from 0, < 7.8-1
from 0, < 7.6+dfsg-1+deb9u2
from 0, < 7.0~dfsg-7+deb7u1
CRITICAL9.8awstats - security update
from 0, < 7.2+dfsg-1+deb8u1
CRITICAL9.8awstats - security update
from 0, < 7.6+dfsg-2
HIGH7.8awstats - security update
from 0, < 7.8-2+deb11u2
HIGH7.8awstats - security update
from 0, < 7.8-2+deb11u2
MEDIUM6.1awstats - security update
from 0, < 7.8-2+deb11u1
MEDIUM6.1awstats - security update
from 0, < 7.6+dfsg-2+deb10u2
MEDIUM5.3In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname (omitting the initial /etc), even though it was inte…
from 0, < 7.8-2
MEDIUM5.3A Full Path Disclosure vulnerability in AWStats through 7.6 allows remote attackers to know where the config file is allocated, obtaining t…
from 0
—Unspecified vulnerability in awredir.pl in AWStats before 7.1 has unknown impact and attack vectors.
from 0, < 7.1~dfsg-1
—Directory traversal vulnerability in AWStats before 7.0 allows remote attackers to have an unspecified impact via a crafted LoadPlugin dire…
from 0, < 6.9.5~dfsg-5
—awstats.cgi in AWStats before 7.0 accepts a configdir parameter in the URL, which allows remote attackers to execute arbitrary commands via…
from 0, < 6.9.5~dfsg-5
—Open redirect vulnerability in awredir.pl in AWStats before 6.95 allows remote attackers to redirect users to arbitrary web sites and condu…
from 0, < 6.9.5~dfsg-1
—awstats.pl in AWStats 6.8 and earlier does not properly remove quote characters, which allows remote attackers to conduct cross-site script…
from 0, < 6.7.dfsg-5.1
—awstats - cross-site scripting
from 0, < 6.5+dfsg-1+etch1
—awstats - cross-site scripting
from 0, < 6.7.dfsg-5.1
—awstats.pl in AWStats 6.5 build 1.857 and earlier allows remote attackers to obtain the installation path via the (1) year, (2) pluginmode…
from 0, < 6.5-2
—Multiple cross-site scripting (XSS) vulnerabilities in awstats.pl in AWStats 6.5 build 1.857 and earlier allow remote attackers to inject a…
from 0, < 6.5-2
—AWStats 6.5, and possibly other versions, allows remote authenticated users to execute arbitrary code by using the configdir parameter to a…
from 0, < 6.5-2
—awstats - missing input sanitising
from 0, < 6.4-1sarge2
—awstats - missing input sanitising
from 0, < 6.5-2
—awstats - programming error
from 0, < 6.4-1sarge3
—awstats - programming error
from 0, < 6.5-2
—awstats - missing input sanitising
from 0, < 6.4-1sarge1
—awstats - missing input sanitising
from 0, < 6.4-1.1
—awstats - missing input sanitising
from 0, < 6.2-1.2
—awstats - missing input sanitising
from 0, < 4.0-0.woody.2
—Direct code injection vulnerability in awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to execute portions of Perl code via the P…
from 0, < 6.3-1
—awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to read server web logs by setting the loadplugin and pluginmode parameters to ra…
from 0, < 6.3-1
—Directory traversal vulnerability in awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to include arbitrary Perl modules via ..
from 0, < 6.3-1
—awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to obtain sensitive information by setting the debug parameter.
from 0, < 6.3-1
—awstats.pl in AWStats 6.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) "pluginmode", (2) "load…
from 0, < 6.2-1.2
—AWStats 6.1, and other versions before 6.3, allows remote attackers to execute arbitrary commands via shell metacharacters in the configdir…
from 0, < 6.2-1.1