Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
matomo matomo 0.6 vulnerabilities and exploits
(subscribe to this query)
605
VMScore
CVE-2010-2786
Directory traversal vulnerability in Piwik 0.6 up to and including 0.6.3 allows remote malicious users to include arbitrary local files and possibly have unspecified other impact via directory traversal sequences in a crafted data-renderer request.
Matomo Matomo 0.6
Matomo Matomo 0.6.2
Matomo Matomo 0.6.1
Matomo Matomo 0.6.3
383
VMScore
CVE-2011-0399
Piwik prior to 1.1 does not prevent the rendering of the login form inside a frame in a third-party HTML document, which makes it easier for remote malicious users to conduct clickjacking attacks via a crafted web site.
Matomo Matomo 0.5.5
Matomo Matomo 0.5.4
Matomo Matomo 0.9
Matomo Matomo 0.2.18
Matomo Matomo 0.2.19
Matomo Matomo 0.2.10
Matomo Matomo 0.4.1
Matomo Matomo 0.5.2
Matomo Matomo 0.1.2
Matomo Matomo 0.2.23
Matomo Matomo 0.1
Matomo Matomo 0.2.34
Matomo Matomo 0.2.1
Matomo Matomo 0.2.2
Matomo Matomo 0.6.2
Matomo Matomo 0.6.3
Matomo Matomo 0.1.1
Matomo Matomo 0.2.31
Matomo Matomo 0.2.28
Matomo Matomo 0.9.9
Matomo Matomo 0.2.26
Matomo Matomo 0.2.11
383
VMScore
CVE-2011-0004
Multiple cross-site scripting (XSS) vulnerabilities in Piwik prior to 1.1 allow remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Matomo Matomo 0.2.29
Matomo Matomo 0.2.26
Matomo Matomo 0.2.25
Matomo Matomo 0.2.12
Matomo Matomo 0.2.13
Matomo Matomo 0.2.4
Matomo Matomo 0.2.5
Matomo Matomo 0.4.5
Matomo Matomo 0.4.4
Matomo Matomo 0.1.3
Matomo Matomo 0.2.20
Matomo Matomo 0.2.33
Matomo Matomo 0.6.4
Matomo Matomo 0.1.10
Matomo Matomo 0.1.7
Matomo Matomo 0.6.1
Matomo Matomo 0.6
Matomo Matomo 0.1.1
Matomo Matomo 0.5.5
Matomo Matomo 0.2.31
Matomo Matomo 0.2.32
Matomo Matomo 0.2.17
570
VMScore
CVE-2011-0398
The Piwik_Common::getIP function in Piwik prior to 1.1 does not properly determine the client IP address, which allows remote malicious users to bypass intended geolocation and logging functionality via (1) use of a private (aka RFC 1918) address behind a proxy server or (2) spoo...
Matomo Matomo 0.5.4
Matomo Matomo 0.2.28
Matomo Matomo 0.9
Matomo Matomo 0.2.19
Matomo Matomo 0.2.3
Matomo Matomo 0.2.10
Matomo Matomo 0.4.1
Matomo Matomo 0.5.2
Matomo Matomo 0.1.2
Matomo Matomo 0.1
Matomo Matomo 0.2.34
Matomo Matomo 0.2.1
Matomo Matomo 0.2.2
Matomo Matomo 0.6.2
Matomo Matomo 0.6.3
Matomo Matomo 0.2.29
Matomo Matomo 0.9.9
Matomo Matomo 0.2.26
Matomo Matomo 0.2.11
Matomo Matomo 0.2.12
Matomo Matomo 0.2.4
Matomo Matomo 0.2.5
445
VMScore
CVE-2011-0400
Cookie.php in Piwik prior to 1.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote malicious users to capture this cookie by intercepting its transmission within an http session.
Matomo Matomo 0.5.4
Matomo Matomo 0.2.28
Matomo Matomo 0.9
Matomo Matomo 0.2.11
Matomo Matomo 0.2.19
Matomo Matomo 0.2.3
Matomo Matomo 0.2.10
Matomo Matomo 0.4.1
Matomo Matomo 0.1.2
Matomo Matomo 0.2.22
Matomo Matomo 0.1
Matomo Matomo 0.2.34
Matomo Matomo 0.2.1
Matomo Matomo 0.2.2
Matomo Matomo 0.6.3
Matomo Matomo 0.2.29
Matomo Matomo 0.9.9
Matomo Matomo 0.2.26
Matomo Matomo 0.2.12
Matomo Matomo 0.2.13
Matomo Matomo 0.2.4
Matomo Matomo 0.2.5
445
VMScore
CVE-2011-0401
Piwik prior to 1.1 does not properly limit the number of files stored under tmp/sessions/, which might allow remote malicious users to cause a denial of service (inode consumption) by establishing many sessions.
Matomo Matomo 0.5.4
Matomo Matomo 0.2.29
Matomo Matomo 0.9.9
Matomo Matomo 0.2.26
Matomo Matomo 0.2.12
Matomo Matomo 0.2.13
Matomo Matomo 0.2.4
Matomo Matomo 0.2.5
Matomo Matomo 0.4
Matomo Matomo 0.4.5
Matomo Matomo 0.4.4
Matomo Matomo 0.1.3
Matomo Matomo 0.2.20
Matomo Matomo 0.2.33
Matomo Matomo 0.6.4
Matomo Matomo 0.1.10
Matomo Matomo 0.1.7
Matomo Matomo 0.6.1
Matomo Matomo 0.6
Matomo Matomo 0.1.1
Matomo Matomo 0.5.5
Matomo Matomo 0.2.31
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
HTML injection
CVE-2024-35894
SQL
CVE-2024-5105
CVE-2014-100005
CVE-2024-35895
unauthorized
CVE-2024-22120
CVE-2024-35890
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started