cbcvebase.

Smartertools Smarterstats vulnerabilities

17 known vulnerabilities affecting smartertools/smarterstats.

Total CVEs
17
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
CRITICAL4HIGH2MEDIUM11

Vulnerabilities

Page 1 of 1
CVE-2017-14620P3MEDIUMCVSS 6.1PoCv11.3.63472017-09-30
CVE-2017-14620 [MEDIUM] CWE-79 CVE-2017-14620: SmarterStats Version 11.3.6347 will Render the Referer Field of HTTP Logfiles from URL /Data/Reports SmarterStats Version 11.3.6347 will Render the Referer Field of HTTP Logfiles from URL /Data/Reports/ReferringURLsWithQueries resulting in Stored Cross Site Scripting.
nvd
CVE-2011-2148P3CRITICALCVSS 10.0v6.02011-05-20
CVE-2011-2148 [CRITICAL] CWE-78 CVE-2011-2148: Admin/frmSite.aspx in the SmarterTools SmarterStats 6.0 web server allows remote attackers to execut Admin/frmSite.aspx in the SmarterTools SmarterStats 6.0 web server allows remote attackers to execute arbitrary commands via vectors involving a leading and trailing & (ampersand) character, and (1) an STTTState cookie, (2) the ctl00%24MPH%24txtAdminNewPassword_SettingText parameter, (3) the ctl00%24MPH%24txtSmarterLogDirectory parameter, (4) the ctl
nvd
CVE-2011-2159P3CRITICALCVSS 10.0v6.02011-05-20
CVE-2011-2159 [CRITICAL] CVE-2011-2159: The SmarterTools SmarterStats 6.0 web server omits the Content-Type header for certain resources, wh The SmarterTools SmarterStats 6.0 web server omits the Content-Type header for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving (1) Admin/Defaults/frmDefaultSiteSettings.aspx, (2) Admin/Defaults/frmServerDefaults.aspx, (3) Admin/frmReportSettings.aspx, (4) Admin/frmSite.as
nvd
CVE-2011-2158P3CRITICALCVSS 10.0v6.02011-05-20
CVE-2011-2158 [CRITICAL] CVE-2011-2158: The SmarterTools SmarterStats 6.0 web server sends incorrect Content-Type headers for certain resour The SmarterTools SmarterStats 6.0 web server sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving (1) Admin/frmSite.aspx, (2) Admin/frmSites.aspx, (3) Admin/frmViewReports.aspx, (4) App_Themes/AboutThisFolder.txt, (5) Client/frmViewRepo
nvd
CVE-2011-2149P3HIGHCVSS 7.5v6.02011-05-20
CVE-2011-2149 [HIGH] CWE-89 CVE-2011-2149: Multiple SQL injection vulnerabilities in the SmarterTools SmarterStats 6.0 web server allow remote Multiple SQL injection vulnerabilities in the SmarterTools SmarterStats 6.0 web server allow remote attackers to execute arbitrary SQL commands via certain parameters to (1) Admin/frmSite.aspx, (2) Default.aspx, (3) Services/SiteAdmin.asmx, or (4) Client/frmViewReports.aspx; certain cookies to (5) Services/SiteAdmin.asmx or (6) login.aspx; the Referer HTT
nvd
CVE-2011-2155P3HIGHCVSS 7.5v6.02011-05-20
CVE-2011-2155 [HIGH] CWE-287 CVE-2011-2155: Login.aspx in the SmarterTools SmarterStats 6.0 web server generates a ctl00$MPH$txtPassword passwor Login.aspx in the SmarterTools SmarterStats 6.0 web server generates a ctl00$MPH$txtPassword password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation.
nvd
CVE-2011-4752P3CRITICALCVSS 10.0v6.2.41002011-12-16
CVE-2011-4752 [CRITICAL] CVE-2011-4752: SmarterTools SmarterStats 6.2.4100 sends incorrect Content-Type headers for certain resources, which SmarterTools SmarterStats 6.2.4100 sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving frmCustomReport.aspx and certain other files. NOTE: it is possible that only clients, not the SmarterStats product, could be affected by this issue.
nvd
CVE-2010-3425P4MEDIUMCVSS 4.3PoCv5.3v5.3.38192010-09-16
CVE-2010-3425 [MEDIUM] CWE-79 CVE-2010-3425: Cross-site scripting (XSS) vulnerability in UserControls/Popups/frmHelp.aspx in SmarterStats 5.3, 5. Cross-site scripting (XSS) vulnerability in UserControls/Popups/frmHelp.aspx in SmarterStats 5.3, 5.3.3819, and possibly other 5.3 versions, allows remote attackers to inject arbitrary web script or HTML via the url parameter.
nvd
CVE-2011-2156P4MEDIUMCVSS 5.0v6.02011-05-20
CVE-2011-2156 [MEDIUM] CWE-200 CVE-2011-2156: The SmarterTools SmarterStats 6.0 web server allows remote attackers to obtain directory listings vi The SmarterTools SmarterStats 6.0 web server allows remote attackers to obtain directory listings via a direct request for the (1) Admin/, (2) Admin/Defaults/, (3) Admin/GettingStarted/, (4) Admin/Popups/, (5) App_Themes/, (6) Client/, (7) Client/Popups/, (8) Services/, (9) Temp/, (10) UserControls/, (11) UserControls/PanelBarTemplates/, (12) UserCont
