security hole recently found in AWStats ⇒ News ⇒ CPG Dragonfly™ CMS

security hole recently found in AWStats

Posted by NanoCaiordo on 2005-03-04 20:49:51 (38309 views)

Warning, a security hole was recently found in AWStats versions from 5.0 to 6.2 when AWStats is used as a CGI: A remote user can execute arbitrary commands on your server using permissions of your web server user (in most cases user "nobody"). If you use AWStats with another version or is not available as a CGI, you are safe. If not, it is highly recommanded to upgrade to 6.4 version that fix all known security holes. info source

Comments

by Angular

on Friday, March 4, 2005 (22:04:03)

I got version Advanced Web Statistics 6.3 (build 1.800)

Is this one not affected as it doesn't get mentioned?

by NanoCaiordo

on Saturday, March 5, 2005 (14:00:16)

it said from 5.0 to 6.2

Reply Anonymous ( Login | Register )

Related Links

More about Security

Most read story about Security:
security hole recently found in AWStats

Article Rating

Average Score: 4
Votes: 1
★★★★
Please take a second and vote for this article:

User Info

Welcome Anonymous

Community

Support for DragonflyCMS in a other languages:

• Deutsch
• Español

Mercurial Commits

· Revert: a TPL change created "Unable to find variable" when only checking if exists
· Added: somesort of Grimpow's feature request in https://dragonflycms.org/Forums/viewtopic/t=25701.html
· Merge some Poodle updates
· Get rid of Fix_Quotes
· I think almost everything is now converted to L10N system
· Added: L10N->sprintf($var, $arg...) Added: detect isEmptyElement in TPL XML chunk parser Prepare: more language strings Strip: type="text/javascript" as it is not needed in HTML5
· Added: JavaScript syntaxhighlighter "cli" mode Bugfix: add back missing _BREADCRUMB language string Change: _BC_DELIM define to config setting
· Prepare: language strings Removed: Yahoo Messenger
· Prepare: all 'defined' language strings references to new L10N system (except coppermine)
· Added: MailboX verification due to Microsoft keep banning IP's Now visitors with a hotmail/outlook account can't register as the e-mails will never arrive anyway

read more...

All content of this website is copyrighted by the Creative Commons NC-SA
The logos and trademarks used on this site are the property of their respective owners
We are not responsible for comments posted by our users, as they are the property of the poster.
Our server runs on 2 × 2.4 Ghz @ 60% with 2048 MB RAM with no accelerators

Interactive software released under GNU GPL, Code Credits, Privacy Policy