Vulnerabilites related to openwebanalytics - open_web_analytics
CVE-2010-2676 (GCVE-0-2010-2676)
Vulnerability from cvelistv5
Published
2010-07-08 22:00
Modified
2024-08-07 02:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple directory traversal vulnerabilities in index.php in Open Web Analytics (OWA) 1.2.3 might allow remote attackers to read arbitrary files via directory traversal sequences in the (1) owa_action and (2) owa_do parameters.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.exploit-db.com/exploits/11903 | exploit, x_refsource_EXPLOIT-DB | |
| http://packetstormsecurity.org/1003-exploits/owa123-lfirfi.txt | x_refsource_MISC | |
| http://www.ITSecTeam.com/en/vulnerabilities/vulnerability26.htm | x_refsource_MISC | |
| http://www.openwebanalytics.com/?p=87 | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/57240 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:39:37.777Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "11903",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/11903"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/1003-exploits/owa123-lfirfi.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ITSecTeam.com/en/vulnerabilities/vulnerability26.htm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwebanalytics.com/?p=87"
},
{
"name": "owa-index-file-include(57240)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57240"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in index.php in Open Web Analytics (OWA) 1.2.3 might allow remote attackers to read arbitrary files via directory traversal sequences in the (1) owa_action and (2) owa_do parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "11903",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/11903"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/1003-exploits/owa123-lfirfi.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ITSecTeam.com/en/vulnerabilities/vulnerability26.htm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwebanalytics.com/?p=87"
},
{
"name": "owa-index-file-include(57240)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57240"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2676",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in index.php in Open Web Analytics (OWA) 1.2.3 might allow remote attackers to read arbitrary files via directory traversal sequences in the (1) owa_action and (2) owa_do parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11903",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/11903"
},
{
"name": "http://packetstormsecurity.org/1003-exploits/owa123-lfirfi.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1003-exploits/owa123-lfirfi.txt"
},
{
"name": "http://www.ITSecTeam.com/en/vulnerabilities/vulnerability26.htm",
"refsource": "MISC",
"url": "http://www.ITSecTeam.com/en/vulnerabilities/vulnerability26.htm"
},
{
"name": "http://www.openwebanalytics.com/?p=87",
"refsource": "MISC",
"url": "http://www.openwebanalytics.com/?p=87"
},
{
"name": "owa-index-file-include(57240)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57240"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-2676",
"datePublished": "2010-07-08T22:00:00",
"dateReserved": "2010-07-08T00:00:00",
"dateUpdated": "2024-08-07T02:39:37.777Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-1457 (GCVE-0-2014-1457)
Vulnerability from cvelistv5
Published
2018-03-20 21:00
Modified
2024-08-06 09:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Open Web Analytics (OWA) before 1.5.6 improperly generates random nonce values, which makes it easier for remote attackers to bypass a CSRF protection mechanism by leveraging knowledge of an OWA user name.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.secureworks.com/research/swrx-2014-006 | x_refsource_MISC | |
| http://www.openwebanalytics.com/?p=384 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/65573 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/91125 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:42:35.503Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.secureworks.com/research/swrx-2014-006"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openwebanalytics.com/?p=384"
},
{
"name": "65573",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/65573"
},
{
"name": "owa-cve20141457-csrf(91125)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91125"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-02-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Open Web Analytics (OWA) before 1.5.6 improperly generates random nonce values, which makes it easier for remote attackers to bypass a CSRF protection mechanism by leveraging knowledge of an OWA user name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-20T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.secureworks.com/research/swrx-2014-006"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openwebanalytics.com/?p=384"
},
{
"name": "65573",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/65573"
},
{
"name": "owa-cve20141457-csrf(91125)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91125"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1457",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open Web Analytics (OWA) before 1.5.6 improperly generates random nonce values, which makes it easier for remote attackers to bypass a CSRF protection mechanism by leveraging knowledge of an OWA user name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.secureworks.com/research/swrx-2014-006",
"refsource": "MISC",
"url": "https://www.secureworks.com/research/swrx-2014-006"
},
{
"name": "http://www.openwebanalytics.com/?p=384",
"refsource": "CONFIRM",
"url": "http://www.openwebanalytics.com/?p=384"
},
{
"name": "65573",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65573"
},
{
"name": "owa-cve20141457-csrf(91125)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91125"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-1457",
"datePublished": "2018-03-20T21:00:00",
"dateReserved": "2014-01-14T00:00:00",
"dateUpdated": "2024-08-06T09:42:35.503Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-1456 (GCVE-0-2014-1456)
Vulnerability from cvelistv5
Published
2014-02-28 17:00
Modified
2024-08-06 09:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in the login page in Open Web Analytics (OWA) before 1.5.6 allows remote attackers to inject arbitrary web script or HTML via the owa_user_id parameter to index.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/65571 | vdb-entry, x_refsource_BID | |
| http://www.secureworks.com/cyber-threat-intelligence/advisories/SWRX-2014-004 | x_refsource_MISC | |
