Heads up to everyone who maintains their own copy of awstats: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1527 Versions 6.4 of Awstats and below are vulnerable to a remote code execution exploit. For what it's worth, I've just upgraded to 6.5 on ~ 60 sites, all without a hitch.