pkg:Debian/awstats
35 total CVEsCRITICAL5HIGH2MEDIUM4
✅ Check your installed version
All known vulnerabilities
- from 0, < 7.8-1
- from 0, < 7.6+dfsg-1+deb9u2
- from 0, < 7.0~dfsg-7+deb7u1
- from 0, < 7.2+dfsg-1+deb8u1
- from 0, < 7.6+dfsg-2
- from 0, < 7.8-2+deb11u2
- from 0, < 7.8-2+deb11u2
- from 0, < 7.8-2+deb11u1
- from 0, < 7.6+dfsg-2+deb10u2
- MEDIUM5.3CVE-2020-35176In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname (omitting the initial /etc), even though it was inte…from 0, < 7.8-2
- MEDIUM5.3CVE-2018-10245A Full Path Disclosure vulnerability in AWStats through 7.6 allows remote attackers to know where the config file is allocated, obtaining t…from 0
- —CVE-2012-4547Unspecified vulnerability in awredir.pl in AWStats before 7.1 has unknown impact and attack vectors.from 0, < 7.1~dfsg-1
- —CVE-2010-4369Directory traversal vulnerability in AWStats before 7.0 allows remote attackers to have an unspecified impact via a crafted LoadPlugin dire…from 0, < 6.9.5~dfsg-5
- —CVE-2010-4367awstats.cgi in AWStats before 7.0 accepts a configdir parameter in the URL, which allows remote attackers to execute arbitrary commands via…from 0, < 6.9.5~dfsg-5
- —CVE-2009-5020Open redirect vulnerability in awredir.pl in AWStats before 6.95 allows remote attackers to redirect users to arbitrary web sites and condu…from 0, < 6.9.5~dfsg-1
- —CVE-2008-5080awstats.pl in AWStats 6.8 and earlier does not properly remove quote characters, which allows remote attackers to conduct cross-site script…from 0, < 6.7.dfsg-5.1
- from 0, < 6.5+dfsg-1+etch1
- from 0, < 6.7.dfsg-5.1
- —CVE-2006-3682awstats.pl in AWStats 6.5 build 1.857 and earlier allows remote attackers to obtain the installation path via the (1) year, (2) pluginmode…from 0, < 6.5-2
- —CVE-2006-3681Multiple cross-site scripting (XSS) vulnerabilities in awstats.pl in AWStats 6.5 build 1.857 and earlier allow remote attackers to inject a…from 0, < 6.5-2
- —CVE-2006-2644AWStats 6.5, and possibly other versions, allows remote authenticated users to execute arbitrary code by using the configdir parameter to a…from 0, < 6.5-2
- from 0, < 6.4-1sarge2
- from 0, < 6.5-2
- from 0, < 6.4-1sarge3
- from 0, < 6.5-2
- from 0, < 6.4-1sarge1
- from 0, < 6.4-1.1
- from 0, < 6.2-1.2
- from 0, < 4.0-0.woody.2
- —CVE-2005-0436Direct code injection vulnerability in awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to execute portions of Perl code via the P…from 0, < 6.3-1
- —CVE-2005-0435awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to read server web logs by setting the loadplugin and pluginmode parameters to ra…from 0, < 6.3-1
- —CVE-2005-0437Directory traversal vulnerability in awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to include arbitrary Perl modules via ..from 0, < 6.3-1
- —CVE-2005-0438awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to obtain sensitive information by setting the debug parameter.from 0, < 6.3-1
- —CVE-2005-0362awstats.pl in AWStats 6.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) "pluginmode", (2) "load…from 0, < 6.2-1.2
- —CVE-2005-0116AWStats 6.1, and other versions before 6.3, allows remote attackers to execute arbitrary commands via shell metacharacters in the configdir…from 0, < 6.2-1.1