Webtrends
Products
10- 3 CVEs
- 2 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
6| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2002-0595 | 0.04 | — | 0.11 | Jun 18, 2002 | Buffer overflow in WTRS_UI.EXE (WTX_REMOTE.DLL) for WebTrends Reporting Center 4.0d allows remote attackers to execute arbitrary code via a long HTTP GET request to the /reports/ directory. | |||
| CVE-2004-2748 | 0.03 | — | 0.05 | Dec 31, 2004 | viewreport.pl in NetIQ WebTrends Reporting Center Enterprise Edition 6.1a allows remote attackers to determine the installation path via an invalid profileid parameter, which leaks the pathname in an error message. | |||
| CVE-2001-0693 | 0.03 | — | 0.03 | Sep 20, 2001 | WebTrends HTTP Server 3.1c and 3.5 allows a remote attacker to view script source code via a filename followed by an encoded space (%20). | |||
| CVE-2003-1583 | 0.00 | — | 0.01 | Feb 5, 2010 | Cross-site scripting (XSS) vulnerability in WebTrends allows remote attackers to inject arbitrary web script or HTML via a crafted client domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue. | |||
| CVE-2002-0596 | 0.00 | — | 0.02 | Jun 18, 2002 | WebTrends Reporting Center 4.0d allows remote attackers to determine the real path of the web server via a GET request to get_od_toc.pl with an empty Profile parameter, which leaks the pathname in an error message. | |||
| CVE-1999-0916 | 0.00 | — | 0.00 | Jun 29, 1999 | WebTrends software stores account names and passwords in a file which does not have restricted access permissions. |
- CVE-2002-0595Jun 18, 2002risk 0.04cvss —epss 0.11
Buffer overflow in WTRS_UI.EXE (WTX_REMOTE.DLL) for WebTrends Reporting Center 4.0d allows remote attackers to execute arbitrary code via a long HTTP GET request to the /reports/ directory.
- CVE-2004-2748Dec 31, 2004risk 0.03cvss —epss 0.05
viewreport.pl in NetIQ WebTrends Reporting Center Enterprise Edition 6.1a allows remote attackers to determine the installation path via an invalid profileid parameter, which leaks the pathname in an error message.
- CVE-2001-0693Sep 20, 2001risk 0.03cvss —epss 0.03
WebTrends HTTP Server 3.1c and 3.5 allows a remote attacker to view script source code via a filename followed by an encoded space (%20).
- CVE-2003-1583Feb 5, 2010risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in WebTrends allows remote attackers to inject arbitrary web script or HTML via a crafted client domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.
- CVE-2002-0596Jun 18, 2002risk 0.00cvss —epss 0.02
WebTrends Reporting Center 4.0d allows remote attackers to determine the real path of the web server via a GET request to get_od_toc.pl with an empty Profile parameter, which leaks the pathname in an error message.
- CVE-1999-0916Jun 29, 1999risk 0.00cvss —epss 0.00
WebTrends software stores account names and passwords in a file which does not have restricted access permissions.