| http://www.openwebanalytics.com/?p=384 | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/91124 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/56885 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:42:35.454Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "65571",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/65571"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.secureworks.com/cyber-threat-intelligence/advisories/SWRX-2014-004"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwebanalytics.com/?p=384"
},
{
"name": "owa-cve20141456-xss(91124)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91124"
},
{
"name": "56885",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/56885"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-02-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the login page in Open Web Analytics (OWA) before 1.5.6 allows remote attackers to inject arbitrary web script or HTML via the owa_user_id parameter to index.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "65571",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/65571"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.secureworks.com/cyber-threat-intelligence/advisories/SWRX-2014-004"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwebanalytics.com/?p=384"
},
{
"name": "owa-cve20141456-xss(91124)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91124"
},
{
"name": "56885",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/56885"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1456",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the login page in Open Web Analytics (OWA) before 1.5.6 allows remote attackers to inject arbitrary web script or HTML via the owa_user_id parameter to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "65571",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65571"
},
{
"name": "http://www.secureworks.com/cyber-threat-intelligence/advisories/SWRX-2014-004",
"refsource": "MISC",
"url": "http://www.secureworks.com/cyber-threat-intelligence/advisories/SWRX-2014-004"
},
{
"name": "http://www.openwebanalytics.com/?p=384",
"refsource": "MISC",
"url": "http://www.openwebanalytics.com/?p=384"
},
{
"name": "owa-cve20141456-xss(91124)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91124"
},
{
"name": "56885",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56885"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-1456",
"datePublished": "2014-02-28T17:00:00",
"dateReserved": "2014-01-14T00:00:00",
"dateUpdated": "2024-08-06T09:42:35.454Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-2677 (GCVE-0-2010-2677)
Vulnerability from cvelistv5
Published
2010-07-08 22:00
Modified
2024-08-07 02:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
PHP remote file inclusion vulnerability in mw_plugin.php in Open Web Analytics (OWA) 1.2.3, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the IP parameter. NOTE: some of these details are obtained from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwebanalytics.com/?p=87 | x_refsource_CONFIRM | |
| http://www.exploit-db.com/exploits/11903 | exploit, x_refsource_EXPLOIT-DB | |
| http://packetstormsecurity.org/1003-exploits/owa123-lfirfi.txt | x_refsource_MISC | |
| http://secunia.com/advisories/39153 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.ITSecTeam.com/en/vulnerabilities/vulnerability26.htm | x_refsource_MISC | |
| http://osvdb.org/63288 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/57241 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T02:39:38.025Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openwebanalytics.com/?p=87"
},
{
"name": "11903",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/11903"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.org/1003-exploits/owa123-lfirfi.txt"
},
{
"name": "39153",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39153"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ITSecTeam.com/en/vulnerabilities/vulnerability26.htm"
},
{
"name": "63288",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/63288"
},
{
"name": "owa-mwplugin-file-include(57241)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57241"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-03-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in mw_plugin.php in Open Web Analytics (OWA) 1.2.3, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the IP parameter. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openwebanalytics.com/?p=87"
},
{
"name": "11903",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/11903"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.org/1003-exploits/owa123-lfirfi.txt"
},
{
"name": "39153",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39153"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ITSecTeam.com/en/vulnerabilities/vulnerability26.htm"
},
{
"name": "63288",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/63288"
},
{
"name": "owa-mwplugin-file-include(57241)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57241"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-2677",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in mw_plugin.php in Open Web Analytics (OWA) 1.2.3, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the IP parameter. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.openwebanalytics.com/?p=87",
"refsource": "CONFIRM",
"url": "http://www.openwebanalytics.com/?p=87"
},
{
"name": "11903",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/11903"
},
{
"name": "http://packetstormsecurity.org/1003-exploits/owa123-lfirfi.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/1003-exploits/owa123-lfirfi.txt"
},
{
"name": "39153",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39153"
},
{
"name": "http://www.ITSecTeam.com/en/vulnerabilities/vulnerability26.htm",
"refsource": "MISC",
"url": "http://www.ITSecTeam.com/en/vulnerabilities/vulnerability26.htm"
},
{
"name": "63288",
"refsource": "OSVDB",
"url": "http://osvdb.org/63288"
},
{
"name": "owa-mwplugin-file-include(57241)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57241"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-2677",
"datePublished": "2010-07-08T22:00:00",
"dateReserved": "2010-07-08T00:00:00",
"dateUpdated": "2024-08-07T02:39:38.025Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-2294 (GCVE-0-2014-2294)
Vulnerability from cvelistv5
Published
2018-04-17 19:00
Modified
2024-08-06 10:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Open Web Analytics (OWA) before 1.5.7 allows remote attackers to conduct PHP object injection attacks via a crafted serialized object in the owa_event parameter to queue.php.
