CVE-2010-4368
https://notcve.org/view.php?id=CVE-2010-4368
awstats.cgi in AWStats before 7.0 on Windows accepts a configdir parameter in the URL, which allows remote attackers to execute arbitrary commands via a crafted configuration file located at a UNC share pathname. awstats.cgi en AWStats anterior a v7.0 en Windows acepta un parámetro configdir en la URL, permitiendo a atacantes remotos ejecutar comandos arbitrarios a través de un fichero de configuración manipulado situado en una ruta de acceso compartido UNC. • http://awstats.sourceforge.net/docs/awstats_changelog.txt http://www.exploitdevelopment.com/Vulnerabilities/2010-WEB-001.html http://www.kb.cert.org/vuls/id/870532 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2010-4367 – AWStats 6.x - Apache Tomcat Configuration File Arbitrary Command Execution
https://notcve.org/view.php?id=CVE-2010-4367
awstats.cgi in AWStats before 7.0 accepts a configdir parameter in the URL, which allows remote attackers to execute arbitrary commands via a crafted configuration file located on a (1) WebDAV server or (2) NFS server. awstats.cgi en AWStats anterior a v7.0 en Windows acepta un parámetro configdir en la URL, permitiendo a atacantes remotos ejecutar comandos arbitrarios a través de un fichero de configuración manipulado situado en (1) un servidor WebDAV o (2) en un servidor NFS. • https://www.exploit-db.com/exploits/35035 http://awstats.sourceforge.net/docs/awstats_changelog.txt http://www.exploitdevelopment.com/Vulnerabilities/2010-WEB-001.html http://www.mandriva.com/security/advisories?name=MDVSA-2011:033 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2010-4369
https://notcve.org/view.php?id=CVE-2010-4369
Directory traversal vulnerability in AWStats before 7.0 allows remote attackers to have an unspecified impact via a crafted LoadPlugin directory. Vulnerabilidad de salto de directorio en AWStats anterior a v7.0 permite a atacantes remotos tener un impacto no especificado a través directorio LoadPlugin especialmente manipulado. • http://awstats.sourceforge.net/docs/awstats_changelog.txt http://secunia.com/advisories/43004 http://www.mandriva.com/security/advisories?name=MDVSA-2011:033 http://www.securityfocus.com/bid/45210 http://www.ubuntu.com/usn/USN-1047-1 http://www.vupen.com/english/advisories/2011/0202 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •