9 matches found
EUVD-2020-22864
Malware in sbrugna...
CVE-2020-29600
In AWStats through 7.7, cgi-bin/awstats.pl?config= accepts an absolute pathname, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501...
Mageia: Security Advisory (MGASA-2021-0024)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-4953-1 awstats vulnerabilities
Sean Boran discovered that AWStats incorrectly filtered certain parameters. A remote attacker could possibly use this issue to execute arbitrary code. CVE-2020-29600 It was discovered that AWStats incorrectly filtered certain parameters. A remote attacker could possibly use this issue to access...
Updated awstats package fixes a security vulnerability
It was discovered that Awstats was vulnerable to path traversal attacks. A remote unauthenticated attacker could leverage that to perform arbitrary code execution. The previous fix did not fully address the issue when the default /etc/awstats/awstats.conf is not present CVE-2020-29600...
Arbitrary File Read
AWStats is vulnerable to arbitrary file read. cgi-bin/awstats.pl?config= accepts a partial absolute pathname omitting the initial /etc, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-100050...
Format string
In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname omitting the initial /etc, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501 and CVE-2020-29600...
CVE-2020-35176
In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname omitting the initial /etc, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501 and CVE-2020-29600...
CVE-2020-29600
In AWStats up to version 7.8, the CGI script cgi-bin/awstats.pl?config= accepts a partial absolute pathname (omitting the initial /etc) instead of only reading /etc/awstats/awstats.conf, enabling path traversal. This issue is noted as arising from an incomplete fix for CVE-2017-1000501 and CVE-20...