References
| ▼ | URL | Tags |
|---|---|---|
| https://secuniaresearch.flexerasoftware.com/advisories/56999 | x_refsource_MISC | |
| http://www.openwebanalytics.com/?p=388 | x_refsource_CONFIRM | |
| https://secuniaresearch.flexerasoftware.com/secunia_research/2014-3/ | x_refsource_MISC | |
| http://karmainsecurity.com/KIS-2014-03 | x_refsource_MISC | |
| https://www.securityfocus.com/bid/66076 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:06:00.285Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://secuniaresearch.flexerasoftware.com/advisories/56999"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.openwebanalytics.com/?p=388"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2014-3/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://karmainsecurity.com/KIS-2014-03"
},
{
"name": "66076",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "https://www.securityfocus.com/bid/66076"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Open Web Analytics (OWA) before 1.5.7 allows remote attackers to conduct PHP object injection attacks via a crafted serialized object in the owa_event parameter to queue.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-17T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://secuniaresearch.flexerasoftware.com/advisories/56999"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.openwebanalytics.com/?p=388"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2014-3/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://karmainsecurity.com/KIS-2014-03"
},
{
"name": "66076",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "https://www.securityfocus.com/bid/66076"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-2294",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open Web Analytics (OWA) before 1.5.7 allows remote attackers to conduct PHP object injection attacks via a crafted serialized object in the owa_event parameter to queue.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://secuniaresearch.flexerasoftware.com/advisories/56999",
"refsource": "MISC",
"url": "https://secuniaresearch.flexerasoftware.com/advisories/56999"
},
{
"name": "http://www.openwebanalytics.com/?p=388",
"refsource": "CONFIRM",
"url": "http://www.openwebanalytics.com/?p=388"
},
{
"name": "https://secuniaresearch.flexerasoftware.com/secunia_research/2014-3/",
"refsource": "MISC",
"url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2014-3/"
},
{
"name": "http://karmainsecurity.com/KIS-2014-03",
"refsource": "MISC",
"url": "http://karmainsecurity.com/KIS-2014-03"
},
{
"name": "66076",
"refsource": "BID",
"url": "https://www.securityfocus.com/bid/66076"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-2294",
"datePublished": "2018-04-17T19:00:00",
"dateReserved": "2014-03-06T00:00:00",
"dateUpdated": "2024-08-06T10:06:00.285Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24637 (GCVE-0-2022-24637)
Vulnerability from cvelistv5
Published
2022-03-18 00:00
Modified
2024-08-03 04:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Open Web Analytics (OWA) before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files generated with '<?php (instead of the intended "<?php sequence) aren't handled by the PHP interpreter.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:13:56.966Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://devel0pment.de/?p=2494"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Open-Web-Analytics/Open-Web-Analytics/releases/tag/1.7.4"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/169811/Open-Web-Analytics-1.7.3-Remote-Code-Execution.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/171389/Open-Web-Analytics-1.7.3-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Open Web Analytics (OWA) before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files generated with \u0027\u003c?php (instead of the intended \"\u003c?php sequence) aren\u0027t handled by the PHP interpreter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-17T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://devel0pment.de/?p=2494"
},
{
"url": "https://github.com/Open-Web-Analytics/Open-Web-Analytics/releases/tag/1.7.4"
},
{
"url": "http://packetstormsecurity.com/files/169811/Open-Web-Analytics-1.7.3-Remote-Code-Execution.html"
},
{
"url": "http://packetstormsecurity.com/files/171389/Open-Web-Analytics-1.7.3-Remote-Code-Execution.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-24637",
"datePublished": "2022-03-18T00:00:00",
"dateReserved": "2022-02-07T00:00:00",
"dateUpdated": "2024-08-03T04:13:56.966Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-1206 (GCVE-0-2014-1206)
Vulnerability from cvelistv5
Published
2014-01-15 16:00
Modified
2024-08-06 09:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in the password reset page in Open Web Analytics (OWA) before 1.5.5 allows remote attackers to execute arbitrary SQL commands via the owa_email_address parameter in a base.passwordResetRequest action to index.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/64774 | vdb-entry, x_refsource_BID | |
| http://www.exploit-db.com/exploits/31738 | exploit, x_refsource_EXPLOIT-DB | |
| http://secunia.com/advisories/56350 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/archive/1/531105/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.secureworks.com/advisories/SWRX-2014-001/SWRX-2014-001.pdf | x_refsource_MISC | |
| http://wiki.openwebanalytics.com/index.php?title=1.5.5 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:34:40.571Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "64774",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/64774"
},
{
"name": "31738",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/31738"
},
{
"name": "56350",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/56350"
},
{
