AWStats Path Traversal Vulnerability

AWStats is an extremely popular web-based website traffic analyzer. A path traversal vulnerability exists in the handling of the 'config' and 'migrate' parameters in AWStats 7.6 and earlier versions. A remote attacker can exploit this vulnerability to execute code...

DEBIAN-CVE-2017-1000501

Awstats version 7.6 and earlier is vulnerable to a path traversal flaw in the handling of the "config" and "migrate" parameters resulting in unauthenticated remote code execution...

ALPINE-CVE-2017-1000501

Awstats version 7.6 and earlier is vulnerable to a path traversal flaw in the handling of the "config" and "migrate" parameters resulting in unauthenticated remote code execution...

UBUNTU-CVE-2017-1000501

Awstats version 7.6 and earlier is vulnerable to a path traversal flaw in the handling of the "config" and "migrate" parameters resulting in unauthenticated remote code execution...

Remote file inclusion

PHP remote file inclusion vulnerability in ajax/myajaxphp.php in AudioShare 2.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the config'basedir' parameter...

HotNews 0.x config[incdir] Parameter Remote File Inclusion

No description provided by source...

Directory traversal

Multiple directory traversal vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to read arbitrary files via a .. dot dot in the 1 language parameter to learn/cubemail/install.php or 2 f parameter learn/cubemail/filemanagement.php, or execute arbitrary local files via a .. dot dot in the...

CVE-2011-5040

Multiple cross-site scripting XSS vulnerabilities in Infoproject Biznis Heroj allow remote attackers to inject arbitrary web script or HTML via the config parameter to 1 nalozinaslov.php and 2 widget.dokumentilista.php...

Cross site scripting

Cross-site scripting XSS vulnerability in mmsearch/design in the Mailman/htdig integration patch for Mailman allows remote attackers to inject arbitrary web script or HTML via the config parameter...

CVE-2011-5024

Cross-site scripting XSS vulnerability in mmsearch/design in the Mailman/htdig integration patch for Mailman allows remote attackers to inject arbitrary web script or HTML via the config parameter...

CVE-2010-4918

PHP remote file inclusion vulnerability in iJoomla Magazine commagazine component 3.0.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the config parameter to magazine.functions.php...

CVE-2009-3056

PHP remote file inclusion vulnerability in include/engine/content/elements/menu.php in KingCMS 0.6.0 allows remote attackers to execute arbitrary PHP code via a URL in the CONFIGAdminPath parameter...

Directory traversal

Directory traversal vulnerability in templater.php in the ZZTemplater module in TinyCMS 1.1.2, when registerglobals is enabled and magicquotesgpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. dot dot in the configtemplate parameter...

CVE-2007-6471

Incomplete blacklist vulnerability in main.php in phPay 2.02.01 on Windows allows remote attackers to conduct directory traversal attacks and include and execute arbitrary local files via a ..\ dot dot backslash in the config parameter...

CVE-2007-0793

PHP remote file inclusion vulnerability in inc/common.php in GlobalMegaCorp dvddb 0.6 allows remote attackers to execute arbitrary PHP code via a URL in the config parameter...

CVE-2006-4489

Multiple PHP remote file inclusion vulnerabilities in MiniBill 2006-07-14 1.2.2 allow remote attackers to execute arbitrary PHP code via 1 a URL in the configincludedir parameter in actions/ipn.php or 2 an FTP path in the configplugindir parameter in include/initPlugins.php...

Remote file inclusion

PHP remote file inclusion vulnerability in Fastpublish CMS 1.6.9.d allows remote attackers to include arbitrary files via the configfsBase parameter in 1 drucken.php, 2 drucken2.php, 3 emailanbenutzer.php, 4 rechnung.php, 5 suche/search.php and 6 adminbereich/admin.php...

CVE-2006-2726

PHP remote file inclusion vulnerability in Fastpublish CMS 1.6.9.d allows remote attackers to include arbitrary files via the configfsBase parameter in 1 drucken.php, 2 drucken2.php, 3 emailanbenutzer.php, 4 rechnung.php, 5 suche/search.php and 6 adminbereich/admin.php...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in ScozNews 1.2.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the CONFIGmainpath parameter in 1 functions.php, 2 template.php, 3 news.php, 4 help.php, 5 mail.php, 6 Admin/admincats.php, 8 Admin/adminedit.php, 9...

CVE-2006-2149

PHP remote file inclusion vulnerability in sources/lostpw.php in Aardvark Topsites PHP 4.2.2 and earlier, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via the CONFIGpath parameter, as demonstrated by including a GIF that contains PHP code...