[SECURITY] [DSA 682-1] New awstats packages fix arbitrary command execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 682-1 [email protected] http://www.debian.org/security/ Martin Schulze February 15th, 2005 http://www.debian.org/security/faq -...

[SECURITY] [DSA 682-1] New awstats packages fix arbitrary command execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 682-1 [email protected] http://www.debian.org/security/ Martin Schulze February 15th, 2005 http://www.debian.org/security/faq -...

CVE-2005-0438

awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to obtain sensitive information by setting the debug parameter...

CVE-2005-0436

AWStats is affected by CVE-2005-0436 in versions 6.3 and 6.4 due to a direct code injection via the PluginMode parameter in awstats.pl. The vulnerability enables remote attackers to cause arbitrary Perl code execution, with impact as described in the sources (permissions of the web service). Open...

CVE-2005-0436

Direct code injection vulnerability in awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to execute portions of Perl code via the PluginMode parameter...

CVE-2005-0437

Directory traversal vulnerability in awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to include arbitrary Perl modules via .. dot dot sequences in the loadplugin parameter...

CVE-2005-0437

AWStats has a directory traversal vulnerability (CVE-2005-0437) in awstats.pl affecting versions 6.3 and 6.4. Remote attackers can include arbitrary Perl modules via .. sequences in the loadplugin parameter, enabling potential code execution via CGI handling weaknesses. The NVD entry lists a CVSS...

CVE-2005-0436

Direct code injection vulnerability in awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to execute portions of Perl code via the PluginMode parameter...

CVE-2005-0437

Directory traversal vulnerability in awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to include arbitrary Perl modules via .. dot dot sequences in the loadplugin parameter...

CVE-2005-0438

CVE-2005-0438 affects AWStats awstats.pl (versions 6.3 and 6.4); improper handling of the debug parameter allows remote disclosure of sensitive information. Connected sources (NVD, Debian/OpenVAS/Nessus advisories) confirm a vulnerability with updates/missing input sanitization themes, but explic...

CVE-2005-0435

awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to read server web logs by setting the loadplugin and pluginmode parameters to rawlog...

CVE-2005-0435

CVE-2005-0435 affects AWStats (awstats.pl) versions 6.3 and 6.4, where remote attackers can read server web logs by manipulating CGI parameters loadplugin and pluginmode to rawlog. The underlying issue is improper handling of these parameters in the AWStats plugin, enabling information disclosure...

CVE-2005-0435

awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to read server web logs by setting the loadplugin and pluginmode parameters to rawlog...

CVE-2005-0438

awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to obtain sensitive information by setting the debug parameter...

AWStats <= 6.4 Multiple vulnerabilities

/==========================================/ // GHC - AWStats - ADVISORY PRODUCT: AWStats // VERSION: = 6.3 URL: http://awstats.sourceforge.net/ // VULNERABILITY CLASS: Multiple vulnerabilities RISK: high /==========================================/ Product Description "AWStats is a free powerful...

DSA-682-1 awstats - missing input sanitising

Bulletin has no description...

AWStats 5.x6.x - Debug Remote Information Disclosure

AWStats 5.x6.x - Debug Remote Information Disclosure source: https://www.securityfocus.com/bid/12545/info A remote information disclosure vulnerability reportedly affects AWStats. This issue is due to a failure of the application to properly validate access to sensitive data. An attacker may...

AWStats Multiple Remote Vulnerabilities (Cmd Exec, Traversal, ID)

The remote host is running AWStats, a free logfile analysis tool for analyzing ftp, mail, web, ... traffic. The remote version of this software is prone to a command execution flaw as well as an information disclosure vulnerability. An attacker may exploit this feature to obtain more information...

AwStats <= 6.4 Denial Of Service (with Advisory)

Exploit for cgi platform in category web applications ================================================ AwStats new Proto = "tcp", PeerAddr = "$server", PeerPort = "80" || die "Error\n"; print $socket "GET /cgi-bin/awstats-6.4/awstats.pl?&hack=$rp&PluginMode=:sleep HT...

AWStats < 6.5 Perl Content-Parsing Code Execution

Binary data 2613.prm...