7 matches found
Mandriva Update for webmin MDKSA-2007:135 (webmin)
Check for the Version of webmin OpenVAS Vulnerability Test Mandriva Update for webmin MDKSA-2007:135 webmin Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under t...
GLSA-200707-05 : Webmin, Usermin: XSS vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200707-05 Webmin, Usermin: XSS vulnerabilities The pamlogin.cgi file does not properly sanitize user input before sending it back as output to the user. Impact : An unauthenticated attacker could entice a user to browse a speciall...
Webmin pam_login.cgis远程跨站脚本执行漏洞
BUGTRAQ ID: 24381 CVECAN ID: CVE-2007-3156 Webmin是一款基于WEB的Unix和Linux操作系统管理界面。 Webmin的pamlogin.cgi文件中存在多个跨站脚本漏洞,如果用户受骗访问了恶意网页的话,远程攻击者就可以通过cid、message或question参数向用户浏览器会话注入并执行任意脚本。 Webmin Webmin 1.340 Webmin Usermin 1.270 Webmin ------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...
Webmin, Usermin: Cross-site scripting vulnerabilities
Background Webmin is a web-based administrative interface for Unix-like systems. Usermin is a simplified version of Webmin designed for use by normal users rather than system administrators. Description The pamlogin.cgi file does not properly sanitize user input before sending it back as output t...
[ MDKSA-2007:135 ] - Updated webmin packages fix XSS vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDKSA-2007:135 http://www.mandriva.com/security/ Package : webmin Date : June 23, 2007 Affected: 2007.0, 2007.1, Corporate 4.0 Problem Description: Multiple cross-site scripting XSS vulnerabilities were discovered in...
Webmin Pam_Login.CGI多个未明跨站脚本漏洞
Webmin是一款基于WEB的用户管理程序。 Webmin包含的pamlogin.cgi存在跨站脚本问题,远程攻击者可以利用漏洞获得敏感信息。 目前没有详细漏洞细节提供。 Webmin Webmin 1.340 升级程序: Webmin Webmin 1.340 Webmin webmin-1.350.tar.gz http://prdownloads.sourceforge.net/webadmin/webmin-1.350.tar.gz...
webmin -- cross site scripting vulnerability
Secunia reports: Input passed to unspecified parameters in pamlogin.cgi is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site...