FreeBSD : awstats -- arbitrary code execution vulnerability (e86fbb5f-0d04-11da-bc08-0001020eed82)

An iDEFENSE Security Advisory reports : Remote exploitation of an input validation vulnerability in AWStats allows remote attackers to execute arbitrary commands. The problem specifically exists because of insufficient input filtering before passing user-supplied data to an eval function. As part...

AWStats < 6.4 (referer) Remote Command Execution Exploit

Exploit for cgi platform in category web applications ======================================================== AWStats new or die; $req = HTTP::Request-newGET = $path; $req-refererqqhttp://'.system$FilterEx'refererpages'.'; $res = $aw-request$req; $aw = LWP::UserAgent-new or die; $res =...

GLSA-200508-07 : AWStats: Arbitrary code execution using malicious Referrer information

The remote host is affected by the vulnerability described in GLSA-200508-07 AWStats: Arbitrary code execution using malicious Referrer information When using a URLPlugin, AWStats fails to sanitize Referrer URL data before using them in a Perl eval routine. Impact : A remote attacker can include...

CVE-2005-1527

Eval injection vulnerability in awstats.pl in AWStats 6.4 and earlier, when a URLPlugin is enabled, allows remote attackers to execute arbitrary Perl code via the HTTP Referrer, which is used in a $url parameter that is inserted into an eval function call...

CVE-2005-1527

Eval injection vulnerability in awstats.pl in AWStats 6.4 and earlier, when a URLPlugin is enabled, allows remote attackers to execute arbitrary Perl code via the HTTP Referrer, which is used in a $url parameter that is inserted into an eval function call...

PT-2005-2520 · Awstats · Awstats

Name of the Vulnerable Software and Affected Versions: AWStats versions 6.4 and earlier Description: The issue allows remote attackers to execute arbitrary Perl code via the HTTP Referrer when a URLPlugin is enabled. This is achieved by inserting the $url parameter into an eval function call,...

AWStats Referrer Header Arbitrary Command Execution

The remote host is running AWStats, an open source web analytics tool used for analyzing data from internet services such as web, streaming, media, mail and FTP servers. The version of AWStats installed on the remote host collects data about the web referrers and uses them without proper sanitati...

[Full-disclosure] iDEFENSE Security Advisory 08.09.05: AWStats ShowInfoURL Remote Command Execution Vulnerability

AWStats ShowInfoURL Remote Command Execution Vulnerability iDEFENSE Security Advisory 08.09.05 www.idefense.com/application/poi/display?id=290&type=vulnerabilities August 09, 2005 I. BACKGROUND AWStats is a free tool that generates web, streaming, ftp or mail server statistics, graphically. It ca...