CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2006/04/20 10:0 p.m.•24 views

CVE-2006-1945

5.5AI score0.03817EPSS

Exploits0References4

CVE•added 2006/04/20 10:0 p.m.•60 views

CVE-2006-1945

CVE-2006-1945 is an XSS vulnerability in AWStats 6.5 and earlier, affecting awstats.pl via the config parameter. An attacker could inject arbitrary web script or HTML. The description notes a possible correlation with CVE-2005-2732, but no explicit remediation details are provided in the document...

2.6CVSS5.5AI score0.03817EPSS

Exploits0References4Affected Software1

exploitpack•added 2006/04/19 12:0 a.m.•14 views

AWStats 4.05.x6.x - AWStats.pl Multiple Cross-Site Scripting Vulnerabilities

AWStats 4.05.x6.x - AWStats.pl Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/17621/info AWStats is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An...

7AI score

securityvulns•added 2006/04/19 12:0 a.m.•38 views

AWStats 6.5 vuln.

AWStats 6.5 vuln. Vuln. discovered by : r0t Date: 18 april 2006 vendorlink:http://awstats.sourceforge.net affected versions:AWStats 6.5 build 1.857 and previous orginal advisory:http://pridels.blogspot.com/2006/04/awstats-65-vuln.html Vuln. Description: AWStats contains a flaw that allows a remot...

5.7AI score

Exploit DB•added 2006/04/19 12:0 a.m.•27 views

AWStats 4.0/5.x/6.x - AWStats.pl Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/17621/info AWStats is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code executed in th...

7.4AI score

seebug.org•added 2006/02/17 12:0 a.m.•24 views

AWStats < 6.4 (referer) Remote Command Execution Exploit

No description provided by source. !/usr/bin/perl AWStats 6.4 command execution exploit based on http://www.idefense.com/application/poi/display?id=290&type=vulnerabilities coded by 1dt.w0lf 11.08.2005 RST/GHC http://rst.void.ru http://ghc.ru Note Exploitation will not occur until the stats page...

7.1AI score

Exploit DB•added 2006/02/17 12:0 a.m.•60 views

AWStats < 6.4 - 'referer' Remote Command Execution

!/usr/bin/perl AWStats new or die; $req = HTTP::Request-newGET = $path; $req-refererqqhttp://'.system$FilterEx'refererpages'.'; $res = $aw-request$req; $aw = LWP::UserAgent-new or die; $res = $aw-get$path.'?output=refererpages&update=1'; while print "Type command for execute or 'q' for exit ";...

7.4AI score

exploitpack•added 2006/02/17 12:0 a.m.•18 views

AWStats 6.4 - referer Remote Command Execution

AWStats 6.4 - referer Remote Command Execution !/usr/bin/perl AWStats new or die; $req = HTTP::Request-newGET = $path; $req-refererqqhttp://'.system$FilterEx'refererpages'.'; $res = $aw-request$req; $aw = LWP::UserAgent-new or die; $res = $aw-get$path.'?output=refererpages&update=1'; while print...

0.4AI score

0day.today•added 2006/02/17 12:0 a.m.•52 views

AWStats < 6.4 (referer) Remote Command Execution Exploit

Exploit for cgi platform in category web applications ======================================================== AWStats new or die; $req = HTTP::Request-newGET = $path; $req-refererqqhttp://'.system$FilterEx'refererpages'.'; $res = $aw-request$req; $aw = LWP::UserAgent-new or die; $res =...

7.1AI score

Saint•added 2006/02/14 12:0 a.m.•28 views

AWStats configdir parameter command execution

Added: 02/14/2006 CVE: CVE-2005-0116 BID: 12298 OSVDB: 13002 Background AWStats is a web application for showing web, FTP, and mail server statistics. Problem Insufficient validation of the configdir parameter before being used in a PERL open call leads to remote command execution. Resolution...

Saint•added 2006/02/14 12:0 a.m.•54 views

AWStats configdir parameter command execution

Saint•added 2006/02/14 12:0 a.m.•40 views

AWStats configdir parameter command execution

Saint•added 2006/02/14 12:0 a.m.•34 views

AWStats configdir parameter command execution

Tenable Nessus•added 2006/01/15 12:0 a.m.•34 views

Ubuntu 5.04 : awstats vulnerability (USN-167-1)

Peter Vreugdenhil discovered a command injection vulnerability in AWStats. As part of the statistics reporting function, AWStats displays information about the most common referrer values that caused users to visit the website. Referer URLs could be crafted in a way that they contained arbitrary...

5CVSS5.9AI score0.0133EPSS

Exploits0References1

Debian•added 2005/11/10 6:10 a.m.•25 views

[SECURITY] [DSA 892-1] New awstats packages fix arbitrary command execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 892-1 [email protected] http://www.debian.org/security/ Martin Schulze November 10th, 2005 http://www.debian.org/security/faq -...

5CVSS1.3AI score0.0133EPSS

OSV•added 2005/11/10 12:0 a.m.•17 views

DSA-892-1 awstats - missing input sanitising

Bulletin has no description...

5CVSS6.3AI score0.0133EPSS

OpenVAS•added 2005/11/03 12:0 a.m.•14 views

AWStats configdir parameter arbitrary cmd exec

The remote host is running AWStats, a free real-time logfile analyzer. The remote version of this software is prone to an input validation vulnerability. The issue is reported to exist because user supplied OpenVAS Vulnerability Test $Id: awstatsconfigdir.nasl 6056 2017-05-02 09:02:50Z teissa $...

0.3AI score