Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
openwebanalytics open web analytics vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2022-24637
Open Web Analytics (OWA) prior to 1.7.4 allows an unauthenticated remote malicious user to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files generated with '<?php (instead of the intended &q...
Openwebanalytics Open Web Analytics
1 EDB exploit
7 Github repositories
9.8
CVSSv3
CVE-2014-2294
Open Web Analytics (OWA) prior to 1.5.7 allows remote malicious users to conduct PHP object injection attacks via a crafted serialized object in the owa_event parameter to queue.php.
Openwebanalytics Open Web Analytics
8.8
CVSSv3
CVE-2014-1457
Open Web Analytics (OWA) prior to 1.5.6 improperly generates random nonce values, which makes it easier for remote malicious users to bypass a CSRF protection mechanism by leveraging knowledge of an OWA user name.
Openwebanalytics Open Web Analytics
NA
CVE-2014-1456
Cross-site scripting (XSS) vulnerability in the login page in Open Web Analytics (OWA) prior to 1.5.6 allows remote malicious users to inject arbitrary web script or HTML via the owa_user_id parameter to index.php.
Openwebanalytics Open Web Analytics 1.0.1
Openwebanalytics Open Web Analytics 1.0.2
Openwebanalytics Open Web Analytics 1.0.8
Openwebanalytics Open Web Analytics 1.1.0
Openwebanalytics Open Web Analytics 1.1.1
Openwebanalytics Open Web Analytics 1.2.2
Openwebanalytics Open Web Analytics 1.2.3
Openwebanalytics Open Web Analytics 1.4.0
Openwebanalytics Open Web Analytics 1.5.2
Openwebanalytics Open Web Analytics 1.5.3
Openwebanalytics Open Web Analytics 1.0.5
Openwebanalytics Open Web Analytics 1.0.6
Openwebanalytics Open Web Analytics 1.2.0
Openwebanalytics Open Web Analytics 1.3.0
Openwebanalytics Open Web Analytics 1.3.1
Openwebanalytics Open Web Analytics 1.5.0
Openwebanalytics Open Web Analytics 1.0.3
Openwebanalytics Open Web Analytics 1.0.4
Openwebanalytics Open Web Analytics 1.2.4
Openwebanalytics Open Web Analytics 1.4.1
Openwebanalytics Open Web Analytics 1.5.4
Openwebanalytics Open Web Analytics
NA
CVE-2014-1206
SQL injection vulnerability in the password reset page in Open Web Analytics (OWA) prior to 1.5.5 allows remote malicious users to execute arbitrary SQL commands via the owa_email_address parameter in a base.passwordResetRequest action to index.php.
Openwebanalytics Open Web Analytics 1.5.0
Openwebanalytics Open Web Analytics
Openwebanalytics Open Web Analytics 1.5.3
Openwebanalytics Open Web Analytics 1.4.1
Openwebanalytics Open Web Analytics 1.4.0
Openwebanalytics Open Web Analytics 1.3.0
Openwebanalytics Open Web Analytics 1.2.4
Openwebanalytics Open Web Analytics 1.5.2
Openwebanalytics Open Web Analytics 1.5.1
Openwebanalytics Open Web Analytics 1.2.3
Openwebanalytics Open Web Analytics 1.2.2
Openwebanalytics Open Web Analytics 1.1.0
Openwebanalytics Open Web Analytics 1.0.4
Openwebanalytics Open Web Analytics 1.0.3
Openwebanalytics Open Web Analytics 1.3.1
Openwebanalytics Open Web Analytics 1.2.1
Openwebanalytics Open Web Analytics 1.2.0
Openwebanalytics Open Web Analytics 1.0.8
Openwebanalytics Open Web Analytics 1.0.7
Openwebanalytics Open Web Analytics 1.0
Openwebanalytics Open Web Analytics 1.0.2
Openwebanalytics Open Web Analytics 1.0.1
1 EDB exploit
NA
CVE-2010-2677
PHP remote file inclusion vulnerability in mw_plugin.php in Open Web Analytics (OWA) 1.2.3, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote malicious users to execute arbitrary PHP code via a URL in the IP parameter. NOTE: some of these details ar...
Openwebanalytics Open Web Analytics 1.2.3
1 EDB exploit
NA
CVE-2010-2676
Multiple directory traversal vulnerabilities in index.php in Open Web Analytics (OWA) 1.2.3 might allow remote malicious users to read arbitrary files via directory traversal sequences in the (1) owa_action and (2) owa_do parameters.
Openwebanalytics Open Web Analytics 1.2.3
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30043
camera
CVE-2023-40404
CVE-2024-2793
client side
CVE-2024-4469
CVE-2024-3565
CVE-2024-29825
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started