AWStats < 6.3 'configdir' Parameter Arbitrary Command Execution Vulnerability - Active Check

AWStats is prone to a command execution vulnerability. SPDX-FileCopyrightText: 2005 David Maciejak Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:awstats:awstats";...

AWStats Rawlog Plugin Logfile Parameter Input Validation Vulnerability (Aug 2004) - Active Check

AWStats Rawlog Plugin is prone to an input validation vulnerability. SPDX-FileCopyrightText: 2004 David Maciejak Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2005-2732

AWStats 6.4, and possibly earlier versions, allows remote attackers to obtain sensitive information via a file that does not exist in the config parameter, which reveals the path in an error message...

CVE-2005-2732

AWStats is the affected software in related entries. Connected documents describe an XSS issue in awstats.pl affecting AWStats 6.5 and earlier, exploitable via the config parameter, and note it may be the same core issue as CVE-2005-2732. No explicit versioned remediation or fixes are provided in...

CVE-2005-2732

AWStats 6.4, and possibly earlier versions, allows remote attackers to obtain sensitive information via a file that does not exist in the config parameter, which reveals the path in an error message...

AWstats Path Disclosure Vulnerability

Good morning all. "AWStats is a free powerful and featureful tool that generates advanced web, streaming, ftp or mail server statistics, graphically. This log analyzer works as a CGI or from command line and shows you all possible information your log contains, in few graphical web pages." Once y...

GLSA-200508-07 : AWStats: Arbitrary code execution using malicious Referrer information

The remote host is affected by the vulnerability described in GLSA-200508-07 AWStats: Arbitrary code execution using malicious Referrer information When using a URLPlugin, AWStats fails to sanitize Referrer URL data before using them in a Perl eval routine. Impact : A remote attacker can include...

AWStats: Arbitrary code execution using malicious Referrer information

Background AWStats is an advanced log file analyzer and statistics generator. In HTTP reports it parses Referrer information in order to display the most common Referrer values that caused users to visit the website. Description When using a URLPlugin, AWStats fails to sanitize Referrer URL data...

CVE-2005-1527

Eval injection vulnerability in awstats.pl in AWStats 6.4 and earlier, when a URLPlugin is enabled, allows remote attackers to execute arbitrary Perl code via the HTTP Referrer, which is used in a $url parameter that is inserted into an eval function call...

CVE-2005-1527

Eval injection vulnerability in awstats.pl in AWStats 6.4 and earlier, when a URLPlugin is enabled, allows remote attackers to execute arbitrary Perl code via the HTTP Referrer, which is used in a $url parameter that is inserted into an eval function call...

CVE-2005-1527

AWStats 6.4 and earlier are affected by an eval() injection when a URLPlugin is enabled, allowing remote attackers to execute arbitrary Perl code via the HTTP Referrer taint passed into an eval call. The issue is triggered by user-supplied data being evaluated, enabling remote code execution with...

CVE-2005-1527

Eval injection vulnerability in awstats.pl in AWStats 6.4 and earlier, when a URLPlugin is enabled, allows remote attackers to execute arbitrary Perl code via the HTTP Referrer, which is used in a $url parameter that is inserted into an eval function call...

CVE-2005-1527

Eval injection vulnerability in awstats.pl in AWStats 6.4 and earlier, when a URLPlugin is enabled, allows remote attackers to execute arbitrary Perl code via the HTTP Referrer, which is used in a $url parameter that is inserted into an eval function call...

DEBIAN-CVE-2005-1527

Eval injection vulnerability in awstats.pl in AWStats 6.4 and earlier, when a URLPlugin is enabled, allows remote attackers to execute arbitrary Perl code via the HTTP Referrer, which is used in a $url parameter that is inserted into an eval function call...

PT-2005-2520 · Awstats · Awstats

Name of the Vulnerable Software and Affected Versions: AWStats versions 6.4 and earlier Description: The issue allows remote attackers to execute arbitrary Perl code via the HTTP Referrer when a URLPlugin is enabled. This is achieved by inserting the $url parameter into an eval function call,...

USN-167-1: AWStats vulnerability

Peter Vreugdenhil discovered a command injection vulnerability in AWStats. As part of the statistics reporting function, AWStats displays information about the most common referrer values that caused users to visit the website. Referer URLs could be crafted in a way that they contained arbitrary...

TYPO3 Security Bulletin

Remote exploitation of an input validation vulnerability in AWStats allows remote attackers to execute arbitrary commands. Successful exploitation results in the execution of arbitrary commands with permissions of the web service. This may compromise systems using extensions providing AWStats...

AWStats Referrer Header Arbitrary Command Execution

The remote host is running AWStats, an open source web analytics tool used for analyzing data from internet services such as web, streaming, media, mail and FTP servers. The version of AWStats installed on the remote host collects data about the web referrers and uses them without proper sanitati...

[Full-disclosure] iDEFENSE Security Advisory 08.09.05: AWStats ShowInfoURL Remote Command Execution Vulnerability

AWStats ShowInfoURL Remote Command Execution Vulnerability iDEFENSE Security Advisory 08.09.05 www.idefense.com/application/poi/display?id=290&type=vulnerabilities August 09, 2005 I. BACKGROUND AWStats is a free tool that generates web, streaming, ftp or mail server statistics, graphically. It ca...

FreeBSD : awstats -- remote command execution vulnerability (0f5a2b4d-694b-11d9-a9e7-0001020eed82)

An iDEFENSE Security Advisory reports : Remote exploitation of an input validation vulnerability in AWStats allows attackers to execute arbitrary commands under the privileges of the web server. The problem specifically exists when the application is running as a CGI script on a web server. The...