4 matches found
openSUSE 10 Security Update : awstats (awstats-1612)
This update fixes remote code execution vulnerabilities in awstats. Since backporting awstats fixes is error prone we have upgraded it to upstream version 6.6, which also includes new features. Security issues fixed: - CVE-2006-2237: missing sanitizing of the 'migrate' parameter. 173041 -...
SUSE-SA:2006:033: awstats
The remote host is missing the patch for the advisory SUSE-SA:2006:033 awstats. This update fixes remote code execution vulnerabilities in the WWW statistical analyzer awstats. Since back porting awstats fixes is error prone we have upgraded it to upstream version 6.6 which also includes new...
CVE-2006-2644
AWStats 6.5, and possibly other versions, allows remote authenticated users to execute arbitrary code by using the configdir parameter to awstats.pl to upload a configuration file whose name contains shell metacharacters, then access that file using the LogFile directive...
CVE-2006-2644
AWStats CVE-2006-2644 affects AWStats 6.5 (and possibly other versions) via the configdir parameter in awstats.pl. The root cause is lack of sanitization for the configdir parameter, allowing a remote authenticated user to upload a configuration file with shell metacharacters and then access it t...