Vulnerabilities > Awstats > Awstats > 6.4
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-05-08 | CVE-2006-2237 | Remote Arbitrary Command Execution vulnerability in Awstats 6.4/6.5 The web interface for AWStats 6.4 and 6.5, when statistics updates are enabled, allows remote attackers to execute arbitrary code via shell metacharacters in the migrate parameter. | 5.1 |
| 2006-04-20 | CVE-2006-1945 | Cross-Site Scripting vulnerability in AWStats AWstats.PL Cross-site scripting (XSS) vulnerability in awstats.pl in AWStats 6.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the config parameter. | 2.6 |
| 2005-08-30 | CVE-2005-2732 | Information Disclosure vulnerability in AWStats AWStats 6.4, and possibly earlier versions, allows remote attackers to obtain sensitive information via a file that does not exist in the config parameter, which reveals the path in an error message. | 5.0 |
| 2005-05-02 | CVE-2005-0438 | Information Disclosure vulnerability in Awstats 6.3/6.4 awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to obtain sensitive information by setting the debug parameter. | 5.0 |
| 2005-05-02 | CVE-2005-0437 | Directory Traversal vulnerability in Awstats 6.3/6.4 Directory traversal vulnerability in awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to include arbitrary Perl modules via .. | 7.5 |
| 2005-05-02 | CVE-2005-0436 | Remote Security vulnerability in Awstats 6.3/6.4 Direct code injection vulnerability in awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to execute portions of Perl code via the PluginMode parameter. | 7.5 |
| 2005-05-02 | CVE-2005-0435 | Remote Security vulnerability in Awstats 6.3/6.4 awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to read server web logs by setting the loadplugin and pluginmode parameters to rawlog. | 5.0 |