"name": "20140214 [SWRX-2014-001] Open Web Analytics Pre-Auth SQL Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/531105/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.secureworks.com/advisories/SWRX-2014-001/SWRX-2014-001.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.openwebanalytics.com/index.php?title=1.5.5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the password reset page in Open Web Analytics (OWA) before 1.5.5 allows remote attackers to execute arbitrary SQL commands via the owa_email_address parameter in a base.passwordResetRequest action to index.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "64774",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/64774"
},
{
"name": "31738",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/31738"
},
{
"name": "56350",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/56350"
},
{
"name": "20140214 [SWRX-2014-001] Open Web Analytics Pre-Auth SQL Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/531105/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.secureworks.com/advisories/SWRX-2014-001/SWRX-2014-001.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.openwebanalytics.com/index.php?title=1.5.5"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-1206",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the password reset page in Open Web Analytics (OWA) before 1.5.5 allows remote attackers to execute arbitrary SQL commands via the owa_email_address parameter in a base.passwordResetRequest action to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "64774",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64774"
},
{
"name": "31738",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/31738"
},
{
"name": "56350",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56350"
},
{
"name": "20140214 [SWRX-2014-001] Open Web Analytics Pre-Auth SQL Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/531105/100/0/threaded"
},
{
"name": "http://www.secureworks.com/advisories/SWRX-2014-001/SWRX-2014-001.pdf",
"refsource": "MISC",
"url": "http://www.secureworks.com/advisories/SWRX-2014-001/SWRX-2014-001.pdf"
},
{
"name": "http://wiki.openwebanalytics.com/index.php?title=1.5.5",
"refsource": "CONFIRM",
"url": "http://wiki.openwebanalytics.com/index.php?title=1.5.5"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-1206",
"datePublished": "2014-01-15T16:00:00",
"dateReserved": "2014-01-07T00:00:00",
"dateUpdated": "2024-08-06T09:34:40.571Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2018-03-20 21:29
Modified
2024-11-21 02:04
Severity ?
Summary
Open Web Analytics (OWA) before 1.5.6 improperly generates random nonce values, which makes it easier for remote attackers to bypass a CSRF protection mechanism by leveraging knowledge of an OWA user name.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwebanalytics.com/?p=384 | Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/65573 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/91125 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://www.secureworks.com/research/swrx-2014-006 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwebanalytics.com/?p=384 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/65573 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/91125 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.secureworks.com/research/swrx-2014-006 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openwebanalytics | open_web_analytics | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openwebanalytics:open_web_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F26EBF2-BCF3-425E-93D3-66E1D4FBDD75",
"versionEndExcluding": "1.5.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open Web Analytics (OWA) before 1.5.6 improperly generates random nonce values, which makes it easier for remote attackers to bypass a CSRF protection mechanism by leveraging knowledge of an OWA user name."
},
{
"lang": "es",
"value": "Open Web Analytics (OWA), en versiones anteriores a la 1.5.6, genera de manera incorrecta valores nonce aleatorios, lo que facilita que atacantes remotos omitan un mecanismo de protecci\u00f3n contra Cross-Site Request Forgery (CSRF) aprovechando el conocimiento de un nombre de usuario de OWA."
}
],
"id": "CVE-2014-1457",
"lastModified": "2024-11-21T02:04:18.447",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-20T21:29:00.360",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.openwebanalytics.com/?p=384"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/65573"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91125"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.secureworks.com/research/swrx-2014-006"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.openwebanalytics.com/?p=384"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/65573"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91125"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.secureworks.com/research/swrx-2014-006"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-03-18 16:15
Modified
2024-11-21 06:50
Severity ?
Summary
Open Web Analytics (OWA) before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files generated with '<?php (instead of the intended "<?php sequence) aren't handled by the PHP interpreter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openwebanalytics | open_web_analytics | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openwebanalytics:open_web_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "34D304C0-2E79-46D2-A6D4-31B7B2436FC1",
"versionEndExcluding": "1.7.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open Web Analytics (OWA) before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files generated with \u0027\u003c?php (instead of the intended \"\u003c?php sequence) aren\u0027t handled by the PHP interpreter."
