Lucene search
UbuntuUSN-360-1HistoryOct 10, 2006 - 12:00 a.m.
awstats vulnerabilities
2006-10-1000:00:00
ubuntu.com
25
Releases
- Ubuntu 6.06
- Ubuntu 5.10
- Ubuntu 5.04
Details
awstats did not fully sanitize input, which was passed directly to the user’s
browser, allowing for an XSS attack. If a user was tricked into following a
specially crafted awstats URL, the user’s authentication information could be
exposed for the domain where awstats was hosted. (CVE-2006-3681)
awstats could display its installation path under certain conditions.
However, this might only become a concern if awstats is installed into
an user’s home directory. (CVE-2006-3682)
Related
openvas
openvas
Ubuntu: Security Advisory (USN-360-1)
2022-08-26 00:00:00
AWStats 'awstats.pl' Multiple Path Disclosure Vulnerability
2009-03-22 00:00:00
FreeBSD Ports: awstats
2009-01-07 00:00:00
nessus
nessus
Ubuntu 5.04 / 5.10 / 6.06 LTS : awstats vulnerabilities (USN-360-1)
2007-11-10 00:00:00
cvelist
cvelist
cve
cve
debiancve
debiancve
ubuntucve
ubuntucve
osv
osv
CVE-2018-10245
2018-04-20 17:29:00
prion
prion
Path traversal
2018-04-20 17:29:00
Cross site scripting
2008-08-19 19:41:00