VYPR

Awstats

by AWStats

Source repositories

CVEs (25)

  • CVE-2005-2732Aug 30, 2005
    risk 0.00cvss epss 0.02

    AWStats 6.4, and possibly earlier versions, allows remote attackers to obtain sensitive information via a file that does not exist in the config parameter, which reveals the path in an error message.

  • CVE-2005-1527Aug 15, 2005
    risk 0.00cvss epss 0.03

    Eval injection vulnerability in awstats.pl in AWStats 6.4 and earlier, when a URLPlugin is enabled, allows remote attackers to execute arbitrary Perl code via the HTTP Referrer, which is used in a $url parameter that is inserted into an eval function call.

  • CVE-2005-0363May 2, 2005
    risk 0.00cvss epss 0.02

    awstats.pl in AWStats 4.0 and 6.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the config parameter.

  • CVE-2005-0437May 2, 2005
    risk 0.00cvss epss 0.02

    Directory traversal vulnerability in awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to include arbitrary Perl modules via .. (dot dot) sequences in the loadplugin parameter.

  • CVE-2005-0362Feb 9, 2005
    risk 0.00cvss epss 0.02

    awstats.pl in AWStats 6.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) "pluginmode", (2) "loadplugin", or (3) "noloadplugin" parameters.

Page 2 of 2