},
{
"lang": "es",
"value": "Open Web Analytics (OWA) versiones anteriores a 1.7.4, permite a un atacante remoto no autenticado obtener informaci\u00f3n confidencial del usuario, que puede ser usada para alcanzar privilegios de administrador al aprovechar los hashes de la cach\u00e9. Esto ocurre porque los archivos generados con \"(?php (en lugar de la secuencia \"(?php\" prevista) no son manejados por el int\u00e9rprete de PHP"
}
],
"id": "CVE-2022-24637",
"lastModified": "2024-11-21T06:50:46.980",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-18T16:15:08.450",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/169811/Open-Web-Analytics-1.7.3-Remote-Code-Execution.html"
},
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/171389/Open-Web-Analytics-1.7.3-Remote-Code-Execution.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mitigation",
"Patch",
"Third Party Advisory"
],
"url": "https://devel0pment.de/?p=2494"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/Open-Web-Analytics/Open-Web-Analytics/releases/tag/1.7.4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/169811/Open-Web-Analytics-1.7.3-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/171389/Open-Web-Analytics-1.7.3-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mitigation",
"Patch",
"Third Party Advisory"
],
"url": "https://devel0pment.de/?p=2494"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/Open-Web-Analytics/Open-Web-Analytics/releases/tag/1.7.4"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-07-08 22:30
Modified
2025-04-11 00:51
Severity ?
Summary
PHP remote file inclusion vulnerability in mw_plugin.php in Open Web Analytics (OWA) 1.2.3, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the IP parameter. NOTE: some of these details are obtained from third party information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openwebanalytics | open_web_analytics | 1.2.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openwebanalytics:open_web_analytics:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "00490E69-AB5A-4C79-889F-372C91F59EF2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PHP remote file inclusion vulnerability in mw_plugin.php in Open Web Analytics (OWA) 1.2.3, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the IP parameter. NOTE: some of these details are obtained from third party information."
},
{
"lang": "es",
"value": "Vulnerabilidad de inclusi\u00f3n de archivo PHP remoto en mw_plugin.php en Open Web Analytics (OWA) v1.2.3, cuando magic_quotes_gpc est\u00e1 deshabilitado y register_globals est\u00e1 habilitado, permite a atacantes remotos ejecutar c\u00f3digo PHP arbitrario a trav\u00e9s de una URL en el par\u00e1metro de IP. NOTA: algunos de estos detalles han sido obtenidos de informaci\u00f3n de terceros."
}
],
"id": "CVE-2010-2677",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-07-08T22:30:01.547",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/63288"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.org/1003-exploits/owa123-lfirfi.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39153"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.ITSecTeam.com/en/vulnerabilities/vulnerability26.htm"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/11903"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.openwebanalytics.com/?p=87"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57241"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/63288"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.org/1003-exploits/owa123-lfirfi.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39153"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.ITSecTeam.com/en/vulnerabilities/vulnerability26.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/11903"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.openwebanalytics.com/?p=87"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57241"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "This issue was resolved in version 1.2.4. The solution is to upgrade to that version.",
"lastModified": "2010-07-13T00:00:00",
"organization": "openwebanalytics"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-04-17 19:29
Modified
2024-11-21 02:06
Severity ?
Summary
Open Web Analytics (OWA) before 1.5.7 allows remote attackers to conduct PHP object injection attacks via a crafted serialized object in the owa_event parameter to queue.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openwebanalytics | open_web_analytics | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openwebanalytics:open_web_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B8E77576-F679-4624-A500-806211C535C1",
"versionEndExcluding": "1.5.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Open Web Analytics (OWA) before 1.5.7 allows remote attackers to conduct PHP object injection attacks via a crafted serialized object in the owa_event parameter to queue.php."
},
{
"lang": "es",
"value": "Open Web Analytics (OWA), en versiones anteriores a la 1.5.7, permite que atacantes remotos lleven a cabo ataques de inyecci\u00f3n de objetos PHP mediante un objeto serializado manipulado en el par\u00e1metro owa_event en queue.php."
}
],
"id": "CVE-2014-2294",
"lastModified": "2024-11-21T02:06:01.417",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-04-17T19:29:00.217",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://karmainsecurity.com/KIS-2014-03"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Release Notes",
"Vendor Advisory"
],
"url": "http://www.openwebanalytics.com/?p=388"
},
{
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
],
"url": "https://secuniaresearch.flexerasoftware.com/advisories/56999"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2014-3/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.securityfocus.com/bid/66076"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://karmainsecurity.com/KIS-2014-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Release Notes",
"Vendor Advisory"
],
"url": "http://www.openwebanalytics.com/?p=388"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://secuniaresearch.flexerasoftware.com/advisories/56999"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://secuniaresearch.flexerasoftware.com/secunia_research/2014-3/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.securityfocus.com/bid/66076"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-74"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-07-08 22:30
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple directory traversal vulnerabilities in index.php in Open Web Analytics (OWA) 1.2.3 might allow remote attackers to read arbitrary files via directory traversal sequences in the (1) owa_action and (2) owa_do parameters.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| openwebanalytics | open_web_analytics | 1.2.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openwebanalytics:open_web_analytics:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "00490E69-AB5A-4C79-889F-372C91F59EF2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple directory traversal vulnerabilities in index.php in Open Web Analytics (OWA) 1.2.3 might allow remote attackers to read arbitrary files via directory traversal sequences in the (1) owa_action and (2) owa_do parameters."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de salto de directorio en index.php en Open Web Analytics (OWA) v1.2.3 podr\u00eda permitir a atacantes remotos leer ficheros arbitrarios mediante secuencias de salto de directorio en los par\u00e1metros (1) owa_action y (2) owa_do."
