Filtered by vendor Awstats
Subscribe
Total
25 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2006-2644 | 1 Awstats | 1 Awstats | 2024-02-28 | 4.0 MEDIUM | N/A |
AWStats 6.5, and possibly other versions, allows remote authenticated users to execute arbitrary code by using the configdir parameter to awstats.pl to upload a configuration file whose name contains shell metacharacters, then access that file using the LogFile directive. | |||||
CVE-2006-3682 | 1 Awstats | 1 Awstats | 2024-02-28 | 5.0 MEDIUM | N/A |
awstats.pl in AWStats 6.5 build 1.857 and earlier allows remote attackers to obtain the installation path via the (1) year, (2) pluginmode or (3) month parameters. | |||||
CVE-2005-1527 | 3 Awstats, Canonical, Debian | 3 Awstats, Ubuntu Linux, Debian Linux | 2024-02-28 | 5.0 MEDIUM | N/A |
Eval injection vulnerability in awstats.pl in AWStats 6.4 and earlier, when a URLPlugin is enabled, allows remote attackers to execute arbitrary Perl code via the HTTP Referrer, which is used in a $url parameter that is inserted into an eval function call. | |||||
CVE-2006-3681 | 1 Awstats | 1 Awstats | 2024-02-28 | 2.6 LOW | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in awstats.pl in AWStats 6.5 build 1.857 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) refererpagesfilter, (2) refererpagesfilterex, (3) urlfilterex, (4) urlfilter, (5) hostfilter, or (6) hostfilterex parameters, a different set of vectors than CVE-2006-1945. | |||||
CVE-2005-0435 | 1 Awstats | 1 Awstats | 2024-02-28 | 5.0 MEDIUM | N/A |
awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to read server web logs by setting the loadplugin and pluginmode parameters to rawlog. |