![]() ![]() Name : The remote web server contains a CGI script that allows execution of arbitrar.įile : awstats_configdir.\n\n\ninclude(\"audit.inc\") \ninclude(\"freebsd_package. Name : The remote Gentoo host is missing one or more security-related patches.įile : gentoo_GLSA-200501-36.nasl - Type : ACT_GATHER_INFO Name : The remote Debian host is missing a security-related update.įile : debian_DSA-682.nasl - Type : ACT_GATHER_INFO Problem Insufficient validation of the configdir parameter before being used in a PERL. Name : The remote FreeBSD host is missing a security-related update.įile : freebsd_pkg_0f5a2b4d694b11d9a9e70001020eed82.nasl - Type : ACT_GATHER_INFOįile : freebsd_pkg_fdad8a877f9411d9a9e70001020eed82.nasl - Type : ACT_GATHER_INFO Added: CVE: CVE-2005-0116 BID: 12298 OSVDB: 13002 Background AWStats is a web application for showing web, FTP, and mail server statistics. Such input is not santitized before being passed to the perl 'open()' command to be executed.Ī configdir command injection attempt RuleID : 50882 - Revision :Ī configdir command injection attempt RuleID : 50881 - Revision :Ī configdir command injection attempt RuleID : 50880 - Revision :Ī configdir command injection attempt RuleID : 3813 - Revision : The issue is triggered when using the pipe character (|) and shell metacaracters in the 'configdir' variable of the script. It is possible that the flaw may allow execution of arbitrary commands under the web server privileges resulting in a loss of integrity.ĪWStats configdir Parameter Arbitrary Command ExecutionĪWStats contains a flaw that may allow a malicious user to issue arbitray commands under the web server privileges. ![]() The issue is triggered when providing shell meta-characters to the "pluginmode", "loadplugin", or "noloadplugin" variables of the script. Open Source Vulnerability Database (OSVDB) IdĪWStats Multiple Parameter Shell Metacharacter Arbitrary Command E.ĪWStats contains several flaws that may allow a malicious user to execute arbitrary code. Name : Debian Security Advisory DSA 682-1 (awstats) Name : Gentoo Security Advisory GLSA 200501-36 (awstats)
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |