Lucene search
+L

7 matches found

susecve
susecve
added 2023/02/15 6:15 a.m.3 views

SUSE CVE-2006-2644

AWStats 6.5, and possibly other versions, allows remote authenticated users to execute arbitrary code by using the configdir parameter to awstats.pl to upload a configuration file whose name contains shell metacharacters, then access that file using the LogFile directive...

4CVSS8AI score0.02712EPSS
Exploits0References4
nvd
nvd
added 2006/05/30 10:2 a.m.28 views

CVE-2006-2644

AWStats 6.5, and possibly other versions, allows remote authenticated users to execute arbitrary code by using the configdir parameter to awstats.pl to upload a configuration file whose name contains shell metacharacters, then access that file using the LogFile directive...

4CVSS7.3AI score0.02712EPSS
Exploits0References11
osv
osv
added 2006/05/30 10:2 a.m.2 views

DEBIAN-CVE-2006-2644

AWStats 6.5, and possibly other versions, allows remote authenticated users to execute arbitrary code by using the configdir parameter to awstats.pl to upload a configuration file whose name contains shell metacharacters, then access that file using the LogFile directive...

4CVSS8AI score0.02712EPSS
Exploits0References1
prion
prion
added 2006/05/30 10:2 a.m.34 views

Default configuration

AWStats 6.5, and possibly other versions, allows remote authenticated users to execute arbitrary code by using the configdir parameter to awstats.pl to upload a configuration file whose name contains shell metacharacters, then access that file using the LogFile directive...

4CVSS7.6AI score0.02712EPSS
Exploits0References11Affected Software1
debiancve
debiancve
added 2006/05/30 10:0 a.m.61 views

CVE-2006-2644

AWStats 6.5, and possibly other versions, allows remote authenticated users to execute arbitrary code by using the configdir parameter to awstats.pl to upload a configuration file whose name contains shell metacharacters, then access that file using the LogFile directive...

4CVSS7.3AI score0.02712EPSS
Exploits0
nessus
nessus
added 2006/05/13 12:0 a.m.14 views

FreeBSD : awstats -- arbitrary command execution vulnerability (2df297a2-dc74-11da-a22b-000c6ec775d9)

OS Reviews reports : If the update of the stats via web front-end is allowed, a remote attacker can execute arbitrary code on the server using a specially crafted request involving the migrate parameter. Input starting with a pipe character '|' leads to an insecure call to Perl's open function an...

6.2AI score
Exploits0References3
freebsd
freebsd
added 2006/05/03 12:0 a.m.17 views

awstats -- arbitrary command execution vulnerability

OS Reviews reports: If the update of the stats via web front-end is allowed, a remote attacker can execute arbitrary code on the server using a specially crafted request involving the migrate parameter. Input starting with a pipe character "|" leads to an insecure call to Perl's open function and...

2.7AI score
Exploits0References3
Rows per page
Query Builder