11 matches found
Webmin < 1.290 / Usermin < 1.220 - Arbitrary File Disclosure
Webmin before 1.290 and Usermin before 1.220 contain a path traversal caused by calling the simplifypath function before decoding HTML, letting remote attackers read arbitrary files, exploit requires sending crafted '..%01' sequences. id: CVE-2006-3392 info: name: Webmin 1.290 / Usermin 1.220 -...
CVE-2006-3392
creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/webmin/filedisclosure.rb 2025-02-06 03:13:38+00:00| seen| MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd 2025-02-23 04:08:16+00:00| seen|...
Usermin 'miniserv.pl' Arbitrary File Disclosure
The Usermin install on the remote host is affected by an information disclosure flaw in the Perl script 'miniserv.pl'. This flaw could allow a remote, unauthenticated attacker to read arbitrary files on the affected host, subject to the privileges of the web server user id. %NASLMINLEVEL 70300 C...
http-vuln-cve2006-3392 NSE Script
Exploits a file disclosure vulnerability in Webmin CVE-2006-3392 Webmin before 1.290 and Usermin before 1.220 calls the simplifypath function before decoding HTML. This allows arbitrary files to be read, without requiring authentication, using "..%01" sequences to bypass the removal of "../"...
Gentoo Security Advisory GLSA 200608-11 (webmin/usermin)
The remote host is missing updates announced in advisory GLSA 200608-11. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian Security Advisory DSA 1199-1 (webmin)
The remote host is missing an update to webmin announced via advisory DSA 1199-1. Several vulnerabilities have been identified in webmin, a web-based administration toolkit. CVE-2005-3912 A format string vulnerability in miniserv.pl could allow an attacker to cause a denial of service by crashing...
Webmin File Disclosure
A vulnerability has been reported in Webmin and Usermin, which can be exploited by malicious people to disclose potentially sensitive information. The vulnerability is caused due to an unspecified error within the handling of an URL. This can be exploited to read the contents of any files on the...
[SECURITY] [DSA 1199-1] New webmin packages fix input validation problems
------------------------------------------------------------------------ Debian Security Advisory DSA-1199-1 [email protected] http://www.debian.org/security/ Noah Meyerhans October 23, 2006 - ------------------------------------------------------------------------ Package : webmin...
CVE-2006-3392
Webmin before 1.290 and Usermin before 1.220 calls the simplifypath function before decoding HTML, which allows remote attackers to read arbitrary files, as demonstrated using "..%01" sequences, which bypass the removal of "../" sequences before bytes such as "%01" are removed from the filename...
CVE-2006-3392
CVE-2006-3392 affects Webmin (pre-1.290) and Usermin (pre-1.220). The issue arises when the server’s miniserv.pl sanitization path uses the simplify_path function before HTML decoding, allowing a remote attacker to read arbitrary files via specially crafted URLs (eg, using ..%01 sequences that b...
Webmin 'miniserv.pl' Arbitrary File Disclosure
The version of Webmin installed on the remote host is affected by an information disclosure flaw due to a flaw in the Perl script 'miniserv.pl'. This flaw could allow a remote, unauthenticated attacker to read arbitrary files on the affected host, subject to the privileges of the web server user...