SUSE CVE-2005-0116

AWStats 6.1, and other versions before 6.3, allows remote attackers to execute arbitrary commands via shell metacharacters in the configdir parameter to aswtats.pl...

VulnCheck KEV: CVE-2005-0116

AWStats 6.1, and other versions before 6.3, allows remote attackers to execute arbitrary commands via shell metacharacters in the configdir parameter to aswtats.pl...

AWStats configdir Parameter Remote Command Execution (CVE-2005-0116; CVE-2005-0362)

A command execution vulnerability has been reported in AWStats. The vulnerability is due to failing of AWStats CGI script to properly sanitize user provided parameters. A remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the target system...

CVE-2010-4367

awstats.cgi in AWStats before 7.0 accepts a configdir parameter in the URL, which allows remote attackers to execute arbitrary commands via a crafted configuration file located on a 1 WebDAV server or 2 NFS server...

DEBIAN-CVE-2010-4367

awstats.cgi in AWStats before 7.0 accepts a configdir parameter in the URL, which allows remote attackers to execute arbitrary commands via a crafted configuration file located on a 1 WebDAV server or 2 NFS server...

openSUSE 10 Security Update : awstats (awstats-1612)

This update fixes remote code execution vulnerabilities in awstats. Since backporting awstats fixes is error prone we have upgraded it to upstream version 6.6, which also includes new features. Security issues fixed: - CVE-2006-2237: missing sanitizing of the 'migrate' parameter. 173041 -...

CVE-2006-5251

PHP remote file inclusion vulnerability in index.php in Deep CMS 2.0a allows remote attackers to execute arbitrary PHP code via a URL in the ConfigDir parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information...

Default configuration

AWStats 6.5, and possibly other versions, allows remote authenticated users to execute arbitrary code by using the configdir parameter to awstats.pl to upload a configuration file whose name contains shell metacharacters, then access that file using the LogFile directive...

CVE-2006-2644

AWStats 6.5, and possibly other versions, allows remote authenticated users to execute arbitrary code by using the configdir parameter to awstats.pl to upload a configuration file whose name contains shell metacharacters, then access that file using the LogFile directive...

CVE-2006-2644

AWStats 6.5, and possibly other versions, allows remote authenticated users to execute arbitrary code by using the configdir parameter to awstats.pl to upload a configuration file whose name contains shell metacharacters, then access that file using the LogFile directive...

DEBIAN-CVE-2006-2644

AWStats 6.5, and possibly other versions, allows remote authenticated users to execute arbitrary code by using the configdir parameter to awstats.pl to upload a configuration file whose name contains shell metacharacters, then access that file using the LogFile directive...

CVE-2006-2644

AWStats 6.5, and possibly other versions, allows remote authenticated users to execute arbitrary code by using the configdir parameter to awstats.pl to upload a configuration file whose name contains shell metacharacters, then access that file using the LogFile directive...

AWStats configdir parameter command execution

Added: 02/14/2006 CVE: CVE-2005-0116 BID: 12298 OSVDB: 13002 Background AWStats is a web application for showing web, FTP, and mail server statistics. Problem Insufficient validation of the configdir parameter before being used in a PERL open call leads to remote command execution. Resolution...

AWStats configdir parameter command execution

Added: 02/14/2006 CVE: CVE-2005-0116 BID: 12298 OSVDB: 13002 Background AWStats is a web application for showing web, FTP, and mail server statistics. Problem Insufficient validation of the configdir parameter before being used in a PERL open call leads to remote command execution. Resolution...

AWStats configdir parameter arbitrary cmd exec

The remote host is running AWStats, a free real-time logfile analyzer. The remote version of this software is prone to an input validation vulnerability. The issue is reported to exist because user supplied OpenVAS Vulnerability Test $Id: awstatsconfigdir.nasl 6056 2017-05-02 09:02:50Z teissa $...

AWStats configdir Remote Command Execution Exploit (c code)

No description provided by source. / AwStats exploit by Thunder, [email protected] This exploit makes use of the remote command execution bug discovered in AwStats ver 6.2 and below. The bug resides in the awstats.pl perl script. The script does not sanitise correctly the user input for the...

AWStats 6.0 < 6.2 - 'configdir' Remote Command Execution

!/usr/bin/perl ---GHC--------------------------------- Remote command execution exploit Product: Advanced Web Statistics 6.0 - 6.2 URL:http://awstats.sourceforge.net Greets & respects to our friends: 1dt.w0lf and all rst.void.ru Special greets 2 d0G4 & cr0n for link on bugtraq...

CVE-2005-0116

AWStats 6.1, and other versions before 6.3, allows remote attackers to execute arbitrary commands via shell metacharacters in the configdir parameter to aswtats.pl...

DEBIAN-CVE-2005-0116

AWStats 6.1, and other versions before 6.3, allows remote attackers to execute arbitrary commands via shell metacharacters in the configdir parameter to aswtats.pl...