Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
matomo matomo 0.2.31 vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2009-1085
Piwik 0.2.32 and previous versions stores sensitive information under the web root with insufficient access control, which allows remote malicious users to obtain the API key and other sensitive information via a direct request for misc/cron/archive.sh.
Matomo Matomo 0.2.30
Matomo Matomo 0.2.29
Matomo Matomo 0.2.28
Matomo Matomo 0.2.27
Matomo Matomo 0.2.25
Matomo Matomo
Matomo Matomo 0.2.26
Matomo Matomo 0.2.31
668
VMScore
CVE-2009-4137
The loadContentFromCookie function in core/Cookie.php in Piwik prior to 0.5 does not validate strings obtained from cookies before calling the unserialize function, which allows remote malicious users to execute arbitrary code or upload arbitrary files via vectors related to the ...
Matomo Matomo 0.2.29
Matomo Matomo 0.2.30
Matomo Matomo 0.2.31
Matomo Matomo 0.2.28
Matomo Matomo 0.2.26
Matomo Matomo 0.2.25
Matomo Matomo 0.2.32
Matomo Matomo 0.2.27
435
VMScore
CVE-2010-1453
Cross-site scripting (XSS) vulnerability in the Login form in Piwik 0.1.6 up to and including 0.5.5 allows remote malicious users to inject arbitrary web script or HTML via the form_url parameter.
Matomo Matomo 0.1.7
Matomo Matomo 0.1.8
Matomo Matomo 0.1.9
Matomo Matomo 0.1.10
Matomo Matomo 0.2.13
Matomo Matomo 0.2.14
Matomo Matomo 0.2.16
Matomo Matomo 0.2.17
Matomo Matomo 0.2.32
Matomo Matomo 0.2.33
Matomo Matomo 0.2.34
Matomo Matomo 0.5.1
Matomo Matomo 0.5.2
Matomo Matomo 0.5.3
Matomo Matomo 0.5.4
Matomo Matomo 0.1.6
Matomo Matomo 0.2.1
Matomo Matomo 0.2.3
Matomo Matomo 0.2.10
Matomo Matomo 0.2.12
Matomo Matomo 0.2.18
Matomo Matomo 0.2.20
1 EDB exploit
570
VMScore
CVE-2011-0398
The Piwik_Common::getIP function in Piwik prior to 1.1 does not properly determine the client IP address, which allows remote malicious users to bypass intended geolocation and logging functionality via (1) use of a private (aka RFC 1918) address behind a proxy server or (2) spoo...
Matomo Matomo 0.5.4
Matomo Matomo 0.2.28
Matomo Matomo 0.9
Matomo Matomo 0.2.19
Matomo Matomo 0.2.3
Matomo Matomo 0.2.10
Matomo Matomo 0.4.1
Matomo Matomo 0.5.2
Matomo Matomo 0.1.2
Matomo Matomo 0.1
Matomo Matomo 0.2.34
Matomo Matomo 0.2.1
Matomo Matomo 0.2.2
Matomo Matomo 0.6.2
Matomo Matomo 0.6.3
Matomo Matomo 0.2.29
Matomo Matomo 0.9.9
Matomo Matomo 0.2.26
Matomo Matomo 0.2.11
Matomo Matomo 0.2.12
Matomo Matomo 0.2.4
Matomo Matomo 0.2.5
383
VMScore
CVE-2011-0399
Piwik prior to 1.1 does not prevent the rendering of the login form inside a frame in a third-party HTML document, which makes it easier for remote malicious users to conduct clickjacking attacks via a crafted web site.
Matomo Matomo 0.5.5
Matomo Matomo 0.5.4
Matomo Matomo 0.9
Matomo Matomo 0.2.18
Matomo Matomo 0.2.19
Matomo Matomo 0.2.10
Matomo Matomo 0.4.1
Matomo Matomo 0.5.2
Matomo Matomo 0.1.2
Matomo Matomo 0.2.23
Matomo Matomo 0.1
Matomo Matomo 0.2.34
Matomo Matomo 0.2.1
Matomo Matomo 0.2.2
Matomo Matomo 0.6.2
Matomo Matomo 0.6.3
Matomo Matomo 0.1.1
Matomo Matomo 0.2.31
Matomo Matomo 0.2.28
Matomo Matomo 0.9.9
Matomo Matomo 0.2.26
Matomo Matomo 0.2.11
445
VMScore
CVE-2011-0400
Cookie.php in Piwik prior to 1.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote malicious users to capture this cookie by intercepting its transmission within an http session.
Matomo Matomo 0.5.4
Matomo Matomo 0.2.28
Matomo Matomo 0.9
Matomo Matomo 0.2.11
Matomo Matomo 0.2.19
Matomo Matomo 0.2.3
Matomo Matomo 0.2.10
Matomo Matomo 0.4.1
Matomo Matomo 0.1.2
Matomo Matomo 0.2.22
Matomo Matomo 0.1
Matomo Matomo 0.2.34
Matomo Matomo 0.2.1
Matomo Matomo 0.2.2
Matomo Matomo 0.6.3
Matomo Matomo 0.2.29
Matomo Matomo 0.9.9
Matomo Matomo 0.2.26
Matomo Matomo 0.2.12
Matomo Matomo 0.2.13
Matomo Matomo 0.2.4
Matomo Matomo 0.2.5
445
VMScore
CVE-2011-0401
Piwik prior to 1.1 does not properly limit the number of files stored under tmp/sessions/, which might allow remote malicious users to cause a denial of service (inode consumption) by establishing many sessions.
Matomo Matomo 0.5.4
Matomo Matomo 0.2.29
Matomo Matomo 0.9.9
Matomo Matomo 0.2.26
Matomo Matomo 0.2.12
Matomo Matomo 0.2.13
Matomo Matomo 0.2.4
Matomo Matomo 0.2.5
Matomo Matomo 0.4
Matomo Matomo 0.4.5
Matomo Matomo 0.4.4
Matomo Matomo 0.1.3
Matomo Matomo 0.2.20
Matomo Matomo 0.2.33
Matomo Matomo 0.6.4
Matomo Matomo 0.1.10
Matomo Matomo 0.1.7
Matomo Matomo 0.6.1
Matomo Matomo 0.6
Matomo Matomo 0.1.1
Matomo Matomo 0.5.5
Matomo Matomo 0.2.31
383
VMScore
CVE-2011-0004
Multiple cross-site scripting (XSS) vulnerabilities in Piwik prior to 1.1 allow remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Matomo Matomo 0.2.29
Matomo Matomo 0.2.26
Matomo Matomo 0.2.25
Matomo Matomo 0.2.12
Matomo Matomo 0.2.13
Matomo Matomo 0.2.4
Matomo Matomo 0.2.5
Matomo Matomo 0.4.5
Matomo Matomo 0.4.4
Matomo Matomo 0.1.3
Matomo Matomo 0.2.20
Matomo Matomo 0.2.33
Matomo Matomo 0.6.4
Matomo Matomo 0.1.10
Matomo Matomo 0.1.7
Matomo Matomo 0.6.1
Matomo Matomo 0.6
Matomo Matomo 0.1.1
Matomo Matomo 0.5.5
Matomo Matomo 0.2.31
Matomo Matomo 0.2.32
Matomo Matomo 0.2.17
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started