exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 57 RSS Feed

Files

sileAWSxpl_v5.7-6.2.c
Posted Feb 26, 2005
Authored by Silentium | Site autistici.org

Remote pluginmode command execution exploit for AWStats versions 5.7 through 6.2.

tags | exploit, remote
SHA-256 | a82a72fd891c5a191c588719e00bd1107ef2daed56cb475e9bf979f5be6ae538

Related Files

Ubuntu Security Notice USN-5899-1
Posted Feb 28, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5899-1 - It was discovered that AWStats did not properly sanitize the content of whois responses in the hostinfo plugin. An attacker could possibly use this issue to conduct cross-site scripting attacks.

tags | advisory, xss
systems | linux, ubuntu
advisories | CVE-2022-46391
SHA-256 | 5d72108cc6e645496aa7b0bcd879313446b5beafd830d95fdebed2c98d5399fb
Ubuntu Security Notice USN-4953-1
Posted May 14, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4953-1 - Sean Boran discovered that AWStats incorrectly filtered certain parameters. A remote attacker could possibly use this issue to execute arbitrary code. It was discovered that AWStats incorrectly filtered certain parameters. A remote attacker could possibly use this issue to access sensitive information.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2017-1000501, CVE-2020-29600, CVE-2020-35176
SHA-256 | ac6176eda2562f663a4ae131506b3fc6577b2799f55437b5b195d6e4a3f3109c
Gentoo Linux Security Advisory 202007-37
Posted Jul 27, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202007-37 - Multiple vulnerabilities have been found in AWStats, the worst of which could result in the arbitrary execution of code. Versions less than 7.8 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2017-1000501
SHA-256 | 4ba8a1f5ca2f7088cc5440b4fb3b7726b115cb01d3dbb8b2827a19704d392380
Debian Security Advisory 4092-1
Posted Jan 19, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4092-1 - The cPanel Security Team discovered that awstats, a log file analyzer, was vulnerable to path traversal attacks. A remote unauthenticated attacker could leverage that to perform arbitrary code execution.

tags | advisory, remote, arbitrary, code execution
systems | linux, debian
advisories | CVE-2017-1000501
SHA-256 | 21b1e8874bd40dacd6975e7c409565168ce6defd04966870c6d4d3b699fc47e1
Ubuntu Security Notice USN-3518-1
Posted Jan 9, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3518-1 - It was discovered that AWStats incorrectly filtered certain parameters. A remote attacker could possibly use this issue to execute arbitrary code.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2017-1000501
SHA-256 | faea2e34aef798c0b0b890705edd1cd3dc2fa2fa8b2fee9cb6ecfd54144b67c8
Mandriva Linux Security Advisory 2013-061
Posted Apr 8, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-061 - Multiple XXS vulnerabilities was found and corrected in awstats. The updated packages have been patched to correct this issue.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2012-4547
SHA-256 | a346e0b00f117b2ca871773b90f0bd8013d4742c3ead3ff816eb9a99c984219b
Secunia Security Advisory 50965
Posted Oct 17, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in AWStats, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
SHA-256 | 4f2863a3f14d2816026caf3ebbb1ce0452b31baf0fe07121385669da9ed3de4e
Secunia Security Advisory 46160
Posted Nov 5, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - MustLive has discovered two vulnerabilities in AWStats, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
SHA-256 | 0cd7ab8ce6bbe825d65dbf994d9382ac1ae47cfa2a2821c4c8b40cec27083a15
Secunia Security Advisory 46478
Posted Oct 22, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Fedora has issued an update for awstats. This fixes two vulnerabilities, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, vulnerability, xss
systems | linux, fedora
SHA-256 | 107657305e39f19b9876be06455f1050533e854529c845f0282de55b44afd0f8
AWStats 7.0 / 6.0 SQL Injection / Cross Site Scripting / CRLF Injection
Posted Sep 23, 2011
Authored by MustLive

AWStats versions 6.0 and 7.0 suffers from CRLF injection, cross site scripting, HTTP response splitting, and remote SQL injection vulnerabilities.

tags | exploit, remote, web, vulnerability, xss, sql injection
SHA-256 | 59557071b1987b2fde0f1594bff019d2392bfda8e3b64f00a2219e1a52209747
AWStats Totals 1.14 Remote Command Execution
Posted May 26, 2011
Authored by Patrick Webster | Site metasploit.com

This Metasploit module exploits an arbitrary command execution vulnerability in the AWStats Totals PHP script. AWStats Totals version v1.0 - v1.14 are vulnerable.

tags | exploit, arbitrary, php
advisories | CVE-2008-3922, OSVDB-47807
SHA-256 | 5a5ef1d851e7541e28de7b53546932d0881adc18c9f19c4d8ea20156248a6ea5
Mandriva Linux Security Advisory 2011-033
Posted Feb 21, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-033 - awstats.cgi in AWStats before 7.0 accepts a configdir parameter in the URL, which allows remote attackers to execute arbitrary commands via a crafted configuration file located on a WebDAV server or NFS server. Directory traversal vulnerability in AWStats before 7.0 allows remote attackers to have an unspecified impact via a crafted LoadPlugin directory. The updated packages have been upgraded to the latest version to address these vulnerabilities.

tags | advisory, remote, arbitrary, cgi, vulnerability
systems | linux, mandriva
advisories | CVE-2010-4367, CVE-2010-4369
SHA-256 | 9e4e32cce97beecc5b78553696c4f168221c75fb1d97782e6b9b984727fb3ed4
Secunia Security Advisory 43004
Posted Jan 27, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for awstats. This fixes a security issue, which can be exploited by malicious people to bypass certain security restrictions.

