CVE-2011-2151 Information

Description

The (1) Admin/frmEmailReportSettings.aspx (2) Admin/frmGeneralSettings.aspx (3) Admin/frmSite.aspx (4) Client/frmUser.aspx and (5) Login.aspx components in the SmarterTools SmarterStats 6.0 web server accept cleartext passwords which makes it easier for remote attackers to obtain sensitive information by sniffing the network.

Reference

http://www.kb.cert.org/vuls/id/240150 http://www.kb.cert.org/vuls/id/MORO-8GYQR4 http://xss.cx/examples/exploits/stored-reflected-xss-cwe79-smarterstats624100.html http://xss.cx/examples/smarterstats-60-oscommandinjection-directorytraversal-xml-sqlinjection.html.html https://exchange.xforce.ibmcloud.com/vulnerabilities/67831