Lucene search
K

6 matches found

Nmap
Nmap
added 2011/08/23 6:29 a.m.254 views

http-awstatstotals-exec NSE Script

Exploits a remote code execution vulnerability in Awstats Totals 1.0 up to 1.14 and possibly other products based on it CVE: 2008-3922. This vulnerability can be exploited through the GET variable sort. The script queries the web server with the command payload encoded using PHP's chr function:...

10CVSS9.6AI score0.99448EPSS
Exploits38
Packet Storm
Packet Storm
added 2011/05/26 12:0 a.m.30 views

AWStats Totals 1.14 Remote Command Execution

$Id: awstatstotalsmultisort.rb 12715 2011-05-25 10:45:36Z patrickw $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

9.3CVSS0.2AI score0.53202EPSS
Exploits5
Metasploit
Metasploit
added 2011/05/25 10:42 a.m.25 views

AWStats Totals multisort Remote Command Execution

This module exploits an arbitrary command execution vulnerability in the AWStats Totals PHP script. AWStats Totals version v1.0 - v1.14 are vulnerable. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...

9.3CVSS0.3AI score0.53202EPSS
Exploits5
Circl
Circl
added 2008/09/05 12:0 a.m.11 views

CVE-2008-3922

creationtimestamp| type| source ---|---|--- 2008-09-05 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/6368 2011-05-25 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/17324 2018-05-29 15:50:33+00:00| seen|...

9.3CVSS7.3AI score0.53202EPSS
Exploits5References3
CVE
CVE
added 2008/09/04 6:0 p.m.69 views

CVE-2008-3922

CVE-2008-3922 affects AWStats Totals (awstatstotals.php) versions 1.0–1.14. The vulnerability stems from unsanitized sort parameter usage in multisort(), enabling remote code execution by crafting PHP sequences to create an anonymous PHP function. Public references and tooling include Exploit-DB ...

9.3CVSS9.8AI score0.53202EPSS
Exploits5References11Affected Software1
Tenable Nessus
Tenable Nessus
added 2008/08/27 12:0 a.m.35378 views

AWStats Totals awstatstotals.php multisort() Function sort Parameter Arbitrary PHP Code Execution

The remote web server is running a version of awstatstotals.php which does not properly sanitize its 'sort' argument. An attacker can run arbitrary commands on the remote host within the context of the web server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

9.3CVSS8.5AI score0.53202EPSS
Exploits5References3
Rows per page
Query Builder