}
],
"id": "CVE-2010-2676",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-07-08T22:30:01.517",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.org/1003-exploits/owa123-lfirfi.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.ITSecTeam.com/en/vulnerabilities/vulnerability26.htm"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/11903"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.openwebanalytics.com/?p=87"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57240"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.org/1003-exploits/owa123-lfirfi.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.ITSecTeam.com/en/vulnerabilities/vulnerability26.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/11903"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.openwebanalytics.com/?p=87"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/57240"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-01 00:01
Modified
2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the login page in Open Web Analytics (OWA) before 1.5.6 allows remote attackers to inject arbitrary web script or HTML via the owa_user_id parameter to index.php.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openwebanalytics:open_web_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "01A493B3-879C-4289-9437-B5106E070E3A",
"versionEndIncluding": "1.5.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openwebanalytics:open_web_analytics:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3FA1232F-39EF-484F-9D26-8BB475502BAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openwebanalytics:open_web_analytics:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBD26AC-FDC7-4975-9C60-25B2697B48A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openwebanalytics:open_web_analytics:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D535F257-B30A-4FDC-9AE7-AC6A485C787B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openwebanalytics:open_web_analytics:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "87F7951F-8765-4483-94CB-C1716D311B04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openwebanalytics:open_web_analytics:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8CCBCBA7-57EE-4032-B51B-5D9E16E9113D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openwebanalytics:open_web_analytics:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "16BB3521-7D77-4845-900D-0C11B6F7A691",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openwebanalytics:open_web_analytics:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "CB90903F-B3B6-4804-8008-BAE7C14B6A12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openwebanalytics:open_web_analytics:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2868DA9F-76D7-4A6F-97D5-D4CDB563F850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openwebanalytics:open_web_analytics:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D638AB9B-5872-4201-B269-0E4E9E387020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openwebanalytics:open_web_analytics:1.0.8:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CFE41E78-8325-4EC2-9AC3-71457AE1F3D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openwebanalytics:open_web_analytics:1.0.8:rc2:*:*:*:*:*:*",
"matchCriteriaId": "894B5A8B-50D3-46AE-BCB7-3AD8D03C0E6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openwebanalytics:open_web_analytics:1.0.8:rc3:*:*:*:*:*:*",
"matchCriteriaId": "43858C32-A9A1-4A3B-AF79-1AAF0D98B141",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openwebanalytics:open_web_analytics:1.0.8:rc4:*:*:*:*:*:*",
"matchCriteriaId": "ED4FB140-0116-4336-BE72-79A6E8023941",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openwebanalytics:open_web_analytics:1.0.8:rc5:*:*:*:*:*:*",
"matchCriteriaId": "8C1A2B48-0DC9-48DA-84D4-F736DF90AD69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openwebanalytics:open_web_analytics:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7E64136A-FB4F-4B28-93E5-132AA960844C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openwebanalytics:open_web_analytics:1.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2CB3E0E0-74E9-4654-B8C9-E1F1E7B91C5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openwebanalytics:open_web_analytics:1.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "94142965-9AB0-4D09-BD4C-0F0418CA1825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openwebanalytics:open_web_analytics:1.1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1003183A-A393-4815-9934-6DEC5F23D857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openwebanalytics:open_web_analytics:1.1.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "DD725504-B359-4C93-88E9-D2CB96E4EFB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openwebanalytics:open_web_analytics:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "13229169-37DE-4C0E-8D8F-9F22D8B56BC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openwebanalytics:open_web_analytics:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "76D627EB-DC2F-4666-AFEE-9528D0EBC600",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openwebanalytics:open_web_analytics:1.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8357C090-C3ED-456C-B82B-958A374D3574",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openwebanalytics:open_web_analytics:1.