Lucene search
K

13 matches found

seebug.org
seebug.org
added 2014/07/01 12:0 a.m.16 views

AWStats (6.4-6.5) migrate Remote Command Execution

No description provided by source. $Id: awstatsmigrateexec.rb 9671 2010-07-03 06:21:31Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms ...

6.7AI score
Exploits0
Exploit DB
Exploit DB
added 2010/07/03 12:0 a.m.97 views

AWStats 6.4 < 6.5 - migrate Remote Command Execution (Metasploit)

$Id: awstatsmigrateexec.rb 9671 2010-07-03 06:21:31Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

5.1CVSS6.6AI score0.58356EPSS
Exploits10
Circl
Circl
added 2010/07/03 12:0 a.m.12 views

CVE-2006-2237

creationtimestamp| type| source ---|---|--- 2010-07-03 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/16886 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/unix/webapp/awstatsmigrateexec.rb 2025-02-06 03:13:38+00:00| see...

5.1CVSS5.7AI score0.58356EPSS
Exploits10References2
Metasploit
Metasploit
added 2009/01/15 7:9 a.m.29 views

AWStats migrate Remote Command Execution

This module exploits an arbitrary command execution vulnerability in the AWStats CGI script. AWStats v6.4 and v6.5 are vulnerable. Perl based payloads are recommended with this module. The vulnerability is only present when AllowToUpdateStatsFromBrowser is enabled in the AWStats configuration fil...

5.1CVSS10AI score0.58356EPSS
Exploits10
OpenVAS
OpenVAS
added 2008/09/24 12:0 a.m.24 views

Gentoo Security Advisory GLSA 200606-06 (awstats)

The remote host is missing updates announced in advisory GLSA 200606-06. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

5.1CVSS0.6AI score0.58356EPSS
Exploits10
OpenVAS
OpenVAS
added 2008/01/17 12:0 a.m.25 views

Debian Security Advisory DSA 1058-1 (awstats)

The remote host is missing an update to awstats announced via advisory DSA 1058-1. Hendrik Weimer discovered that specially crafted web requests can cause awstats, a powerful and featureful web server log analyzer, to execute arbitrary commands. The old stable distribution woody is not affected b...

5.1CVSS0.3AI score0.58356EPSS
Exploits10
Tenable Nessus
Tenable Nessus
added 2007/10/17 12:0 a.m.50 views

openSUSE 10 Security Update : awstats (awstats-1612)

This update fixes remote code execution vulnerabilities in awstats. Since backporting awstats fixes is error prone we have upgraded it to upstream version 6.6, which also includes new features. Security issues fixed: - CVE-2006-2237: missing sanitizing of the 'migrate' parameter. 173041 -...

5.1CVSS6.3AI score0.58356EPSS
Exploits10References2
Tenable Nessus
Tenable Nessus
added 2007/02/18 12:0 a.m.25 views

SUSE-SA:2006:033: awstats

The remote host is missing the patch for the advisory SUSE-SA:2006:033 awstats. This update fixes remote code execution vulnerabilities in the WWW statistical analyzer awstats. Since back porting awstats fixes is error prone we have upgraded it to upstream version 6.6 which also includes new...

5.1CVSS6.3AI score0.58356EPSS
Exploits10
Debian
Debian
added 2006/05/18 4:28 p.m.33 views

[SECURITY] [DSA 1058-1] New awstats packages fix arbitrary command execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 1058-1 [email protected] http://www.debian.org/security/ Martin Schulze May 18th, 2006 http://www.debian.org/security/faq -...

5.1CVSS6.3AI score0.58356EPSS
Exploits10
Saint
Saint
added 2006/05/11 12:0 a.m.34 views

AWStats migrate parameter command injection

Added: 05/11/2006 CVE: CVE-2006-2237 BID: 17844 OSVDB: 25284 Background AWStats is a web application for showing web, FTP, and mail server statistics. Problem AWStats uses the value of the migrate input parameter in a PERL open call without sufficient checks for invalid characters, allowing remot...

5.1CVSS6.6AI score0.58356EPSS
Exploits10
Saint
Saint
added 2006/05/11 12:0 a.m.34 views

AWStats migrate parameter command injection

Added: 05/11/2006 CVE: CVE-2006-2237 BID: 17844 OSVDB: 25284 Background AWStats is a web application for showing web, FTP, and mail server statistics. Problem AWStats uses the value of the migrate input parameter in a PERL open call without sufficient checks for invalid characters, allowing remot...

5.1CVSS6.6AI score0.58356EPSS
Exploits10
CVE
CVE
added 2006/05/08 11:0 p.m.79 views

CVE-2006-2237

AWStats 6.4 and 6.5 are affected by CVE-2006-2237 due to missing sanitization of the migrate parameter, enabling remote code execution when statistics updates are enabled. Evidence from multiple advisories and exploit records shows an external attacker could run arbitrary commands via the migrate...

5.1CVSS7.4AI score0.58356EPSS
Exploits10References16Affected Software1
Tenable Nessus
Tenable Nessus
added 2006/05/08 12:0 a.m.37 views

AWStats migrate Parameter Arbitrary Command Execution

The remote host is running AWStats, a free logfile analysis tool written in Perl. The version of AWStats installed on the remote host fails to sanitize input to the 'migrate' parameter before passing it to a Perl 'open' function. Provided 'AllowToUpdateStatsFromBrowser' is enabled in the AWStats...

5.1CVSS6.1AI score0.58356EPSS
Exploits10References3
Rows per page
Query Builder