659 matches found
AWStats 6.8 - 'AWStats.pl' Cross-Site Scripting
source: https://www.securityfocus.com/bid/30730/info AWStats is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the...
AWStats 6.8 - AWStats.pl Cross-Site Scripting
AWStats 6.8 - AWStats.pl Cross-Site Scripting source: https://www.securityfocus.com/bid/30730/info AWStats is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code ...
awstats -- multiple XSS vulnerabilities
Secunia reports: Morgan Todd has discovered a vulnerability in AWStats, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed in the URL to awstats.pl is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary...
Debian Security Advisory DSA 1075-1 (awstats)
The remote host is missing an update to awstats announced via advisory DSA 1075-1. Hendrik Weimer discovered that awstats can execute arbitrary commands under the user id the web-server runs when users are allowed to supply arbitrary configuration files. Even though, this bug was referenced in DS...
Debian Security Advisory DSA 1058-1 (awstats)
The remote host is missing an update to awstats announced via advisory DSA 1058-1. Hendrik Weimer discovered that specially crafted web requests can cause awstats, a powerful and featureful web server log analyzer, to execute arbitrary commands. The old stable distribution woody is not affected b...
Debian Security Advisory DSA 682-1 (awstats)
The remote host is missing an update to awstats announced via advisory DSA 682-1. OpenVAS Vulnerability Test $Id: deb6821.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 682-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...
Debian Security Advisory DSA 892-1 (awstats)
The remote host is missing an update to awstats announced via advisory DSA 892-1. Peter Vreugdenhil discovered that awstats, a featureful web server log analyser, passes user-supplied data to an eval function, allowing remote attackers to execute arbitrary Perl commands. The old stable distributi...
Debian: Security Advisory (DSA-682-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian: Security Advisory (DSA-1075-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian: Security Advisory (DSA-892-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian: Security Advisory (DSA-1058-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 5.04 / 5.10 / 6.06 LTS : awstats vulnerabilities (USN-360-1)
awstats did not fully sanitize input, which was passed directly to the user's browser, allowing for an XSS attack. If a user was tricked into following a specially crafted awstats URL, the user's authentication information could be exposed for the domain where awstats was hosted. CVE-2006-3681...
Ubuntu 5.04 / 5.10 / 6.06 LTS : awstats vulnerability (USN-290-1)
Hendrik Weimer discovered a privilege escalation vulnerability in awstats. By supplying the 'configdir' CGI parameter and setting it to an attacker-controlled directory such as an FTP account, /tmp, or similar, an attacker could execute arbitrary shell commands with the privileges of the web serv...
openSUSE 10 Security Update : awstats (awstats-1612)
This update fixes remote code execution vulnerabilities in awstats. Since backporting awstats fixes is error prone we have upgraded it to upstream version 6.6, which also includes new features. Security issues fixed: - CVE-2006-2237: missing sanitizing of the 'migrate' parameter. 173041 -...
AWStats is Openly Accessible
The remote web server is running a version of AWStats that seems to be accessible to the entire Internet. Exposing AWStats unprotected to the entire Internet can aid an attacker in gaining further knowledge of the web server and its contents therein. An attacker may gain access to administrative...
AWStats configdir Remote Command Execution
This module exploits an arbitrary command execution vulnerability in the AWStats CGI script. iDEFENSE has confirmed that AWStats versions 6.1 and 6.2 are vulnerable. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework cla...
Debian DSA-1075-1 : awstats - programming error
Hendrik Weimer discovered that awstats can execute arbitrary commands under the user id the web-server runs when users are allowed to supply arbitrary configuration files. Even though, this bug was referenced in DSA 1058 accidentally, it was not fixed yet. The new default behaviour is not to acce...
Debian DSA-892-1 : awstats - missing input sanitising
Peter Vreugdenhil discovered that awstats, a featureful web server log analyser, passes user-supplied data to an eval function, allowing remote attackers to execute arbitrary Perl commands. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin...
Debian DSA-1058-1 : awstats - missing input sanitising
Hendrik Weimer discovered that specially crafted web requests can cause awstats, a powerful and featureful web server log analyzer, to execute arbitrary commands. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian...
USN-360-1: awstats vulnerabilities
awstats did not fully sanitize input, which was passed directly to the user's browser, allowing for an XSS attack. If a user was tricked into following a specially crafted awstats URL, the user's authentication information could be exposed for the domain where awstats was hosted. CVE-2006-3681...