nvd
CVE-2011-2150P4MEDIUMCVSS 5.0v6.02011-05-20
CVE-2011-2150 [MEDIUM] CWE-20 CVE-2011-2150: The SmarterTools SmarterStats 6.0 web server does not properly validate string data that is intended The SmarterTools SmarterStats 6.0 web server does not properly validate string data that is intended for storage in an XML document, which allows remote attackers to cause a denial of service (parsing error and daemon pause) via vectors involving (1) certain cookies in a SiteInfoLookup action to Admin/frmSites.aspx, or certain (2) cookies or (3) parame
nvd
CVE-2011-2151P4MEDIUMCVSS 5.0v6.02011-05-20
CVE-2011-2151 [MEDIUM] CWE-310 CVE-2011-2151: The (1) Admin/frmEmailReportSettings.aspx, (2) Admin/frmGeneralSettings.aspx, (3) Admin/frmSite.aspx The (1) Admin/frmEmailReportSettings.aspx, (2) Admin/frmGeneralSettings.aspx, (3) Admin/frmSite.aspx, (4) Client/frmUser.aspx, and (5) Login.aspx components in the SmarterTools SmarterStats 6.0 web server accept cleartext passwords, which makes it easier for remote attackers to obtain sensitive information by sniffing the network.
nvd
CVE-2011-2152P4MEDIUMCVSS 5.0v6.02011-05-20
CVE-2011-2152 [MEDIUM] CWE-200 CVE-2011-2152: The SmarterTools SmarterStats 6.0 web server generates web pages containing external links in respon The SmarterTools SmarterStats 6.0 web server generates web pages containing external links in response to GET requests with query strings for (1) Client/frmViewReports.aspx or (2) UserControls/Popups/frmHelp.aspx, which makes it easier for remote attackers to obtain sensitive information by reading (a) web-server access logs or (b) web-server Referer
nvd
CVE-2011-2157P4MEDIUMCVSS 5.0v6.02011-05-20
CVE-2011-2157 [MEDIUM] CWE-264 CVE-2011-2157: The (1) Admin/frmEmailReportSettings.aspx and (2) Admin/frmGeneralSettings.aspx components in the Sm The (1) Admin/frmEmailReportSettings.aspx and (2) Admin/frmGeneralSettings.aspx components in the SmarterTools SmarterStats 6.0 web server generate web pages containing e-mail addresses, which allows remote attackers to obtain potentially sensitive information by reading the default values of form fields.
nvd
CVE-2011-2153P4MEDIUMCVSS 5.0v6.02011-05-20
CVE-2011-2153 [MEDIUM] CWE-200 CVE-2011-2153: Login.aspx in the SmarterTools SmarterStats 6.0 web server supports URLs containing txtUser and txtP Login.aspx in the SmarterTools SmarterStats 6.0 web server supports URLs containing txtUser and txtPass parameters in the query string, which makes it easier for context-dependent attackers to discover credentials by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history, related to a "cross-domain Referer leakage"
nvd
CVE-2011-2154P4MEDIUMCVSS 5.0v6.02011-05-20
CVE-2011-2154 [MEDIUM] CWE-200 CVE-2011-2154: login.aspx in the SmarterTools SmarterStats 6.0 web server does not include the HTTPOnly flag in a S login.aspx in the SmarterTools SmarterStats 6.0 web server does not include the HTTPOnly flag in a Set-Cookie header for the loginsettings cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.
nvd
CVE-2011-4751P4MEDIUMCVSS 5.0v6.2.41002011-12-16
CVE-2011-4751 [MEDIUM] CWE-200 CVE-2011-4751: SmarterTools SmarterStats 6.2.4100 generates web pages containing external links in response to GET SmarterTools SmarterStats 6.2.4100 generates web pages containing external links in response to GET requests with query strings for frmGettingStarted.aspx, which makes it easier for remote attackers to obtain sensitive information by reading (1) web-server access logs or (2) web-server Referer logs, related to a "cross-domain Referer leakage" issue.
nvd
CVE-2011-4750P4MEDIUMCVSS 4.3v6.2.41002011-12-16
CVE-2011-4750 [MEDIUM] CWE-79 CVE-2011-4750: Multiple cross-site scripting (XSS) vulnerabilities in SmarterTools SmarterStats 6.2.4100 allow remo Multiple cross-site scripting (XSS) vulnerabilities in SmarterTools SmarterStats 6.2.4100 allow remote attackers to inject arbitrary web script or HTML via crafted input to a PHP script, as demonstrated by Default.aspx and certain other files.
nvd
Smartertools Smarterstats vulnerabilities | cvebase