Lucene search
K

9 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-22864

Malware in sbrugna...

5.3CVSS7.2AI score0.01834EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2022/05/20 11:23 p.m.25 views

CVE-2020-29600

In AWStats through 7.7, cgi-bin/awstats.pl?config= accepts an absolute pathname, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501...

9.8CVSS2AI score0.04352EPSS
Exploits1References1
OpenVAS
OpenVAS
added 2022/01/28 12:0 a.m.19 views

Mageia: Security Advisory (MGASA-2021-0024)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS7.4AI score0.02909EPSS
Exploits1References5
OSV
OSV
added 2021/05/13 5:12 p.m.5 views

USN-4953-1 awstats vulnerabilities

Sean Boran discovered that AWStats incorrectly filtered certain parameters. A remote attacker could possibly use this issue to execute arbitrary code. CVE-2020-29600 It was discovered that AWStats incorrectly filtered certain parameters. A remote attacker could possibly use this issue to access...

9.8CVSS7.1AI score0.04352EPSS
Exploits1References4
Mageia
Mageia
added 2021/01/14 3:13 p.m.55 views

Updated awstats package fixes a security vulnerability

It was discovered that Awstats was vulnerable to path traversal attacks. A remote unauthenticated attacker could leverage that to perform arbitrary code execution. The previous fix did not fully address the issue when the default /etc/awstats/awstats.conf is not present CVE-2020-29600...

9.8CVSS5AI score0.02909EPSS
Exploits1References3
Veracode
Veracode
added 2020/12/23 9:54 p.m.29 views

Arbitrary File Read

AWStats is vulnerable to arbitrary file read. cgi-bin/awstats.pl?config= accepts a partial absolute pathname omitting the initial /etc, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-100050...

9.8CVSS2.7AI score0.04352EPSS
Exploits1References7Affected Software1
Prion
Prion
added 2020/12/12 12:15 a.m.32 views

Format string

In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname omitting the initial /etc, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501 and CVE-2020-29600...

5CVSS6.9AI score0.04352EPSS
Exploits1References4Affected Software3
AlpineLinux
AlpineLinux
added 2020/12/11 11:16 p.m.26 views

CVE-2020-35176

In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname omitting the initial /etc, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501 and CVE-2020-29600...

5.3CVSS7.3AI score0.01834EPSS
Exploits0
CVE
CVE
added 2020/12/07 7:52 p.m.122 views

CVE-2020-29600

In AWStats up to version 7.8, the CGI script cgi-bin/awstats.pl?config= accepts a partial absolute pathname (omitting the initial /etc) instead of only reading /etc/awstats/awstats.conf, enabling path traversal. This issue is noted as arising from an incomplete fix for CVE-2017-1000501 and CVE-20...

9.8CVSS7AI score0.02909EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder