Remote pluginmode command execution exploit for AWStats versions 5.7 through 6.2.
a82a72fd891c5a191c588719e00bd1107ef2daed56cb475e9bf979f5be6ae538
Ubuntu Security Notice 5899-1 - It was discovered that AWStats did not properly sanitize the content of whois responses in the hostinfo plugin. An attacker could possibly use this issue to conduct cross-site scripting attacks.
5d72108cc6e645496aa7b0bcd879313446b5beafd830d95fdebed2c98d5399fb
Ubuntu Security Notice 4953-1 - Sean Boran discovered that AWStats incorrectly filtered certain parameters. A remote attacker could possibly use this issue to execute arbitrary code. It was discovered that AWStats incorrectly filtered certain parameters. A remote attacker could possibly use this issue to access sensitive information.
ac6176eda2562f663a4ae131506b3fc6577b2799f55437b5b195d6e4a3f3109c
Gentoo Linux Security Advisory 202007-37 - Multiple vulnerabilities have been found in AWStats, the worst of which could result in the arbitrary execution of code. Versions less than 7.8 are affected.
4ba8a1f5ca2f7088cc5440b4fb3b7726b115cb01d3dbb8b2827a19704d392380
Debian Linux Security Advisory 4092-1 - The cPanel Security Team discovered that awstats, a log file analyzer, was vulnerable to path traversal attacks. A remote unauthenticated attacker could leverage that to perform arbitrary code execution.
21b1e8874bd40dacd6975e7c409565168ce6defd04966870c6d4d3b699fc47e1
Ubuntu Security Notice 3518-1 - It was discovered that AWStats incorrectly filtered certain parameters. A remote attacker could possibly use this issue to execute arbitrary code.
faea2e34aef798c0b0b890705edd1cd3dc2fa2fa8b2fee9cb6ecfd54144b67c8
Mandriva Linux Security Advisory 2013-061 - Multiple XXS vulnerabilities was found and corrected in awstats. The updated packages have been patched to correct this issue.
a346e0b00f117b2ca871773b90f0bd8013d4742c3ead3ff816eb9a99c984219b
Secunia Security Advisory - A vulnerability has been reported in AWStats, which can be exploited by malicious people to conduct cross-site scripting attacks.
4f2863a3f14d2816026caf3ebbb1ce0452b31baf0fe07121385669da9ed3de4e
Secunia Security Advisory - MustLive has discovered two vulnerabilities in AWStats, which can be exploited by malicious people to conduct cross-site scripting attacks.
0cd7ab8ce6bbe825d65dbf994d9382ac1ae47cfa2a2821c4c8b40cec27083a15
Secunia Security Advisory - Fedora has issued an update for awstats. This fixes two vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks.
107657305e39f19b9876be06455f1050533e854529c845f0282de55b44afd0f8
AWStats versions 6.0 and 7.0 suffers from CRLF injection, cross site scripting, HTTP response splitting, and remote SQL injection vulnerabilities.
59557071b1987b2fde0f1594bff019d2392bfda8e3b64f00a2219e1a52209747
This Metasploit module exploits an arbitrary command execution vulnerability in the AWStats Totals PHP script. AWStats Totals version v1.0 - v1.14 are vulnerable.
5a5ef1d851e7541e28de7b53546932d0881adc18c9f19c4d8ea20156248a6ea5
Mandriva Linux Security Advisory 2011-033 - awstats.cgi in AWStats before 7.0 accepts a configdir parameter in the URL, which allows remote attackers to execute arbitrary commands via a crafted configuration file located on a WebDAV server or NFS server. Directory traversal vulnerability in AWStats before 7.0 allows remote attackers to have an unspecified impact via a crafted LoadPlugin directory. The updated packages have been upgraded to the latest version to address these vulnerabilities.
9e4e32cce97beecc5b78553696c4f168221c75fb1d97782e6b9b984727fb3ed4
Secunia Security Advisory - Ubuntu has issued an update for awstats. This fixes a security issue, which can be exploited by malicious people to bypass certain security restrictions.
0b382406378663ef41be606269519cca05dac241bbfdc14dca2442d7491bff97
AWStats version 6.95 suffers from a remote command execution vulnerability.
a2869834bf47871db34b4ecc16fe7fd28c4063155471c8451871a08faa9c8ba7
Ubuntu Security Notice 1047-1 - It was discovered that AWStats did not correctly filter the LoadPlugin configuration option. A local attacker on a shared system could use this to inject arbitrary code into AWStats.
b9951f473de622dbf38e911df981e0bcf5401099fb393900dcbd09ae4fccdecd
This Metasploit module exploits an arbitrary command execution vulnerability in the AWStats CGI script. AWStats v6.4 and v6.5 are vulnerable. Perl based payloads are recommended with this module. The vulnerability is only present when AllowToUpdateStatsFromBrowser is enabled in the AWstats configuration file (non-default).
eacfafaff42c9aa135b638a8e9838be33a68a7ed46514068c7b106f69fe2ac10
This Metasploit module exploits an arbitrary command execution vulnerability in the AWStats CGI script. iDEFENSE has confirmed that AWStats versions 6.1 and 6.2 are vulnerable.
c7fdffbbd0281a931ef1b75a62465cf757ccbfbbe17fe89aeaf55cb24d294f22
Mandriva Linux Security Advisory 2009-266 - awstats.pl in AWStats 6.8 and earlier does not properly remove quote characters, which allows remote attackers to conduct cross-site this issue exists because of an incomplete fix for CVE-2008-3714. This update fixes this vulnerability.
d513d6585d954aa8f9ad1097ae4518509989e56a48d4b0ae1b39238d22ee7c07
Secunia Security Advisory - Ubuntu has issued an update for awstats. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks.
2b812b1a86bcde41ad366fb618c625a237e80afa0cd470c88ac3b8a957ac74fb
Ubuntu Security Notice USN-686-1 - Morgan Todd discovered that AWStats did not correctly strip quotes from certain parameters, allowing for an XSS attack when running as a CGI. If a user was tricked by a remote attacker into following a specially crafted URL, the user's authentication information could be exposed for the domain where AWStats was hosted.
2eb76b150664bfb767c7b805ada7a25811f0ba6b60b9c581439cfecc83bbea92
Debian Security Advisory 1679-1 - Morgan Todd discovered a cross-site scripting vulnerability in awstats, a log file analyzer, involving the "config" request parameter (and possibly others; CVE-2008-3714).
746179c9c18c61fe79754a380d3b3eb43f0d63f94f67ea297c8be3e0f8e75212
Secunia Security Advisory - Debian has issued an update for awstats. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks.
7bcd230a1a911842bb3bc2d3b6623191baac1b9d9643499affb0e8c0663daaba
Mandriva Linux Security Advisory - A cross-site scripting (XSS) vulnerability was found in AWStats that allowed remote attackers to inject arbitrary web script or HTML via the query_string. The updated packages have been patched to prevent this issue.
f47b860ec3aa9c8ae3503e21cc32276294cbde918371b56a47fb1c54aeb23d3c
Secunia Security Advisory - Fedora has issued an update for awstats. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks.
174638714c1c8e8d93199bc4209a2b98ea413487b8b0a304a6253f15e34f8271
Remote code execution exploit with an interactive shell for AWStats Totals versions 1.0 through 1.14. Version 2 of this exploit. It now works with magic quotes on or off.
3b52ceea44ad2a0fec9d4072836d6515accffb82e2d47a1bc2e4dfad4eabc746