Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Openwebanalytics Subscribe
Filtered by product Open Web Analytics

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 6 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-1206 1 Openwebanalytics 1 Open Web Analytics 2018-10-09 7.5 HIGH N/A
SQL injection vulnerability in the password reset page in Open Web Analytics (OWA) before 1.5.5 allows remote attackers to execute arbitrary SQL commands via the owa_email_address parameter in a base.passwordResetRequest action to index.php.
CVE-2014-2294 1 Openwebanalytics 1 Open Web Analytics 2018-05-22 7.5 HIGH 9.8 CRITICAL
Open Web Analytics (OWA) before 1.5.7 allows remote attackers to conduct PHP object injection attacks via a crafted serialized object in the owa_event parameter to queue.php.
CVE-2014-1457 1 Openwebanalytics 1 Open Web Analytics 2018-04-17 6.8 MEDIUM 8.8 HIGH
Open Web Analytics (OWA) before 1.5.6 improperly generates random nonce values, which makes it easier for remote attackers to bypass a CSRF protection mechanism by leveraging knowledge of an OWA user name.
CVE-2014-1456 1 Openwebanalytics 1 Open Web Analytics 2017-08-29 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in the login page in Open Web Analytics (OWA) before 1.5.6 allows remote attackers to inject arbitrary web script or HTML via the owa_user_id parameter to index.php.
CVE-2010-2676 1 Openwebanalytics 1 Open Web Analytics 2017-08-17 5.0 MEDIUM N/A
Multiple directory traversal vulnerabilities in index.php in Open Web Analytics (OWA) 1.2.3 might allow remote attackers to read arbitrary files via directory traversal sequences in the (1) owa_action and (2) owa_do parameters.
CVE-2010-2677 1 Openwebanalytics 1 Open Web Analytics 2017-08-17 5.1 MEDIUM N/A
PHP remote file inclusion vulnerability in mw_plugin.php in Open Web Analytics (OWA) 1.2.3, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the IP parameter. NOTE: some of these details are obtained from third party information.