CVE-2005-0116 - Asquint Leakage

Description

AWStats 6.1 and other versions before 6.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the configdir parameter to aswtats.pl.

Reference

http://www.idefense.com/application/poi/display?id=185&type=vulnerabilities&flashstatus=false http://awstats.sourceforge.net/docs/awstats_changelog.txt http://www.kb.cert.org/vuls/id/272296 http://secunia.com/advisories/13893/ http://www.osvdb.org/13002 http://packetstormsecurity.org/0501-exploits/AWStatsVulnAnalysis.pdf http://www.securityfocus.com/bid/12298