AWStats 5.x/6.x - Debug Remote Information Disclosure

source: https://www.securityfocus.com/bid/12545/info A remote information disclosure vulnerability reportedly affects AWStats. This issue is due to a failure of the application to properly validate access to sensitive data. An attacker may leverage this issue to gain access to potentially sensiti...

AWStats 6.4 - Denial of Service

AWStats 6.4 - Denial of Service !/usr/bin/perl Summarized the advisory www.ghc.ru GHC: /str0ke 0 Exploitable example raw log plugin: Attacker can read sensitive information http://server/cgi-bin/awstats-6.4/awstats.pl?pluginmode=rawlog&loadplugin=rawlog 1 Perl code execution. This script...

AWStats 6.4 - Denial of Service

!/usr/bin/perl Summarized the advisory www.ghc.ru GHC: /str0ke 0 Exploitable example raw log plugin: Attacker can read sensitive information http://server/cgi-bin/awstats-6.4/awstats.pl?pluginmode=rawlog&loadplugin=rawlog 1 Perl code execution. This script...

GLSA-200501-36 : AWStats: Remote code execution

The remote host is affected by the vulnerability described in GLSA-200501-36 AWStats: Remote code execution When 'awstats.pl' is run as a CGI script, it fails to validate specific inputs which are used in a Perl open function call. Furthermore, a user could read log file content even when plugin...

AWStats fails to properly filter user-supplied input

Overview A lack of input validation in AWStats may allow a remote attacker to execute arbitrary commands. Description AWStats is a Perl CGI script that collects and graphically displays statistics from web, FTP, and mail servers. The configdir parameter, within the awstats.pl Perl script, is...

CVE-2005-0362

awstats.pl in AWStats 6.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the 1 "pluginmode", 2 "loadplugin", or 3 "noloadplugin" parameters...

DEBIAN-CVE-2005-0362

awstats.pl in AWStats 6.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the 1 "pluginmode", 2 "loadplugin", or 3 "noloadplugin" parameters...

CVE-2005-0362

awstats.pl in AWStats 6.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the 1 "pluginmode", 2 "loadplugin", or 3 "noloadplugin" parameters...

CVE-2005-0362

awstats.pl in AWStats 6.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the 1 "pluginmode", 2 "loadplugin", or 3 "noloadplugin" parameters...

AWStats: Remote code execution

Background AWStats is an advanced log file analyzer and statistics generator. Description When 'awstats.pl' is run as a CGI script, it fails to validate specific inputs which are used in a Perl open function call. Furthermore, a user could read log file content even when plugin rawlog was not...

AWStats configdir Remote Command Execution Exploit (c code)

Exploit for cgi platform in category web applications =========================================================== AWStats configdir Remote Command Execution Exploit c code =========================================================== / AwStats exploit by Thunder, email protected This exploit makes...

AWStats 6.0 6.2 - configdir Remote Command Execution (C)

AWStats 6.0 6.2 - configdir Remote Command Execution C / AwStats exploit by Thunder, [email protected] This exploit makes use of the remote command execution bug discovered in AwStats ver 6.2 and below. The bug resides in the awstats.pl perl script. The script does not sanitise correctly the us...

AWStats 6.0 < 6.2 - 'configdir' Remote Command Execution

/ AwStats exploit by Thunder, [email protected] This exploit makes use of the remote command execution bug discovered in AwStats ver 6.2 and below. The bug resides in the awstats.pl perl script. The script does not sanitise correctly the user input for the configdir parameter. If the users send...

AWStats configdir Remote Command Execution Exploit (c code)

No description provided by source. / AwStats exploit by Thunder, [email protected] This exploit makes use of the remote command execution bug discovered in AwStats ver 6.2 and below. The bug resides in the awstats.pl perl script. The script does not sanitise correctly the user input for the...

AWStats 6.0 < 6.2 - 'configdir' Remote Command Execution

!/usr/bin/perl ---GHC--------------------------------- Remote command execution exploit Product: Advanced Web Statistics 6.0 - 6.2 URL:http://awstats.sourceforge.net Greets & respects to our friends: 1dt.w0lf and all rst.void.ru Special greets 2 d0G4 & cr0n for link on bugtraq...

AWStats configdir Remote Command Execution Exploit (perl code)

Exploit for cgi platform in category web applications ============================================================== AWStats configdir Remote Command Execution Exploit perl code ============================================================== !/usr/bin/perl ---GHC---------------------------------...

CVE-2005-0116

AWStats 6.1, and other versions before 6.3, allows remote attackers to execute arbitrary commands via shell metacharacters in the configdir parameter to aswtats.pl...

CVE-2005-0116

CVE-2005-0116 affects AWStats: remote command execution through the configdir parameter in the AWStats CGI (awstats.pl) affecting 6.1 and earlier versions up to 6.2/6.2.x, with public reports of exploitation. The root cause is unsanitized input passed to a shell/open call, allowing arbitrary comm...

CVE-2005-0116

AWStats 6.1, and other versions before 6.3, allows remote attackers to execute arbitrary commands via shell metacharacters in the configdir parameter to aswtats.pl...

CVE-2005-0116

AWStats 6.1, and other versions before 6.3, allows remote attackers to execute arbitrary commands via shell metacharacters in the configdir parameter to aswtats.pl...