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "5F307A6C-FA18-469D-ADD9-8F2E9768E03A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openwebanalytics:open_web_analytics:1.2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "2A8C8FDD-6145-4253-87CD-B5E0FD2052D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openwebanalytics:open_web_analytics:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "07FAE334-9266-4C10-B1F7-1E70F40B11C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openwebanalytics:open_web_analytics:1.2.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "824C0DA9-1FFE-42C9-8AEB-BC94989ED0BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openwebanalytics:open_web_analytics:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DA9906BA-F6CF-4D5A-A4EB-5A67808DF0AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openwebanalytics:open_web_analytics:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "00490E69-AB5A-4C79-889F-372C91F59EF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openwebanalytics:open_web_analytics:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "01C62DCC-F712-416A-A169-C15EF957CF35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openwebanalytics:open_web_analytics:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B4EAF00F-79B7-4D4D-8B7D-7430B20931EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openwebanalytics:open_web_analytics:1.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D37E3D74-B876-4841-8945-C21BEA0E4BB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openwebanalytics:open_web_analytics:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "09296649-7E7D-4CC2-8902-ACA9C16C2865",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openwebanalytics:open_web_analytics:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B0838206-8282-4CD5-AD9D-C56D1220B8C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openwebanalytics:open_web_analytics:1.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E6AC1D42-B5AE-4BFD-BB05-816C07B5852D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openwebanalytics:open_web_analytics:1.4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "016E1B4D-D65C-48D8-853A-69484AFFFB7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openwebanalytics:open_web_analytics:1.4.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "FE6A767E-FC32-473C-AABA-0E49AF133623",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openwebanalytics:open_web_analytics:1.4.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "794B440C-A3FC-4267-86CE-779F566ADBAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openwebanalytics:open_web_analytics:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D0F8970A-E4C6-46AF-BFD2-DCEEBF591AD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openwebanalytics:open_web_analytics:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C7E5B04E-566B-4F4C-954B-4BA92529AAAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openwebanalytics:open_web_analytics:1.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "ADB023FC-C55C-46D9-B9BF-3AF720AFA483",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openwebanalytics:open_web_analytics:1.5.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F8FF068B-6502-426F-8E07-BBC0A6D19410",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openwebanalytics:open_web_analytics:1.5.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "FC2DCB56-0914-4CDA-9B17-7E0D66B3BA32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openwebanalytics:open_web_analytics:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "06E645A9-8E83-49B6-8275-5C7D1AE3C453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openwebanalytics:open_web_analytics:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6913C56E-8B0D-42D4-977C-FA4D318C6FCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openwebanalytics:open_web_analytics:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1AA2EC3C-197B-4314-96C3-3857E9DE401D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openwebanalytics:open_web_analytics:1.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2AFE5201-BD27-4C04-8380-053F3FE6EAB6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the login page in Open Web Analytics (OWA) before 1.5.6 allows remote attackers to inject arbitrary web script or HTML via the owa_user_id parameter to index.php."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en la p\u00e1gina de inicio de sesi\u00f3n en Open Web Analytics (OWA) anterior a 1.5.6 permite a atacantes remotos inyectar script Web o HTML arbitrarios a trav\u00e9s del par\u00e1metro owa_user_id hacia index.php."
}
],
"id": "CVE-2014-1456",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-03-01T00:01:07.717",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/56885"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.openwebanalytics.com/?p=384"
},
{
"source": "cve@mitre.org",
"url": "http://www.secureworks.com/cyber-threat-intelligence/advisories/SWRX-2014-004"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/65571"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91124"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/56885"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.openwebanalytics.com/?p=384"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.secureworks.com/cyber-threat-intelligence/advisories/SWRX-2014-004"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/65571"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/91124"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-01-15 16:08
Modified
2025-04-11 00:51
Severity ?
