Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
smartertools smarterstats 6.0 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2011-2148
Admin/frmSite.aspx in the SmarterTools SmarterStats 6.0 web server allows remote malicious users to execute arbitrary commands via vectors involving a leading and trailing & (ampersand) character, and (1) an STTTState cookie, (2) the ctl00%24MPH%24txtAdminNewPassword_SettingT...
Smartertools Smarterstats 6.0
NA
CVE-2011-2149
Multiple SQL injection vulnerabilities in the SmarterTools SmarterStats 6.0 web server allow remote malicious users to execute arbitrary SQL commands via certain parameters to (1) Admin/frmSite.aspx, (2) Default.aspx, (3) Services/SiteAdmin.asmx, or (4) Client/frmViewReports.aspx...
Smartertools Smarterstats 6.0
NA
CVE-2011-2150
The SmarterTools SmarterStats 6.0 web server does not properly validate string data that is intended for storage in an XML document, which allows remote malicious users to cause a denial of service (parsing error and daemon pause) via vectors involving (1) certain cookies in a Si...
Smartertools Smarterstats 6.0
NA
CVE-2011-2151
The (1) Admin/frmEmailReportSettings.aspx, (2) Admin/frmGeneralSettings.aspx, (3) Admin/frmSite.aspx, (4) Client/frmUser.aspx, and (5) Login.aspx components in the SmarterTools SmarterStats 6.0 web server accept cleartext passwords, which makes it easier for remote malicious user...
Smartertools Smarterstats 6.0
NA
CVE-2011-2152
The SmarterTools SmarterStats 6.0 web server generates web pages containing external links in response to GET requests with query strings for (1) Client/frmViewReports.aspx or (2) UserControls/Popups/frmHelp.aspx, which makes it easier for remote malicious users to obtain sensiti...
Smartertools Smarterstats 6.0
NA
CVE-2011-2153
Login.aspx in the SmarterTools SmarterStats 6.0 web server supports URLs containing txtUser and txtPass parameters in the query string, which makes it easier for context-dependent malicious users to discover credentials by reading (1) web-server access logs, (2) web-server Refere...
Smartertools Smarterstats 6.0
NA
CVE-2011-2154
login.aspx in the SmarterTools SmarterStats 6.0 web server does not include the HTTPOnly flag in a Set-Cookie header for the loginsettings cookie, which makes it easier for remote malicious users to obtain potentially sensitive information via script access to this cookie.
Smartertools Smarterstats 6.0
NA
CVE-2011-2155
Login.aspx in the SmarterTools SmarterStats 6.0 web server generates a ctl00$MPH$txtPassword password form field without disabling the autocomplete feature, which makes it easier for remote malicious users to bypass authentication by leveraging an unattended workstation.
Smartertools Smarterstats 6.0
NA
CVE-2011-2157
The (1) Admin/frmEmailReportSettings.aspx and (2) Admin/frmGeneralSettings.aspx components in the SmarterTools SmarterStats 6.0 web server generate web pages containing e-mail addresses, which allows remote malicious users to obtain potentially sensitive information by reading th...
Smartertools Smarterstats 6.0
NA
CVE-2011-2158
The SmarterTools SmarterStats 6.0 web server sends incorrect Content-Type headers for certain resources, which might allow remote malicious users to have an unspecified impact by leveraging an interpretation conflict involving (1) Admin/frmSite.aspx, (2) Admin/frmSites.aspx, (3) ...
Smartertools Smarterstats 6.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »