Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 25 results


CVE-2022-46391

Low priority
Fixed

AWStats 7.x through 7.8 allows XSS in the hostinfo plugin due to printing a response from Net::XWhois without proper checks.

1 affected packages

awstats

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
awstats Fixed Fixed Fixed Fixed
Show less packages

CVE-2020-35176

Low priority
Fixed

In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname (omitting the initial /etc), even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists...

1 affected packages

awstats

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
awstats Not affected Fixed Fixed Fixed
Show less packages

CVE-2020-29600

Low priority
Fixed

In AWStats through 7.7, cgi-bin/awstats.pl?config= accepts an absolute pathname, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for...

1 affected packages

awstats

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
awstats Not affected Fixed Fixed Fixed
Show less packages

CVE-2018-10245

Negligible priority
Needs evaluation

A Full Path Disclosure vulnerability in AWStats through 7.6 allows remote attackers to know where the config file is allocated, obtaining the full path of the server, a similar issue to CVE-2006-3682. The attack can, for example,...

1 affected packages

awstats

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
awstats Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2017-1000501

Medium priority
Fixed

Awstats version 7.6 and earlier is vulnerable to a path traversal flaw in the handling of the "config" and "migrate" parameters resulting in unauthenticated remote code execution.

1 affected packages

awstats

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
awstats Fixed
Show less packages

CVE-2012-4547

Medium priority
Not affected

Unspecified vulnerability in awredir.pl in AWStats before 7.1 has unknown impact and attack vectors.

1 affected packages

awstats

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
awstats
Show less packages

CVE-2010-4368

Medium priority
Not affected

awstats.cgi in AWStats before 7.0 on Windows accepts a configdir parameter in the URL, which allows remote attackers to execute arbitrary commands via a crafted configuration file located at a UNC share pathname.

1 affected packages

awstats

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
awstats
Show less packages

CVE-2010-4367

Medium priority
Not affected

awstats.cgi in AWStats before 7.0 accepts a configdir parameter in the URL, which allows remote attackers to execute arbitrary commands via a crafted configuration file located on a (1) WebDAV server or (2) NFS server.

1 affected packages

awstats

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
awstats
Show less packages

CVE-2009-5020

Medium priority
Not affected

Open redirect vulnerability in awredir.pl in AWStats before 6.95 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

1 affected packages

awstats

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
awstats
Show less packages

CVE-2010-4369

Medium priority
Fixed

Directory traversal vulnerability in AWStats before 7.0 allows remote attackers to have an unspecified impact via a crafted LoadPlugin directory.

1 affected packages

awstats

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
awstats
Show less packages