piwik before 1.11 accepts input from a POST request instead of a GET request in unspecified circumstances, which might allow attackers to obtain sensitive information by leveraging the logging of parameters.

 
 
CVE-2013-1844

 

 
Cross-site scripting (XSS) vulnerability in Piwik before 1.11 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

 
2012-11-19
 
CVE-2012-4541

CWE-79
 

 
Cross-site scripting (XSS) vulnerability in Piwik before 1.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

 
2012-09-18
 
CVE-2011-4941

 

 
Unspecified vulnerability in Piwik 1.2 through 1.4 allows remote attackers with the view permission to execute arbitrary code via unknown attack vectors.

 
2011-09-23
 
CVE-2011-3791

CWE-200
 

 
Piwik 1.1 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by plugins/Widgetize/Widgetize.php and certain other files.

 
2011-01-10
 
CVE-2011-0401

CWE-264
 

 
Piwik before 1.1 does not properly limit the number of files stored under tmp/sessions/, which might allow remote attackers to cause a denial of service (inode consumption) by establishing many sessions.

 
 
CVE-2011-0400

CWE-16
 

 
Cookie.php in Piwik before 1.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.

 
 
CVE-2011-0399

CWE-Other
 

 
Piwik before 1.1 does not prevent the rendering of the login form inside a frame in a third-party HTML document, which makes it easier for remote attackers to conduct clickjacking attacks via a crafted web site.

 


Copyright 2024, cxsecurity.com

 

Back to Top