kickgasil.blogg.se

This is a record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities. Necessarily indicate when this vulnerability wasĭiscovered, shared with the affected vendor, publicly The CVE ID was allocated or reserved, and does not XF:awstats-migrate-command-execution(26287)ĭisclaimer: The record creation date may reflect when.Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. AWSTATS DATA FILE 6.8 (build 1.910) If you remove this file. NOTE: this issue exists because of an incomplete fix for CVE-2008-3714.The web interface for AWStats 6.4 and 6.5, when statistics updates are enabled, allows remote attackers to execute arbitrary code via shell metacharacters in the migrate parameter. # in AWStats 6.8 and earlier does not properly remove quote characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the query_string parameter. # Cross-site scripting (XSS) vulnerability in in AWStats 6.8 allows remote attackers to inject arbitrary web script or HTML via the query_string, a different vulnerability than CVE-2006-3681 and CVE-2006-1945. Multiple cross-site scripting (XSS) vulnerabilities in in AWStats 6.5 build 1.857 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) refererpagesfilter, (2) refererpagesfilterex, (3) urlfilterex, (4) urlfilter, (5) hostfilter, or (6) hostfilterex parameters, a different set of vectors than CVE. # Multiple cross-site scripting (XSS) vulnerabilities in in AWStats 6.5 build 1.857 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) refererpagesfilter, (2) refererpagesfilterex, (3) urlfilterex, (4) urlfilter, (5) hostfilter, or (6) hostfilterex parameters, a different set of vectors than CVE-2006-1945. # in AWStats 6.5 build 1.857 and earlier allows remote attackers to obtain the installation path via the (1) year, (2) pluginmode or (3) month parameters. If version_number < 6.5 or (version_number = 6.5 and version_build<=1.857 )

Results.each do |result| versions = 6.1 and version_number = 6.3 and version_number = 6.4 and version_number = 6.4 and version_number <= 6.5 #Advanced Web Statistics 5.5 (build 1.500) - Created by awstats # this is in ?framename=mainright and there's on version info in / for 5.5

#Advanced Web Statistics 3.1 (build 41) - Created by awstats package docs Summary: AWStats documentation set Group: Monitoring. # 676,000 for inurl:awstats ext:pl +intitle:"Statistics for" 'intitle:"statistics of" "advanced web statistics"' 'inurl:awstats ext:pl intitle:"Statistics for"' , # web site for more information on licensing and terms of use.ĭescription "AWStats - Free log file analyzer for advanced statistics (GNU GPL)." # redistribution and commercial restrictions. FAQ-ABO100 : WHICH SERVER LOG FILES OR OS ARE SUPPORTED AWStats can works with : All web server able to write log file with a combined log format (XLF/ELF) like Apache, a common log format (CLF) like Apache or Squid, a W3C log format like IIS 5.0 or higher, or any other log format that contains all information AWStats expect to find. Upgrade to the latest version of AWStats (6.4 or later), as available from the. # This file is part of WhatWeb and may be subject to AWStats could allow a remote attacker to execute arbitrary commands. Confidentiality Impact: Partial (There is considerable informational disclosure.): Integrity Impact: None (There is no impact to the integrity of the system): Availability Impact: None (There is no impact to the availability of the system.): Access Complexity: Low (Specialized access conditions or extenuating circumstances do not exist.