659 matches found
DEBIAN-CVE-2006-2644
AWStats 6.5, and possibly other versions, allows remote authenticated users to execute arbitrary code by using the configdir parameter to awstats.pl to upload a configuration file whose name contains shell metacharacters, then access that file using the LogFile directive...
CVE-2006-2644
AWStats 6.5, and possibly other versions, allows remote authenticated users to execute arbitrary code by using the configdir parameter to awstats.pl to upload a configuration file whose name contains shell metacharacters, then access that file using the LogFile directive...
CVE-2006-2644
AWStats CVE-2006-2644 affects AWStats 6.5 (and possibly other versions) via the configdir parameter in awstats.pl. The root cause is lack of sanitization for the configdir parameter, allowing a remote authenticated user to upload a configuration file with shell metacharacters and then access it t...
CVE-2006-2644
AWStats 6.5, and possibly other versions, allows remote authenticated users to execute arbitrary code by using the configdir parameter to awstats.pl to upload a configuration file whose name contains shell metacharacters, then access that file using the LogFile directive...
CVE-2006-2644
AWStats 6.5, and possibly other versions, allows remote authenticated users to execute arbitrary code by using the configdir parameter to awstats.pl to upload a configuration file whose name contains shell metacharacters, then access that file using the LogFile directive...
Update Protection against AWStats "migrate" Shell Command Injection
AWStats is an open source web analystic reporting tool, suitable for analyzing data from internet services. A vulnerability has been identified in AWStats due to improper validation of user input. The vulnerability may be exploited by attackers to execute arbitrary commands. July 5, 2006On July 5...
[SECURITY] [DSA 1075-1] New awstats packages fix arbitrary command execution
-------------------------------------------------------------------------- Debian Security Advisory DSA 1075-1 [email protected] http://www.debian.org/security/ Martin Schulze May 26th, 2006 http://www.debian.org/security/faq -...
[SECURITY] [DSA 1075-1] New awstats packages fix arbitrary command execution
-------------------------------------------------------------------------- Debian Security Advisory DSA 1075-1 [email protected] http://www.debian.org/security/ Martin Schulze May 26th, 2006 http://www.debian.org/security/faq -...
DSA-1075-1 awstats - programming error
Bulletin has no description...
USN-285-1: awstats vulnerability
AWStats did not properly sanitize the 'migrate' CGI parameter. If the update of the stats via web front-end is allowed, a remote attacker could execute arbitrary commands on the server with the privileges of the AWStats server. This does not affect AWStats installations which only build static...
Ubuntu 5.04 / 5.10 : awstats vulnerability (USN-285-1)
AWStats did not properly sanitize the 'migrate' CGI parameter. If the update of the stats via web front-end is allowed, a remote attacker could execute arbitrary commands on the server with the privileges of the AWStats server. This does not affect AWStats installations which only build static...
[SECURITY] [DSA 1058-1] New awstats packages fix arbitrary command execution
-------------------------------------------------------------------------- Debian Security Advisory DSA 1058-1 [email protected] http://www.debian.org/security/ Martin Schulze May 18th, 2006 http://www.debian.org/security/faq -...
[SECURITY] [DSA 1058-1] New awstats packages fix arbitrary command execution
-------------------------------------------------------------------------- Debian Security Advisory DSA 1058-1 [email protected] http://www.debian.org/security/ Martin Schulze May 18th, 2006 http://www.debian.org/security/faq -...
DSA-1058-1 awstats - missing input sanitising
Bulletin has no description...
FreeBSD : awstats -- arbitrary command execution vulnerability (2df297a2-dc74-11da-a22b-000c6ec775d9)
OS Reviews reports : If the update of the stats via web front-end is allowed, a remote attacker can execute arbitrary code on the server using a specially crafted request involving the migrate parameter. Input starting with a pipe character '|' leads to an insecure call to Perl's open function an...
FreeBSD : awstats -- arbitrary code execution vulnerability (e86fbb5f-0d04-11da-bc08-0001020eed82)
An iDEFENSE Security Advisory reports : Remote exploitation of an input validation vulnerability in AWStats allows remote attackers to execute arbitrary commands. The problem specifically exists because of insufficient input filtering before passing user-supplied data to an eval function. As part...
AWStats migrate parameter command injection
Added: 05/11/2006 CVE: CVE-2006-2237 BID: 17844 OSVDB: 25284 Background AWStats is a web application for showing web, FTP, and mail server statistics. Problem AWStats uses the value of the migrate input parameter in a PERL open call without sufficient checks for invalid characters, allowing remot...
AWStats migrate parameter command injection
Added: 05/11/2006 CVE: CVE-2006-2237 BID: 17844 OSVDB: 25284 Background AWStats is a web application for showing web, FTP, and mail server statistics. Problem AWStats uses the value of the migrate input parameter in a PERL open call without sufficient checks for invalid characters, allowing remot...
AWStats migrate parameter command injection
Added: 05/11/2006 CVE: CVE-2006-2237 BID: 17844 OSVDB: 25284 Background AWStats is a web application for showing web, FTP, and mail server statistics. Problem AWStats uses the value of the migrate input parameter in a PERL open call without sufficient checks for invalid characters, allowing remot...
AWStats migrate parameter command injection
Added: 05/11/2006 CVE: CVE-2006-2237 BID: 17844 OSVDB: 25284 Background AWStats is a web application for showing web, FTP, and mail server statistics. Problem AWStats uses the value of the migrate input parameter in a PERL open call without sufficient checks for invalid characters, allowing remot...