659 matches found
CVE-2025-49890 WordPress Organic Beauty Theme <= 1.4.6 - PHP Object Injection Vulnerability
Deserialization of Untrusted Data vulnerability in ThemeREX Organic Beauty organic-beauty allows Object Injection.This issue affects Organic Beauty: from n/a through = 1.4.6...
PT-2025-33958 · Jorge Garcia De Bustos · Awstats Script
Name of the Vulnerable Software and Affected Versions: AWStats Script versions n/a through 0.3 Description: An improper neutralization of input during web page generation issue, specifically a Stored Cross-site Scripting XSS flaw, exists in Jorge Garcia de Bustos AWStats Script. This allows for t...
WordPress plugin AWStats Script 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress AWStats Script plugin <= 0.3 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Nabil Irawan Patchstack Alliance in WordPress Plugin AWStats Script versions = 0.3...
CVE-2018-20912
cPanel before 70.0.23 allows demo accounts to execute code via awstats SEC-362...
CVE-2010-4368
awstats.cgi in AWStats before 7.0 on Windows accepts a configdir parameter in the URL, which allows remote attackers to execute arbitrary commands via a crafted configuration file located at a UNC share pathname...
CVE-2009-5020
Open redirect vulnerability in awredir.pl in AWStats before 6.95 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors...
Fedora 37 : awstats (2023-b645c7feda)
The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-b645c7feda advisory. Security fix for CVE-2022-46391 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...
USN-5899-1: AWStats vulnerability
It was discovered that AWStats did not properly sanitize the content of whois responses in the hostinfo plugin. An attacker could possibly use this issue to conduct cross-site scripting XSS attacks...
USN-5899-1 awstats vulnerability
It was discovered that AWStats did not properly sanitize the content of whois responses in the hostinfo plugin. An attacker could possibly use this issue to conduct cross-site scripting XSS attacks...
Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS : AWStats vulnerability (USN-5899-1)
The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-5899-1 advisory. It was discovered that AWStats did not properly sanitize the content of whois responses in the hostinfo plugin. An attacker...
SUSE CVE-2005-0116
AWStats 6.1, and other versions before 6.3, allows remote attackers to execute arbitrary commands via shell metacharacters in the configdir parameter to aswtats.pl...
SUSE CVE-2005-0362
awstats.pl in AWStats 6.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the 1 "pluginmode", 2 "loadplugin", or 3 "noloadplugin" parameters...
SUSE CVE-2005-0363
awstats.pl in AWStats 4.0 and 6.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the config parameter...
SUSE CVE-2005-0436
Direct code injection vulnerability in awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to execute portions of Perl code via the PluginMode parameter...
SUSE CVE-2005-1527
Eval injection vulnerability in awstats.pl in AWStats 6.4 and earlier, when a URLPlugin is enabled, allows remote attackers to execute arbitrary Perl code via the HTTP Referrer, which is used in a $url parameter that is inserted into an eval function call...
SUSE CVE-2006-1945
Cross-site scripting XSS vulnerability in awstats.pl in AWStats 6.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the config parameter. NOTE: this might be the same core issue as CVE-2005-2732...
SUSE CVE-2006-2237
The web interface for AWStats 6.4 and 6.5, when statistics updates are enabled, allows remote attackers to execute arbitrary code via shell metacharacters in the migrate parameter...
SUSE CVE-2006-2644
AWStats 6.5, and possibly other versions, allows remote authenticated users to execute arbitrary code by using the configdir parameter to awstats.pl to upload a configuration file whose name contains shell metacharacters, then access that file using the LogFile directive...
SUSE CVE-2006-3682
awstats.pl in AWStats 6.5 build 1.857 and earlier allows remote attackers to obtain the installation path via the 1 year, 2 pluginmode or 3 month parameters...