Lucene search
K

78 matches found

Veracode
Veracode
added 2023/07/20 11:1 a.m.21 views

SQL Injection

postgraasserver is vulnerable to SQL Injection attacks. A specifically crafted attack statement through the config parameter of the createpgconnection and createpostgresdb functions allows a malicious user to inject and execute arbitrary SQL queries on the target system...

9.8CVSS8.2AI score0.00598EPSS
Exploits0References4Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 6:19 a.m.5 views

SUSE CVE-2005-0363

awstats.pl in AWStats 4.0 and 6.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the config parameter...

7.5CVSS7.8AI score0.01954EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 6:15 a.m.3 views

SUSE CVE-2006-1945

Cross-site scripting XSS vulnerability in awstats.pl in AWStats 6.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the config parameter. NOTE: this might be the same core issue as CVE-2005-2732...

2.6CVSS6AI score0.04827EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:34 a.m.4 views

SUSE CVE-2017-1000501

Awstats version 7.6 and earlier is vulnerable to a path traversal flaw in the handling of the "config" and "migrate" parameters resulting in unauthenticated remote code execution...

9.8CVSS8AI score0.04352EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2022/05/30 9:15 a.m.4 views

CVE-2022-1009

The Smush WordPress plugin before 3.9.9 does not sanitise and escape a configuration parameter before outputting it back in an admin page when uploading a malicious preset configuration, leading to a Reflected Cross-Site Scripting. For the attack to be successful, an attacker would need an admin ...

6.1CVSS6.2AI score0.00757EPSS
Exploits2References2
RedhatCVE
RedhatCVE
added 2022/05/20 11:27 p.m.33 views

CVE-2020-35176

In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname omitting the initial /etc, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501 and CVE-2020-29600...

9.8CVSS2.2AI score0.04352EPSS
Exploits1References1
Prion
Prion
added 2021/06/02 8:15 p.m.37 views

Integer overflow

Redis is an open source BSD licensed, in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis version 6.0 or newer, could be exploited using the STRALGO LCS command to corrupt the heap and potentially result with remote code execution. This ...

6.5CVSS8.9AI score0.04207EPSS
Exploits0References5Affected Software2
Virtuozzo
Virtuozzo
added 2020/12/25 12:0 a.m.68 views

Product update: Virtuozzo PowerPanel Update 1 (7.0.4-30)

The update for Virtuozzo PowerPanel introduces new features as well as stability and usability fixes. Vulnerability id: PP-578 The 'vzapi' command to reset the backup limit to 0 could fail. Vulnerability id: PP-580 A wrong config parameter was documented for instance default backup limit...

2.6AI score
Exploits0
OSV
OSV
added 2020/12/12 12:15 a.m.2 views

ALPINE-CVE-2020-35176

In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname omitting the initial /etc, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501 and CVE-2020-29600...

5.3CVSS6.6AI score0.01834EPSS
Exploits0References1
Prion
Prion
added 2020/12/12 12:15 a.m.31 views

Format string

In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname omitting the initial /etc, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501 and CVE-2020-29600...

5CVSS6.9AI score0.04352EPSS
Exploits1References4Affected Software3
Debian CVE
Debian CVE
added 2020/12/11 11:16 p.m.26 views

CVE-2020-35176

In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname omitting the initial /etc, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501 and CVE-2020-29600...

5.3CVSS7.1AI score0.01834EPSS
Exploits0
OSV
OSV
added 2020/12/07 8:15 p.m.3 views

ALPINE-CVE-2020-29600

In AWStats through 7.7, cgi-bin/awstats.pl?config= accepts an absolute pathname, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501...

9.8CVSS6.8AI score0.02909EPSS
Exploits1References1
OSV
OSV
added 2020/12/07 8:15 p.m.1 views

DEBIAN-CVE-2020-29600

In AWStats through 7.7, cgi-bin/awstats.pl?config= accepts an absolute pathname, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501...

9.8CVSS7.1AI score0.02909EPSS
Exploits1References1
OSV
OSV
added 2020/12/07 8:15 p.m.3 views

UBUNTU-CVE-2020-29600

In AWStats through 7.7, cgi-bin/awstats.pl?config= accepts an absolute pathname, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501...

9.8CVSS6.8AI score0.02909EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2020/12/07 7:52 p.m.32 views

CVE-2020-29600

In AWStats through 7.7, cgi-bin/awstats.pl?config= accepts an absolute pathname, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501...

9.8CVSS7.1AI score0.02909EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2020/12/07 12:0 a.m.4 views

PT-2020-17212 · Awstats +3 · Awstats +3

Name of the Vulnerable Software and Affected Versions: AWStats versions prior to 7.8 Description: The issue allows an absolute pathname to be accepted by the cgi-bin/awstats.pl endpoint, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. This is due to an...

9.8CVSS9.5AI score0.04352EPSS
Exploits1References40
OSV
OSV
added 2019/08/01 2:15 p.m.4 views

DEBIAN-CVE-2019-0193

In Apache Solr, the DataImportHandler, an optional but popular module to pull in data from databases and other sources, has a feature in which the whole DIH configuration can come from a request's "dataConfig" parameter. The debug mode of the DIH admin screen uses this to allow convenient debuggi...

7.2CVSS6.9AI score0.83547EPSS
Exploits3References1
Prion
Prion
added 2018/02/27 9:29 p.m.11 views

Design/Logic Flaw

lyadmin 1.x has XSS via the configWEBSITETITLE parameter to the /admin.php?s=/admin/config/groupsave.html URI...

3.5CVSS4.8AI score0.00529EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2018/02/27 9:29 p.m.9 views

CVE-2018-7547

lyadmin 1.x has XSS via the configWEBSITETITLE parameter to the /admin.php?s=/admin/config/groupsave.html URI...

4.8CVSS5AI score0.00529EPSS
Exploits1References1
Cvelist
Cvelist
added 2018/02/27 9:0 p.m.15 views

CVE-2018-7547

lyadmin 1.x has XSS via the configWEBSITETITLE parameter to the /admin.php?s=/admin/config/groupsave.html URI...

5AI score0.00529EPSS
Exploits1References1
Rows per page
Query Builder