25 matches found
SUSE CVE-2005-0116
AWStats 6.1, and other versions before 6.3, allows remote attackers to execute arbitrary commands via shell metacharacters in the configdir parameter to aswtats.pl...
SUSE CVE-2006-2644
AWStats 6.5, and possibly other versions, allows remote authenticated users to execute arbitrary code by using the configdir parameter to awstats.pl to upload a configuration file whose name contains shell metacharacters, then access that file using the LogFile directive...
VulnCheck KEV: CVE-2005-0116
AWStats 6.1, and other versions before 6.3, allows remote attackers to execute arbitrary commands via shell metacharacters in the configdir parameter to aswtats.pl...
AWStats configdir Parameter Remote Command Execution (CVE-2005-0116; CVE-2005-0362)
A command execution vulnerability has been reported in AWStats. The vulnerability is due to failing of AWStats CGI script to properly sanitize user provided parameters. A remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the target system...
Mandriva Update for awstats MDVSA-2011:033 (awstats)
Check for the Version of awstats OpenVAS Vulnerability Test Mandriva Update for awstats MDVSA-2011:033 awstats Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...
DEBIAN-CVE-2010-4367
awstats.cgi in AWStats before 7.0 accepts a configdir parameter in the URL, which allows remote attackers to execute arbitrary commands via a crafted configuration file located on a 1 WebDAV server or 2 NFS server...
CVE-2010-4367
awstats.cgi in AWStats before 7.0 accepts a configdir parameter in the URL, which allows remote attackers to execute arbitrary commands via a crafted configuration file located on a 1 WebDAV server or 2 NFS server...
CVE-2010-4368
awstats.cgi in AWStats before 7.0 on Windows accepts a configdir parameter in the URL, which allows remote attackers to execute arbitrary commands via a crafted configuration file located at a UNC share pathname...
CVE-2010-4367
awstats.cgi in AWStats before 7.0 accepts a configdir parameter in the URL, which allows remote attackers to execute arbitrary commands via a crafted configuration file located on a 1 WebDAV server or 2 NFS server...
openSUSE 10 Security Update : awstats (awstats-1612)
This update fixes remote code execution vulnerabilities in awstats. Since backporting awstats fixes is error prone we have upgraded it to upstream version 6.6, which also includes new features. Security issues fixed: - CVE-2006-2237: missing sanitizing of the 'migrate' parameter. 173041 -...
CVE-2006-5251
PHP remote file inclusion vulnerability in index.php in Deep CMS 2.0a allows remote attackers to execute arbitrary PHP code via a URL in the ConfigDir parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information...
CVE-2006-2644
AWStats 6.5, and possibly other versions, allows remote authenticated users to execute arbitrary code by using the configdir parameter to awstats.pl to upload a configuration file whose name contains shell metacharacters, then access that file using the LogFile directive...
Default configuration
AWStats 6.5, and possibly other versions, allows remote authenticated users to execute arbitrary code by using the configdir parameter to awstats.pl to upload a configuration file whose name contains shell metacharacters, then access that file using the LogFile directive...
CVE-2006-2644
AWStats 6.5, and possibly other versions, allows remote authenticated users to execute arbitrary code by using the configdir parameter to awstats.pl to upload a configuration file whose name contains shell metacharacters, then access that file using the LogFile directive...
DEBIAN-CVE-2006-2644
AWStats 6.5, and possibly other versions, allows remote authenticated users to execute arbitrary code by using the configdir parameter to awstats.pl to upload a configuration file whose name contains shell metacharacters, then access that file using the LogFile directive...
CVE-2006-2644
AWStats 6.5, and possibly other versions, allows remote authenticated users to execute arbitrary code by using the configdir parameter to awstats.pl to upload a configuration file whose name contains shell metacharacters, then access that file using the LogFile directive...
CVE-2006-2644
AWStats 6.5, and possibly other versions, allows remote authenticated users to execute arbitrary code by using the configdir parameter to awstats.pl to upload a configuration file whose name contains shell metacharacters, then access that file using the LogFile directive...
AWStats configdir parameter command execution
Added: 02/14/2006 CVE: CVE-2005-0116 BID: 12298 OSVDB: 13002 Background AWStats is a web application for showing web, FTP, and mail server statistics. Problem Insufficient validation of the configdir parameter before being used in a PERL open call leads to remote command execution. Resolution...
AWStats configdir parameter command execution
Added: 02/14/2006 CVE: CVE-2005-0116 BID: 12298 OSVDB: 13002 Background AWStats is a web application for showing web, FTP, and mail server statistics. Problem Insufficient validation of the configdir parameter before being used in a PERL open call leads to remote command execution. Resolution...
AWStats configdir parameter arbitrary cmd exec
The remote host is running AWStats, a free real-time logfile analyzer. The remote version of this software is prone to an input validation vulnerability. The issue is reported to exist because user supplied OpenVAS Vulnerability Test $Id: awstatsconfigdir.nasl 6056 2017-05-02 09:02:50Z teissa $...