2 matches found
AWStats fails to properly handle "\\" when specifying a configuration file directory
Overview AWStats fails to properly handle "\" when specifying a configuration file directory. This could allow an attacker to specify an arbitrary configuration file located on an SMB share. Description From the AWStats project website: "AWStats is a free powerful and featureful tool that...
CVE-2006-3281
CVE-2006-3281 : A remote code execution flaw in Windows Explorer/Internet Explorer 6 related to handling of Drag & Drop with CLSID extensions (Folder GUID Code Execution). Root cause: improper handling of directories/CLSID extensions can lead to arbitrary code execution when a user visits a craft...