#Awstats configdir remote command execution code
Arbitrary PHP Code Execution AWStats on Windows awstats.cgi configdir.
+- configdir option was broken on windows servers (Pb on Sanitize function. NET editbug.aspx Multiple Parameter SQL Injection CVE-2010-3267 BugTracker. CVE-2005-0116 AWStats 6.1, and other versions before 6. This can lead to further compromise as it provides remote attackers with local access. + To run awstats, from command line, your operating system must be able. Combo is vulnerable to an input validation error which allows remote users to execute arbitrary commands on the. Remote exploitation of an input validation vulnerability in AWStats allows attackers to execute arbitrary commands under the privileges of the web server. in AWStats 6.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) 'pluginmode', (2) 'loadplugin', or (3) 'noloadplugin' parameters. Sarge and sid are afected The two ones know as -configdir -update are solved in this version but there is another one called -pluginmode And i have. , "cvelist":, "modified": "T00:00:00", "id": "OPENVAS:52186", "href": "", "sourceData": "#\n#VID fdad8a87-7f94-11d9-a9e7-0001020eed82\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke \n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. Analysis: Successful exploitation allows remote attackers to execute arbitrary commands under the privileges of the web server. Package: awstats Version: 6.2-1.1 Severity: grave Tags: security Justification: user security hole The arbitrary command execution problem in the 6.2 release is composed of several vulnerabilities.
0 kommentar(er)
