Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
matomo matomo 0.2.31 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2009-1085
Piwik 0.2.32 and previous versions stores sensitive information under the web root with insufficient access control, which allows remote malicious users to obtain the API key and other sensitive information via a direct request for misc/cron/archive.sh.
Matomo Matomo 0.2.25
Matomo Matomo 0.2.26
Matomo Matomo 0.2.27
Matomo Matomo 0.2.28
Matomo Matomo 0.2.29
Matomo Matomo 0.2.30
Matomo Matomo 0.2.31
Matomo Matomo
NA
CVE-2009-4137
The loadContentFromCookie function in core/Cookie.php in Piwik prior to 0.5 does not validate strings obtained from cookies before calling the unserialize function, which allows remote malicious users to execute arbitrary code or upload arbitrary files via vectors related to the ...
Matomo Matomo 0.2.25
Matomo Matomo 0.2.26
Matomo Matomo 0.2.27
Matomo Matomo 0.2.28
Matomo Matomo 0.2.29
Matomo Matomo 0.2.30
Matomo Matomo 0.2.31
Matomo Matomo 0.2.32
NA
CVE-2010-1453
Cross-site scripting (XSS) vulnerability in the Login form in Piwik 0.1.6 up to and including 0.5.5 allows remote malicious users to inject arbitrary web script or HTML via the form_url parameter.
Piwik Piwik 0.5.5
Matomo Matomo 0.1.6
Matomo Matomo 0.1.7
Matomo Matomo 0.1.8
Matomo Matomo 0.1.9
Matomo Matomo 0.1.10
Matomo Matomo 0.2.1
Matomo Matomo 0.2.2
Matomo Matomo 0.2.3
Matomo Matomo 0.2.4
Matomo Matomo 0.2.5
Matomo Matomo 0.2.6
Matomo Matomo 0.2.7
Matomo Matomo 0.2.8
Matomo Matomo 0.2.9
Matomo Matomo 0.2.10
Matomo Matomo 0.2.11
Matomo Matomo 0.2.12
Matomo Matomo 0.2.13
Matomo Matomo 0.2.14
Matomo Matomo 0.2.16
Matomo Matomo 0.2.17
1 EDB exploit
NA
CVE-2011-0004
Multiple cross-site scripting (XSS) vulnerabilities in Piwik prior to 1.1 allow remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Matomo Matomo 0.1
Matomo Matomo 0.1.1
Matomo Matomo 0.1.2
Matomo Matomo 0.1.3
Matomo Matomo 0.1.4
Matomo Matomo 0.1.5
Matomo Matomo 0.1.6
Matomo Matomo 0.1.7
Matomo Matomo 0.1.8
Matomo Matomo 0.1.9
Matomo Matomo 0.1.10
Matomo Matomo 0.2.1
Matomo Matomo 0.2.2
Matomo Matomo 0.2.3
Matomo Matomo 0.2.4
Matomo Matomo 0.2.5
Matomo Matomo 0.2.6
Matomo Matomo 0.2.7
Matomo Matomo 0.2.8
Matomo Matomo 0.2.9
Matomo Matomo 0.2.10
Matomo Matomo 0.2.11
NA
CVE-2011-0398
The Piwik_Common::getIP function in Piwik prior to 1.1 does not properly determine the client IP address, which allows remote malicious users to bypass intended geolocation and logging functionality via (1) use of a private (aka RFC 1918) address behind a proxy server or (2) spoo...
Matomo Matomo 0.1
Matomo Matomo 0.1.1
Matomo Matomo 0.1.2
Matomo Matomo 0.1.3
Matomo Matomo 0.1.4
Matomo Matomo 0.1.5
Matomo Matomo 0.1.6
Matomo Matomo 0.1.7
Matomo Matomo 0.1.8
Matomo Matomo 0.1.9
Matomo Matomo 0.1.10
Matomo Matomo 0.2.1
Matomo Matomo 0.2.2
Matomo Matomo 0.2.3
Matomo Matomo 0.2.4
Matomo Matomo 0.2.5
Matomo Matomo 0.2.6
Matomo Matomo 0.2.7
Matomo Matomo 0.2.8
Matomo Matomo 0.2.9
Matomo Matomo 0.2.10
Matomo Matomo 0.2.11
NA
CVE-2011-0399
Piwik prior to 1.1 does not prevent the rendering of the login form inside a frame in a third-party HTML document, which makes it easier for remote malicious users to conduct clickjacking attacks via a crafted web site.
Matomo Matomo 0.1
Matomo Matomo 0.1.1
Matomo Matomo 0.1.2
Matomo Matomo 0.1.3
Matomo Matomo 0.1.4
Matomo Matomo 0.1.5
Matomo Matomo 0.1.6
Matomo Matomo 0.1.7
Matomo Matomo 0.1.8
Matomo Matomo 0.1.9
Matomo Matomo 0.1.10
Matomo Matomo 0.2.1
Matomo Matomo 0.2.2
Matomo Matomo 0.2.3
Matomo Matomo 0.2.4
Matomo Matomo 0.2.5
Matomo Matomo 0.2.6
Matomo Matomo 0.2.7
Matomo Matomo 0.2.8
Matomo Matomo 0.2.9
Matomo Matomo 0.2.10
Matomo Matomo 0.2.11
NA
CVE-2011-0400
Cookie.php in Piwik prior to 1.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote malicious users to capture this cookie by intercepting its transmission within an http session.
Matomo Matomo 0.1
Matomo Matomo 0.1.1
Matomo Matomo 0.1.2
Matomo Matomo 0.1.3
Matomo Matomo 0.1.4
Matomo Matomo 0.1.5
Matomo Matomo 0.1.6
Matomo Matomo 0.1.7
Matomo Matomo 0.1.8
Matomo Matomo 0.1.9
Matomo Matomo 0.1.10
Matomo Matomo 0.2.1
Matomo Matomo 0.2.2
Matomo Matomo 0.2.3
Matomo Matomo 0.2.4
Matomo Matomo 0.2.5
Matomo Matomo 0.2.6
Matomo Matomo 0.2.7
Matomo Matomo 0.2.8
Matomo Matomo 0.2.9
Matomo Matomo 0.2.10
Matomo Matomo 0.2.11
NA
CVE-2011-0401
Piwik prior to 1.1 does not properly limit the number of files stored under tmp/sessions/, which might allow remote malicious users to cause a denial of service (inode consumption) by establishing many sessions.
Matomo Matomo 0.1
Matomo Matomo 0.1.1
Matomo Matomo 0.1.2
Matomo Matomo 0.1.3
Matomo Matomo 0.1.4
Matomo Matomo 0.1.5
Matomo Matomo 0.1.6
Matomo Matomo 0.1.7
Matomo Matomo 0.1.8
Matomo Matomo 0.1.9
Matomo Matomo 0.1.10
Matomo Matomo 0.2.1
Matomo Matomo 0.2.2
Matomo Matomo 0.2.3
Matomo Matomo 0.2.4
Matomo Matomo 0.2.5
Matomo Matomo 0.2.6
Matomo Matomo 0.2.7
Matomo Matomo 0.2.8
Matomo Matomo 0.2.9
Matomo Matomo 0.2.10
Matomo Matomo 0.2.11
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started