Lucene search
K

14 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2020-21961

Malware in sbrugna...

9.8CVSS7.2AI score0.02909EPSS
Exploits1References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-22864

Malware in sbrugna...

5.3CVSS7.2AI score0.01834EPSS
Exploits0References8
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.11 views

Mageia: Security Advisory (MGASA-2018-0045)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.5AI score0.04352EPSS
Exploits0References4
NCSC
NCSC
added 2021/05/14 12:0 a.m.2 views

Vulnerabilities fixed in AWStats

Vulnerabilities have been fixed in AWStats. An unauthenticated malicious party could exploit the vulnerabilities to perform a path traversal attack that could gain access to arbitrary files. In doing so, the vulnerabilities can only exploited only to read key/value pairs that can be parsed by...

9.8CVSS7.1AI score0.04352EPSS
Exploits1
Veracode
Veracode
added 2020/12/23 9:54 p.m.29 views

Arbitrary File Read

AWStats is vulnerable to arbitrary file read. cgi-bin/awstats.pl?config= accepts a partial absolute pathname omitting the initial /etc, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-100050...

9.8CVSS2.7AI score0.04352EPSS
Exploits1References7Affected Software1
Prion
Prion
added 2020/12/12 12:15 a.m.32 views

Format string

In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname omitting the initial /etc, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501 and CVE-2020-29600...

5CVSS6.9AI score0.04352EPSS
Exploits1References4Affected Software3
AlpineLinux
AlpineLinux
added 2020/12/11 11:16 p.m.26 views

CVE-2020-35176

In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname omitting the initial /etc, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501 and CVE-2020-29600...

5.3CVSS7.3AI score0.01834EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2018/01/22 12:0 a.m.34 views

Debian DSA-4092-1 : awstats - security update

The cPanel Security Team discovered that awstats, a log file analyzer, was vulnerable to path traversal attacks. A remote unauthenticated attacker could leverage that to perform arbitrary code execution. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...

9.8CVSS7.7AI score0.04352EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2018/01/17 12:0 a.m.36 views

Fedora 26 : awstats (2018-17ba1a2393)

Security fix for CVE-2017-1000501 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL...

9.8CVSS7.2AI score0.04352EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2018/01/15 12:0 a.m.24 views

Fedora 27 : awstats (2018-7edfa0cfbf)

Security fix for CVE-2017-1000501 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL...

9.8CVSS7.2AI score0.04352EPSS
Exploits0References2
Debian
Debian
added 2018/01/10 5:59 a.m.27 views

[SECURITY] [DLA 1238-1] awstats security update

Package : awstats Version : 7.0dfsg-7+deb7u1 CVE ID : CVE-2017-1000501 Debian Bug : 885835 Awstats version 7.6 and earlier is vulnerable to a path traversal flaw in the handling of the "config" and "migrate" parameters resulting in unauthenticated remote code execution. For Debian 7 "Wheezy", the...

9.8CVSS8.1AI score0.04352EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2018/01/09 12:0 a.m.164 views

FreeBSD : awstats -- remote code execution (4055aee5-f4c6-11e7-95f2-005056925db4)

Mitre reports : Awstats version 7.6 and earlier is vulnerable to a path traversal flaw in the handling of the 'config' and 'migrate' parameters resulting in unauthenticated remote code execution. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracte...

9.8CVSS7.7AI score0.04352EPSS
Exploits0References3
CVE
CVE
added 2018/01/03 3:0 p.m.267 views

CVE-2017-1000501

AWStats is affected by a path-traversal vulnerability in cgi-bin/awstats.pl?config= (and related migrate/config handling) that can disclose or modify files due to improper handling of absolute/partial paths. The issue is described as affecting AWStats 7.7 and earlier, with an incomplete fix in CV...

9.8CVSS7.4AI score0.04352EPSS
Exploits0References6Affected Software1
AlpineLinux
AlpineLinux
added 2018/01/03 3:0 p.m.890 views

CVE-2017-1000501

Awstats version 7.6 and earlier is vulnerable to a path traversal flaw in the handling of the "config" and "migrate" parameters resulting in unauthenticated remote code execution...

9.8CVSS7.8AI score0.04352EPSS
Exploits0
Rows per page
Query Builder