CVSS: 7.5EPSS: 4%CPEs: 2EXPL: 2CVE-2005-0435 – AWStats 6.4 - Denial of Service
https://notcve.org/view.php?id=CVE-2005-0435
15 Feb 2005 — awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to read server web logs by setting the loadplugin and pluginmode parameters to rawlog. • https://www.exploit-db.com/exploits/817 •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 2CVE-2005-0437
https://notcve.org/view.php?id=CVE-2005-0437
15 Feb 2005 — Directory traversal vulnerability in awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to include arbitrary Perl modules via .. (dot dot) sequences in the loadplugin parameter. • http://secunia.com/advisories/14299 •
CVSS: 9.8EPSS: 4%CPEs: 2EXPL: 2CVE-2005-0436 – AWStats 6.4 - Denial of Service
https://notcve.org/view.php?id=CVE-2005-0436
15 Feb 2005 — Direct code injection vulnerability in awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to execute portions of Perl code via the PluginMode parameter. • https://www.exploit-db.com/exploits/817 •
CVSS: 9.8EPSS: 0%CPEs: 14EXPL: 0CVE-2005-0362
https://notcve.org/view.php?id=CVE-2005-0362
09 Feb 2005 — awstats.pl in AWStats 6.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) "pluginmode", (2) "loadplugin", or (3) "noloadplugin" parameters. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=294488 •
CVSS: 9.8EPSS: 91%CPEs: 1EXPL: 6CVE-2005-0116 – AWStats configdir Remote Command Execution
https://notcve.org/view.php?id=CVE-2005-0116
18 Jan 2005 — AWStats 6.1, and other versions before 6.3, allows remote attackers to execute arbitrary commands via shell metacharacters in the configdir parameter to aswtats.pl. The workaround provided to fix the AWStats flaw in versions 6.2 and below fails to properly block remote command execution. • https://packetstorm.news/files/id/82351 • CWE-20: Improper Input Validation •