CVE-2010-4369

Directory traversal vulnerability in AWStats before 7.0 allows remote attackers to have an unspecified impact via a crafted LoadPlugin directory...

CVE-2010-4367

awstats.cgi in AWStats before 7.0 accepts a configdir parameter in the URL, which allows remote attackers to execute arbitrary commands via a crafted configuration file located on a 1 WebDAV server or 2 NFS server...

CVE-2010-4367

CVE-2010-4367 affects AWStats (awstats.cgi) prior to 7.0. The vulnerability arises because a configdir parameter in the URL can be used to reference a crafted configuration file located on a WebDAV or NFS server, enabling remote command execution. Other OpenVAS/NVD entries corroborate the same de...

CVE-2010-4367

awstats.cgi in AWStats before 7.0 accepts a configdir parameter in the URL, which allows remote attackers to execute arbitrary commands via a crafted configuration file located on a 1 WebDAV server or 2 NFS server...

CVE-2010-4369

CVE-2010-4369 covers a directory traversal vulnerability in AWStats prior to 7.0, exploitable by remote attackers through a crafted LoadPlugin directory. Public references in OpenVAS and Ubuntu advisories confirm the flaw and patch activity (USN-1047-1; MDVSA-2011:033). The NVD notes an impact as...

CVE-2009-5020

Open redirect vulnerability in awredir.pl in AWStats before 6.95 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors...

CVE-2010-4369

Directory traversal vulnerability in AWStats before 7.0 allows remote attackers to have an unspecified impact via a crafted LoadPlugin directory...

AWStats 6.95 Command Execution

---------------------------------------------------------------------------- --------- www.ExploitDevelopment.com 2010-WEB-001 CERT VU870532 ---------------------------------------------------------------------------- --------- TITLE: AWStats 6.95 and Older Remote Command Execution When Installed...

Awstats < 7.0 Configuration File Remote Arbitrary Command Execution Vulnerability

Awstats is prone to an arbitrary command-execution vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

Awstats Configuration File Remote Arbitrary Command Execution Vulnerability

Awstats is prone to an arbitrary command-execution vulnerability. This issue is due to a failure in the application to properly sanitize user- supplied input. An attacker can exploit this vulnerability to execute arbitrary shell commands in the context of the webserver process. This may help...

AWStats 6.x - Apache Tomcat Configuration File Arbitrary Command Execution

AWStats 6.x - Apache Tomcat Configuration File Arbitrary Command Execution source: https://www.securityfocus.com/bid/45123/info Awstats is prone to an arbitrary command-execution vulnerability. This issue occurs when Awstats is used along with Apache Tomcat in Microsoft Windows. An attacker can...

AWStats 6.x - Apache Tomcat Configuration File Arbitrary Command Execution

source: https://www.securityfocus.com/bid/45123/info Awstats is prone to an arbitrary command-execution vulnerability. This issue occurs when Awstats is used along with Apache Tomcat in Microsoft Windows. An attacker can exploit this vulnerability to execute arbitrary shell commands in the contex...

AWStats fails to properly handle "\\" when specifying a configuration file directory

Overview AWStats fails to properly handle "\" when specifying a configuration file directory. This could allow an attacker to specify an arbitrary configuration file located on an SMB share. Description From the AWStats project website: "AWStats is a free powerful and featureful tool that...

AWStats 6.4 &lt; 6.5 - migrate Remote Command Execution (Metasploit)

$Id: awstatsmigrateexec.rb 9671 2010-07-03 06:21:31Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

awstats -- arbitrary commands execution vulnerability

Awstats change log reports: Security fix Traverse directory of LoadPlugin Security fix Limit config to defined directory to avoid access to external config file via a nfs or webdav link...

AWStats 6.1 &lt; 6.2 - &#039;configdir&#039; Remote Command Execution (Metasploit)

$Id: awstatsconfigdirexec.rb 7970 2009-12-26 03:31:20Z hdm $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

Fedora Core 11 FEDORA-2009-12457 (awstats)

The remote host is missing an update to awstats announced via advisory FEDORA-2009-12457. OpenVAS Vulnerability Test $Id: fcore200912457.nasl 6624 2017-07-10 06:11:55Z cfischer $ Description: Auto-generated from advisory FEDORA-2009-12457 awstats Authors: Thomas Reinke Copyright: Copyright c 2009...

Fedora Core 11 FEDORA-2009-12457 (awstats)

The remote host is missing an update to awstats announced via advisory FEDORA-2009-12457. Note: This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by t...

Fedora Core 10 FEDORA-2009-12444 (awstats)

The remote host is missing an update to awstats announced via advisory FEDORA-2009-12444. Note: This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by t...

Fedora Core 10 FEDORA-2009-12444 (awstats)

The remote host is missing an update to awstats announced via advisory FEDORA-2009-12444. OpenVAS Vulnerability Test $Id: fcore200912444.nasl 6624 2017-07-10 06:11:55Z cfischer $ Description: Auto-generated from advisory FEDORA-2009-12444 awstats Authors: Thomas Reinke Copyright: Copyright c 2009...