Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Awstats
(Awstats)| Repositories | https://github.com/eldy/awstats |
| #Vulnerabilities | 25 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2006-05-08 | CVE-2006-2237 | The web interface for AWStats 6.4 and 6.5, when statistics updates are enabled, allows remote attackers to execute arbitrary code via shell metacharacters in the migrate parameter. | Awstats | N/A | ||
| 2006-04-20 | CVE-2006-1945 | Cross-site scripting (XSS) vulnerability in awstats.pl in AWStats 6.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the config parameter. NOTE: this might be the same core issue as CVE-2005-2732. | Awstats | N/A | ||
| 2005-08-30 | CVE-2005-2732 | AWStats 6.4, and possibly earlier versions, allows remote attackers to obtain sensitive information via a file that does not exist in the config parameter, which reveals the path in an error message. | Awstats | N/A | ||
| 2005-05-02 | CVE-2005-0438 | awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to obtain sensitive information by setting the debug parameter. | Awstats | N/A | ||
| 2005-05-02 | CVE-2005-0437 | Directory traversal vulnerability in awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to include arbitrary Perl modules via .. (dot dot) sequences in the loadplugin parameter. | Awstats | N/A | ||
| 2005-05-02 | CVE-2005-0436 | Direct code injection vulnerability in awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to execute portions of Perl code via the PluginMode parameter. | Awstats | N/A | ||
| 2005-05-02 | CVE-2005-0435 | awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to read server web logs by setting the loadplugin and pluginmode parameters to rawlog. | Awstats | N/A | ||
| 2005-05-02 | CVE-2005-0363 | awstats.pl in AWStats 4.0 and 6.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the config parameter. | Awstats | N/A | ||
| 2005-02-09 | CVE-2005-0362 | awstats.pl in AWStats 6.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) "pluginmode", (2) "loadplugin", or (3) "noloadplugin" parameters. | Awstats | N/A | ||
| 2005-01-18 | CVE-2005-0116 | AWStats 6.1, and other versions before 6.3, allows remote attackers to execute arbitrary commands via shell metacharacters in the configdir parameter to aswtats.pl. | Awstats | N/A |