Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 27 Dec 2017 09:21:41 -0600
From: John Lightsey <>
Subject: Path traversal flaws in awstats 7.6 and earlier.

Hi there,

The cPanel Security Team discovered two path traversal flaws in awstats
that could be leveraged for unauthenticated remote code execution. Both
issues have been submitted to the DWF CVE request page at

Path traversal in the "config" parameter:

Path traversal in the "migrate" parameter:

Download attachment "smime.p7s" of type "application/pkcs7-signature" (3982 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