The remote web server is hosting a PHP application that is vulnerable to multiple attack vectors.
The remote web server is hosting Piwik, a web analytics application written in PHP. Versions of Piwik earlier than 1.1.0 are potentially affected by multiple vulnerabilities : - A flaw exists in the 'Piwik_Common::getIP' function which fails to properly determine the client IP address. (Bug 457) - Piwik fails to prevent the login form from being framed in another website. (Bug 1679) - An unspecified flaw exists relating to Cookie.php's failure to set the secure flag for the session cookie in https sessions. (Bug 1795) - A denial-of-service vulnerability exists because Piwik fails to properly limit the number of files stored under '/tmp/sessions/' (Bug 1910) - An unspecified cross-site scripting vulnerability exists.