Bug#365909: Bug#364443: [Pkg-awstats-devel] Bug#364443: Vulnerability
exists also with the 'diricons' parameter
Hendrik Weimer
hendrik at enyo.de
Fri May 12 11:58:13 UTC 2006
Martin Schulze <joey at infodrom.org> writes:
> How can the diricons and config parameters be exploited? From a quick
> glance I can't find an open associated with $DirIcons.
The diricons issue is a XSS vulnerability. It has nothing to do with
the two other holes (which lead to arbitrary code execution) other
than they all are a case of missing input sanitizing.
Hendrik
More information about the Pkg-awstats-devel
mailing list