FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-29 07:54:42 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
4055aee5-f4c6-11e7-95f2-005056925db4awstats -- remote code execution

Mitre reports:

Awstats version 7.6 and earlier is vulnerable to a path traversal flaw in the handling of the "config" and "migrate" parameters resulting in unauthenticated remote code execution.


Discovery 2018-01-03
Entry 2018-01-08
awstats
< 7.7,1

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000501
CVE-2017-1000501
ports/225007
ce6ce2f8-34ac-11e0-8103-00215c6a37bbawstats -- arbitrary commands execution vulnerability

Awstats change log reports:

  • Security fix (Traverse directory of LoadPlugin)
  • Security fix (Limit config to defined directory to avoid access to external config file via a nfs or webdav link).

Discovery 2010-05-01
Entry 2011-02-10
awstats
< 7.0,1

awstats-devel
gt 0

CVE-2010-4367
http://www.exploitdevelopment.com/Vulnerabilities/2010-WEB-001.html
http://awstats.sourceforge.net/docs/awstats_changelog.txt
27d78386-d35f-11dd-b800-001b77d09812awstats -- multiple XSS vulnerabilities

Secunia reports:

Morgan Todd has discovered a vulnerability in AWStats, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed in the URL to awstats.pl is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Successful exploitation requires that the application is running as a CGI script.


Discovery 2008-03-12
Entry 2009-01-04
awstats
< 6.9,1

awstats-devel
gt 0

CVE-2008-3714
CVE-2008-5080
http://secunia.com/advisories/31519
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495432