Summary
SQL injection vulnerability in the password reset page in Open Web Analytics (OWA) before 1.5.5 allows remote attackers to execute arbitrary SQL commands via the owa_email_address parameter in a base.passwordResetRequest action to index.php.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openwebanalytics:open_web_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C5A2E7D7-0441-4181-934A-61C85AC46B26",
"versionEndIncluding": "1.5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openwebanalytics:open_web_analytics:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3FA1232F-39EF-484F-9D26-8BB475502BAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openwebanalytics:open_web_analytics:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBD26AC-FDC7-4975-9C60-25B2697B48A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openwebanalytics:open_web_analytics:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D535F257-B30A-4FDC-9AE7-AC6A485C787B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openwebanalytics:open_web_analytics:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "87F7951F-8765-4483-94CB-C1716D311B04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openwebanalytics:open_web_analytics:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8CCBCBA7-57EE-4032-B51B-5D9E16E9113D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openwebanalytics:open_web_analytics:1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "16BB3521-7D77-4845-900D-0C11B6F7A691",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openwebanalytics:open_web_analytics:1.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "CB90903F-B3B6-4804-8008-BAE7C14B6A12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openwebanalytics:open_web_analytics:1.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2868DA9F-76D7-4A6F-97D5-D4CDB563F850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openwebanalytics:open_web_analytics:1.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D638AB9B-5872-4201-B269-0E4E9E387020",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openwebanalytics:open_web_analytics:1.1.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2CB3E0E0-74E9-4654-B8C9-E1F1E7B91C5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openwebanalytics:open_web_analytics:1.1.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "94142965-9AB0-4D09-BD4C-0F0418CA1825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openwebanalytics:open_web_analytics:1.1.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "1003183A-A393-4815-9934-6DEC5F23D857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openwebanalytics:open_web_analytics:1.1.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "DD725504-B359-4C93-88E9-D2CB96E4EFB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openwebanalytics:open_web_analytics:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "13229169-37DE-4C0E-8D8F-9F22D8B56BC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openwebanalytics:open_web_analytics:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "76D627EB-DC2F-4666-AFEE-9528D0EBC600",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openwebanalytics:open_web_analytics:1.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8357C090-C3ED-456C-B82B-958A374D3574",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openwebanalytics:open_web_analytics:1.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "5F307A6C-FA18-469D-ADD9-8F2E9768E03A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openwebanalytics:open_web_analytics:1.2.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "2A8C8FDD-6145-4253-87CD-B5E0FD2052D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openwebanalytics:open_web_analytics:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "07FAE334-9266-4C10-B1F7-1E70F40B11C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openwebanalytics:open_web_analytics:1.2.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "824C0DA9-1FFE-42C9-8AEB-BC94989ED0BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openwebanalytics:open_web_analytics:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DA9906BA-F6CF-4D5A-A4EB-5A67808DF0AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openwebanalytics:open_web_analytics:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "00490E69-AB5A-4C79-889F-372C91F59EF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openwebanalytics:open_web_analytics:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "01C62DCC-F712-416A-A169-C15EF957CF35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openwebanalytics:open_web_analytics:1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B4EAF00F-79B7-4D4D-8B7D-7430B20931EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openwebanalytics:open_web_analytics:1.3.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D37E3D74-B876-4841-8945-C21BEA0E4BB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openwebanalytics:open_web_analytics:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "09296649-7E7D-4CC2-8902-ACA9C16C2865",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openwebanalytics:open_web_analytics:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B0838206-8282-4CD5-AD9D-C56D1220B8C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openwebanalytics:open_web_analytics:1.4.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E6AC1D42-B5AE-4BFD-BB05-816C07B5852D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openwebanalytics:open_web_analytics:1.4.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "016E1B4D-D65C-48D8-853A-69484AFFFB7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openwebanalytics:open_web_analytics:1.4.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "FE6A767E-FC32-473C-AABA-0E49AF133623",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openwebanalytics:open_web_analytics:1.4.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "794B440C-A3FC-4267-86CE-779F566ADBAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openwebanalytics:open_web_analytics:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D0F8970A-E4C6-46AF-BFD2-DCEEBF591AD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openwebanalytics:open_web_analytics:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C7E5B04E-566B-4F4C-954B-4BA92529AAAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openwebanalytics:open_web_analytics:1.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "ADB023FC-C55C-46D9-B9BF-3AF720AFA483",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openwebanalytics:open_web_analytics:1.5.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F8FF068B-6502-426F-8E07-BBC0A6D19410",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openwebanalytics:open_web_analytics:1.5.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "FC2DCB56-0914-4CDA-9B17-7E0D66B3BA32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openwebanalytics:open_web_analytics:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "06E645A9-8E83-49B6-8275-5C7D1AE3C453",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openwebanalytics:open_web_analytics:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6913C56E-8B0D-42D4-977C-FA4D318C6FCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:openwebanalytics:open_web_analytics:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1AA2EC3C-197B-4314-96C3-3857E9DE401D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the password reset page in Open Web Analytics (OWA) before 1.5.5 allows remote attackers to execute arbitrary SQL commands via the owa_email_address parameter in a base.passwordResetRequest action to index.php."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en la p\u00e1gina de reseteo de password de Open Web Analytics (OWA) anteriores a 1.5.5 permite a atacantes remotos ejecutar comandos SQL de forma arbitraria a trav\u00e9s del par\u00e1metro owa_email_address en una acci\u00f3n base.passwordResetRequest en index.php."
}
],
"id": "CVE-2014-1206",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-01-15T16:08:18.580",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/56350"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://wiki.openwebanalytics.com/index.php?title=1.5.5"
},
{
"source": "cve@mitre.org",
"url": "http://www.exploit-db.com/exploits/31738"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.secureworks.com/advisories/SWRX-2014-001/SWRX-2014-001.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/531105/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/64774"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/56350"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://wiki.openwebanalytics.com/index.php?title=1.5.5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.exploit-db.com/exploits/31738"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.secureworks.com/advisories/SWRX-2014-001/SWRX-2014-001.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/531105/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/64774"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}