FreeBSD : awstats -- arbitrary command execution (fdad8a87-7f94-11d9-a9e7-0001020eed82)

Several input validation errors exist in AWStats that allow a remote unauthenticated attacker to execute arbitrary commands with the priviliges of the web server. These programming errors involve CGI parameters including loadplugin, logfile, pluginmode, update, and possibly others. Additionally,...

CVE-2005-0437

Directory traversal vulnerability in awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to include arbitrary Perl modules via .. dot dot sequences in the loadplugin parameter...

CVE-2005-0435

awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to read server web logs by setting the loadplugin and pluginmode parameters to rawlog...

CVE-2005-0437

Directory traversal vulnerability in awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to include arbitrary Perl modules via .. dot dot sequences in the loadplugin parameter...

CVE-2005-0435

awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to read server web logs by setting the loadplugin and pluginmode parameters to rawlog...

CVE-2005-0435

awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to read server web logs by setting the loadplugin and pluginmode parameters to rawlog...

DEBIAN-CVE-2005-0363

awstats.pl in AWStats 4.0 and 6.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the config parameter...

CVE-2005-0363

awstats.pl in AWStats 4.0 and 6.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the config parameter...

CVE-2005-0438

awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to obtain sensitive information by setting the debug parameter...

DEBIAN-CVE-2005-0435

awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to read server web logs by setting the loadplugin and pluginmode parameters to rawlog...

CVE-2005-0436

Direct code injection vulnerability in awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to execute portions of Perl code via the PluginMode parameter...

CVE-2005-0436

Direct code injection vulnerability in awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to execute portions of Perl code via the PluginMode parameter...

CVE-2005-0363

awstats.pl in AWStats 4.0 and 6.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the config parameter...

CVE-2005-0436

Direct code injection vulnerability in awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to execute portions of Perl code via the PluginMode parameter...

CVE-2005-0438

awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to obtain sensitive information by setting the debug parameter...

CVE-2005-0437

Directory traversal vulnerability in awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to include arbitrary Perl modules via .. dot dot sequences in the loadplugin parameter...

CVE-2005-0438

awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to obtain sensitive information by setting the debug parameter...

DEBIAN-CVE-2005-0437

Directory traversal vulnerability in awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to include arbitrary Perl modules via .. dot dot sequences in the loadplugin parameter...

DEBIAN-CVE-2005-0436

Direct code injection vulnerability in awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to execute portions of Perl code via the PluginMode parameter...

CVE-2005-0363

awstats.pl in AWStats 4.0 and 6.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the config parameter...