tags | advisory
systems | linux, ubuntu
SHA-256 | 0b382406378663ef41be606269519cca05dac241bbfdc14dca2442d7491bff97
AWStats 6.95 Command Execution
Posted Dec 2, 2010
Authored by StenoPlasma | Site exploitdevelopment.com

AWStats version 6.95 suffers from a remote command execution vulnerability.

tags | exploit, remote
SHA-256 | a2869834bf47871db34b4ecc16fe7fd28c4063155471c8451871a08faa9c8ba7
Ubuntu Security Notice USN-1047-1
Posted Jan 24, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1047-1 - It was discovered that AWStats did not correctly filter the LoadPlugin configuration option. A local attacker on a shared system could use this to inject arbitrary code into AWStats.

tags | advisory, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2010-4369
SHA-256 | b9951f473de622dbf38e911df981e0bcf5401099fb393900dcbd09ae4fccdecd
AWStats migrate Remote Command Execution
Posted Oct 30, 2009
Authored by patrick | Site metasploit.com

This Metasploit module exploits an arbitrary command execution vulnerability in the AWStats CGI script. AWStats v6.4 and v6.5 are vulnerable. Perl based payloads are recommended with this module. The vulnerability is only present when AllowToUpdateStatsFromBrowser is enabled in the AWstats configuration file (non-default).

tags | exploit, arbitrary, cgi, perl
advisories | CVE-2006-2237
SHA-256 | eacfafaff42c9aa135b638a8e9838be33a68a7ed46514068c7b106f69fe2ac10
AWStats configdir Remote Command Execution
Posted Oct 30, 2009
Authored by Matteo Cantoni

This Metasploit module exploits an arbitrary command execution vulnerability in the AWStats CGI script. iDEFENSE has confirmed that AWStats versions 6.1 and 6.2 are vulnerable.

tags | exploit, arbitrary, cgi
advisories | CVE-2005-0116
SHA-256 | c7fdffbbd0281a931ef1b75a62465cf757ccbfbbe17fe89aeaf55cb24d294f22
Mandriva Linux Security Advisory 2009-266
Posted Oct 12, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-266 - awstats.pl in AWStats 6.8 and earlier does not properly remove quote characters, which allows remote attackers to conduct cross-site this issue exists because of an incomplete fix for CVE-2008-3714. This update fixes this vulnerability.

tags | advisory, remote
systems | linux, mandriva
advisories | CVE-2008-5080
SHA-256 | d513d6585d954aa8f9ad1097ae4518509989e56a48d4b0ae1b39238d22ee7c07
Secunia Security Advisory 33002
Posted Dec 4, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for awstats. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
systems | linux, ubuntu
SHA-256 | 2b812b1a86bcde41ad366fb618c625a237e80afa0cd470c88ac3b8a957ac74fb
Ubuntu Security Notice 686-1
Posted Dec 4, 2008
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-686-1 - Morgan Todd discovered that AWStats did not correctly strip quotes from certain parameters, allowing for an XSS attack when running as a CGI. If a user was tricked by a remote attacker into following a specially crafted URL, the user's authentication information could be exposed for the domain where AWStats was hosted.

tags | advisory, remote, cgi
systems | linux, ubuntu
advisories | CVE-2008-3714
SHA-256 | 2eb76b150664bfb767c7b805ada7a25811f0ba6b60b9c581439cfecc83bbea92
Debian Linux Security Advisory 1679-1
Posted Dec 4, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1679-1 - Morgan Todd discovered a cross-site scripting vulnerability in awstats, a log file analyzer, involving the "config" request parameter (and possibly others; CVE-2008-3714).

tags | advisory, xss
systems | linux, debian
advisories | CVE-2008-3714
SHA-256 | 746179c9c18c61fe79754a380d3b3eb43f0d63f94f67ea297c8be3e0f8e75212
Secunia Security Advisory 32939
Posted Dec 3, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for awstats. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
systems | linux, debian
SHA-256 | 7bcd230a1a911842bb3bc2d3b6623191baac1b9d9643499affb0e8c0663daaba
Mandriva Linux Security Advisory 2008-203
Posted Sep 24, 2008
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - A cross-site scripting (XSS) vulnerability was found in AWStats that allowed remote attackers to inject arbitrary web script or HTML via the query_string. The updated packages have been patched to prevent this issue.

tags | advisory, remote, web, arbitrary, xss
systems | linux, mandriva
advisories | CVE-2008-3714
SHA-256 | f47b860ec3aa9c8ae3503e21cc32276294cbde918371b56a47fb1c54aeb23d3c
Secunia Security Advisory 31759
Posted Sep 11, 2008
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Fedora has issued an update for awstats. This fixes a vulnerability, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
systems | linux, fedora
SHA-256 | 174638714c1c8e8d93199bc4209a2b98ea413487b8b0a304a6253f15e34f8271
awstats-exec2.txt
Posted Sep 5, 2008
Authored by Ricardo Almeida

Remote code execution exploit with an interactive shell for AWStats Totals versions 1.0 through 1.14. Version 2 of this exploit. It now works with magic quotes on or off.

tags | exploit, remote, shell, code execution
SHA-256 | 3b52ceea44ad2a0fec9d4072836d6515accffb82e2d47a1bc2e4dfad4eabc746
Page 1 of 3
Back123Next

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    0 Files
  • 9
    Sep 9th
    0 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    0 Files
  • 13
    Sep 13th
    0 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    0 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close