Vulnerabilities > Smartertools

DATE CVE VULNERABILITY TITLE RISK
2011-12-16 CVE-2011-4751 Information Exposure vulnerability in Smartertools Smarterstats 6.2.4100
SmarterTools SmarterStats 6.2.4100 generates web pages containing external links in response to GET requests with query strings for frmGettingStarted.aspx, which makes it easier for remote attackers to obtain sensitive information by reading (1) web-server access logs or (2) web-server Referer logs, related to a "cross-domain Referer leakage" issue.
network
low complexity
smartertools CWE-200
5.0
2011-12-16 CVE-2011-4750 Cross-Site Scripting vulnerability in Smartertools Smarterstats 6.2.4100
Multiple cross-site scripting (XSS) vulnerabilities in SmarterTools SmarterStats 6.2.4100 allow remote attackers to inject arbitrary web script or HTML via crafted input to a PHP script, as demonstrated by Default.aspx and certain other files.
4.3
2011-05-20 CVE-2011-2159 Unspecified vulnerability in Smartertools Smarterstats 6.0
The SmarterTools SmarterStats 6.0 web server omits the Content-Type header for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving (1) Admin/Defaults/frmDefaultSiteSettings.aspx, (2) Admin/Defaults/frmServerDefaults.aspx, (3) Admin/frmReportSettings.aspx, (4) Admin/frmSite.aspx, (5) App_Themes/Default/ButtonBarIcons.xml, (6) App_Themes/Default/Skin.xml, (7) Client/frmImportSettings.aspx, (8) Client/frmSeoSettings.aspx, (9) Services/Web.config, (10) aspnet_client/system_web/4_0_30319/, (11) clientaccesspolicy.xml, (12) cloudscan.exe, (13) crossdomain.xml, or (14) sitemap.xml.
network
low complexity
smartertools
critical
10.0
2011-05-20 CVE-2011-2158 Unspecified vulnerability in Smartertools Smarterstats 6.0
The SmarterTools SmarterStats 6.0 web server sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving (1) Admin/frmSite.aspx, (2) Admin/frmSites.aspx, (3) Admin/frmViewReports.aspx, (4) App_Themes/AboutThisFolder.txt, (5) Client/frmViewReports.aspx, (6) Temp/AboutThisFolder.txt, (7) default.aspx, (8) login.aspx, or (9) certain .jpg URIs under Temp/.
network
low complexity
smartertools
critical
10.0
2011-05-20 CVE-2011-2157 Permissions, Privileges, and Access Controls vulnerability in Smartertools Smarterstats 6.0
The (1) Admin/frmEmailReportSettings.aspx and (2) Admin/frmGeneralSettings.aspx components in the SmarterTools SmarterStats 6.0 web server generate web pages containing e-mail addresses, which allows remote attackers to obtain potentially sensitive information by reading the default values of form fields.
network
low complexity
smartertools CWE-264
5.0
2011-05-20 CVE-2011-2156 Information Exposure vulnerability in Smartertools Smarterstats 6.0
The SmarterTools SmarterStats 6.0 web server allows remote attackers to obtain directory listings via a direct request for the (1) Admin/, (2) Admin/Defaults/, (3) Admin/GettingStarted/, (4) Admin/Popups/, (5) App_Themes/, (6) Client/, (7) Client/Popups/, (8) Services/, (9) Temp/, (10) UserControls/, (11) UserControls/PanelBarTemplates/, (12) UserControls/Popups/, (13) aspnet_client/, or (14) aspnet_client/system_web/ directory name, or (15) certain directory names under App_Themes/Default/.
network
low complexity
smartertools CWE-200
5.0
2011-05-20 CVE-2011-2155 Improper Authentication vulnerability in Smartertools Smarterstats 6.0
Login.aspx in the SmarterTools SmarterStats 6.0 web server generates a ctl00$MPH$txtPassword password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation.
network
low complexity
smartertools CWE-287
7.5
2011-05-20 CVE-2011-2154 Information Exposure vulnerability in Smartertools Smarterstats 6.0
login.aspx in the SmarterTools SmarterStats 6.0 web server does not include the HTTPOnly flag in a Set-Cookie header for the loginsettings cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.
network
low complexity
smartertools CWE-200
5.0
2011-05-20 CVE-2011-2153 Information Exposure vulnerability in Smartertools Smarterstats 6.0
Login.aspx in the SmarterTools SmarterStats 6.0 web server supports URLs containing txtUser and txtPass parameters in the query string, which makes it easier for context-dependent attackers to discover credentials by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history, related to a "cross-domain Referer leakage" issue.
network
low complexity
smartertools CWE-200
5.0
2011-05-20 CVE-2011-2152 Information Exposure vulnerability in Smartertools Smarterstats 6.0
The SmarterTools SmarterStats 6.0 web server generates web pages containing external links in response to GET requests with query strings for (1) Client/frmViewReports.aspx or (2) UserControls/Popups/frmHelp.aspx, which makes it easier for remote attackers to obtain sensitive information by reading (a) web-server access logs or (b) web-server Referer logs, related to a "cross-domain Referer leakage" issue.
network
low complexity
smartertools CWE-200
5.0