Debian Awstats vulnerabilities

26 known vulnerabilities affecting debian/awstats.

Total CVEs
26
CISA KEV
0
Public exploits
12
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH4MEDIUM8LOW11

Vulnerabilities

Page 2 of 2
CVE-2005-0363HIGHCVSS 7.5fixed in awstats 6.2-1.2 (bookworm)2005
CVE-2005-0363 [HIGH] CVE-2005-0363: awstats - awstats.pl in AWStats 4.0 and 6.2 allows remote attackers to execute arbitrary c... awstats.pl in AWStats 4.0 and 6.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the config parameter. Scope: local bookworm: resolved (fixed in 6.2-1.2) bullseye: resolved (fixed in 6.2-1.2) forky: resolved (fixed in 6.2-1.2) sid: resolved (fixed in 6.2-1.2) trixie: resolved (fixed in 6.2-1.2)
debian
CVE-2005-0436HIGHCVSS 7.5PoCfixed in awstats 6.3-1 (bookworm)2005
CVE-2005-0436 [HIGH] CVE-2005-0436: awstats - Direct code injection vulnerability in awstats.pl in AWStats 6.3 and 6.4 allows ... Direct code injection vulnerability in awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to execute portions of Perl code via the PluginMode parameter. Scope: local bookworm: resolved (fixed in 6.3-1) bullseye: resolved (fixed in 6.3-1) forky: resolved (fixed in 6.3-1) sid: resolved (fixed in 6.3-1) trixie: resolved (fixed in 6.3-1)
debian
CVE-2005-0435MEDIUMCVSS 5.0PoCfixed in awstats 6.3-1 (bookworm)2005
CVE-2005-0435 [MEDIUM] CVE-2005-0435: awstats - awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to read server web log... awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to read server web logs by setting the loadplugin and pluginmode parameters to rawlog. Scope: local bookworm: resolved (fixed in 6.3-1) bullseye: resolved (fixed in 6.3-1) forky: resolved (fixed in 6.3-1) sid: resolved (fixed in 6.3-1) trixie: resolved (fixed in 6.3-1)
debian
CVE-2005-0362MEDIUMCVSS 4.6fixed in awstats 6.2-1.2 (bookworm)2005
CVE-2005-0362 [MEDIUM] CVE-2005-0362: awstats - awstats.pl in AWStats 6.2 allows remote attackers to execute arbitrary commands ... awstats.pl in AWStats 6.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) "pluginmode", (2) "loadplugin", or (3) "noloadplugin" parameters. Scope: local bookworm: resolved (fixed in 6.2-1.2) bullseye: resolved (fixed in 6.2-1.2) forky: resolved (fixed in 6.2-1.2) sid: resolved (fixed in 6.2-1.2) trixie: resolved (fixed in 6.
debian
CVE-2005-1527MEDIUMCVSS 5.0fixed in awstats 6.4-1.1 (bookworm)2005
CVE-2005-1527 [MEDIUM] CVE-2005-1527: awstats - Eval injection vulnerability in awstats.pl in AWStats 6.4 and earlier, when a UR... Eval injection vulnerability in awstats.pl in AWStats 6.4 and earlier, when a URLPlugin is enabled, allows remote attackers to execute arbitrary Perl code via the HTTP Referrer, which is used in a $url parameter that is inserted into an eval function call. Scope: local bookworm: resolved (fixed in 6.4-1.1) bullseye: resolved (fixed in 6.4-1.1) forky: resolved (fixed
debian
CVE-2005-0438MEDIUMCVSS 5.0PoCfixed in awstats 6.3-1 (bookworm)2005
CVE-2005-0438 [MEDIUM] CVE-2005-0438: awstats - awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to obtain sensitive in... awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to obtain sensitive information by setting the debug parameter. Scope: local bookworm: resolved (fixed in 6.3-1) bullseye: resolved (fixed in 6.3-1) forky: resolved (fixed in 6.3-1) sid: resolved (fixed in 6.3-1) trixie: resolved (fixed in 6.3-1)
debian
← Previous2 / 2