MidnightBSD

Advisories for webtrends

CVE-1999-0916 LOW

WebTrends software stores account names and passwords in a file which does not have restricted access permissions.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
webtrends webtrends_security_analyzer v2.0
webtrends webtrends_log_analyzer v4.51
webtrends webtrends_for_firewalls v1.2
webtrends webtrends_enterprise_suite v3.5
webtrends webtrends_professional_suite v3.01
CVE-2001-0693 MEDIUM

WebTrends HTTP Server 3.1c and 3.5 allows a remote attacker to view script source code via a filename followed by an encoded space (%20).

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
webtrends webtrends_enterprise_reporting_server_nt 3.5
webtrends webtrends_enterprise_reporting_server 3.1c
CVE-2002-0595 HIGH

Buffer overflow in WTRS_UI.EXE (WTX_REMOTE.DLL) for WebTrends Reporting Center 4.0d allows remote attackers to execute arbitrary code via a long HTTP GET request to the /reports/ directory.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
webtrends reporting_center 4.0d
CVE-2002-0596 MEDIUM

WebTrends Reporting Center 4.0d allows remote attackers to determine the real path of the web server via a GET request to get_od_toc.pl with an empty Profile parameter, which leaks the pathname in an error message.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
webtrends reporting_center 4.0d
CVE-2003-1583 MEDIUM

Cross-site scripting (XSS) vulnerability in WebTrends allows remote attackers to inject arbitrary web script or HTML via a crafted client domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
webtrends webtrends_log_analyzer *
CVE-2004-2748 MEDIUM

viewreport.pl in NetIQ WebTrends Reporting Center Enterprise Edition 6.1a allows remote attackers to determine the installation path via an invalid profileid parameter, which leaks the pathname in an error message.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
webtrends reporting_center 6.1a