5 matches found
CVE-2010-4368
awstats.cgi in AWStats before 7.0 on Windows accepts a configdir parameter in the URL, which allows remote attackers to execute arbitrary commands via a crafted configuration file located at a UNC share pathname...
CVE-2010-4368
awstats.cgi in AWStats before 7.0 on Windows accepts a configdir parameter in the URL, which allows remote attackers to execute arbitrary commands via a crafted configuration file located at a UNC share pathname...
CVE-2010-4368
AWStats vulnerability CVE-2010-4368 affects awstats.cgi prior to version 7.0 on Windows. The issue arises from accepting a configdir parameter in the URL, allowing a remote attacker to trigger arbitrary commands by pointing to a crafted configuration file on an SMB/UNC share. The base CVSSv2 scor...
Awstats Configuration File Remote Arbitrary Command Execution Vulnerability
Awstats is prone to an arbitrary command-execution vulnerability. This issue is due to a failure in the application to properly sanitize user- supplied input. An attacker can exploit this vulnerability to execute arbitrary shell commands in the context of the webserver process. This may help...
AWStats fails to properly handle "\\" when specifying a configuration file directory
Overview AWStats fails to properly handle "\" when specifying a configuration file directory. This could allow an attacker to specify an arbitrary configuration file located on an SMB share. Description From the AWStats project website: "AWStats is a free powerful and featureful tool that...