UBUNTU-CVE-2017-1000501

Awstats version 7.6 and earlier is vulnerable to a path traversal flaw in the handling of the "config" and "migrate" parameters resulting in unauthenticated remote code execution...

awstats -- remote code execution

Mitre reports: Awstats version 7.6 and earlier is vulnerable to a path traversal flaw in the handling of the "config" and "migrate" parameters resulting in unauthenticated remote code execution...

CVE-2017-1000501

Awstats version 7.6 and earlier is vulnerable to a path traversal flaw in the handling of the "config" and "migrate" parameters resulting in unauthenticated remote code execution...

Nextcloud: Design Issues on ( ███ ) Lead to show ( IPS of Users )

Hello , I know this Domain is maybe out of scope But it Connected to the main Website I have see it Cashable the Download IPS for Users Status. As I saw that You active statics awstats That show me Full access to Status on the website . POC...

AWStats Totals awstatstotals.php sort Parameter Code Execution (CVE-2008-3922)

A code execution vulnerability has been reported in AWStats Totals. The vulnerability is due to insufficient sanitization of the "sort" parameter in the "awstatstotals.php". A remote attacker could exploit this vulnerability by dynamically creating an anonymous PHP function...

Vulnerabilities in the OpenSUSE operating system that allow malicious actors to compromise the confidentiality, integrity, and accessibility of protected information

The multiple vulnerabilities in the awstats package of the OpenSUSE operating system can lead to violations of the confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...

AWStats Plugin Multiple Remote Command Execution (CVE-2005-0363)

A command execution vulnerability has been reported in AWStats. The vulnerability is due to failing of AWStats CGI script to properly sanitize user provided parameters. A remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the target system...

AWStats configdir Parameter Remote Command Execution (CVE-2005-0116; CVE-2005-0362)

A command execution vulnerability has been reported in AWStats. The vulnerability is due to failing of AWStats CGI script to properly sanitize user provided parameters. A remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the target system...

AWStats 5.7 - 6.2 - Multiple Remote Exploit

No description provided by source. / AWStats v5.7 - v6.2 sileAWSxpl This exploit utilize three methods for exploiter the vulnerability found on AWStats software. an user can execute remote code on vulnerable machine, with httpd privileges. References: www.securityfocus.org/bid/12543 coded by:...

AWStats 5.x/6.x Logfile Parameter Remote Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/12572/info AWStats is reported prone to a remote arbitrary command-execution vulnerability. This issue occurs because the application fails to properly sanitize user-supplied data. Specifically, the user-specified 'logfil...

AWStats 6.2-6.1 - configdir Command Injection

No description provided by source. $Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require...

AWStats (5.0-6.3) Input Validation Hole in 'logfile'

No description provided by source. Example: http://target/awstats.pl?filterrawlog=&rawlogmaxlines=5000&config=stats.jdims.info&framename=main&pluginmode=rawlog&log file=/etc/passwd...

AWStats (6.1-6.2) configdir Remote Command Execution

No description provided by source. $Id: awstatsconfigdirexec.rb 7970 2009-12-26 03:31:20Z hdm $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms ...

AWStats Totals <= 1.14 multisort - Remote Command Execution

No description provided by source. $Id: awstatstotalsmultisort.rb 12715 2011-05-25 10:45:36Z patrickw $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing an...

AWStats 6.4-6.5 - AllowToUpdateStatsFromBrowser Command Injection

No description provided by source. $Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require...

AwStats <= 6.4 - Denial of Service

No description provided by source. !/usr/bin/perl Summarized the advisory www.ghc.ru GHC: /str0ke 0 Exploitable example raw log plugin: Attacker can read sensitive information http://server/cgi-bin/awstats-6.4/awstats.pl?pluginmode=rawlog&loadplugin=rawlog 1 Perl code execution. This script...

AWStats 4.0/5.x/6.x AWstats.PL Multiple Cross-Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/17621/info AWStats is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have...

AWStats 6.8 'awstats.pl' Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/30730/info AWStats is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the brows...

AWStats 5.7 - 6.2 - Multiple Remote Exploit (extra)

No description provided by source. / Awstats exploit shell code by omin0us omin0us208 at gmail dot com dtors security group .: http://dtors.ath.cx :. Vulnerability reported by iDEFENSE pluginmode bug has been found by GHC team. The awstats exploit that was discovered allows a user to execute...

AWStats 5.x/6.x Debug Remote Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/12545/info A remote information disclosure vulnerability reportedly affects AWStats. This issue is due to a failure of the application to properly validate access to sensitive data. An attacker may leverage this issue to...