CVE-2006-4542 Information
Description
Webmin before 1.296 and Usermin before 1.226 do not properly handle a URL with a null (\00) character which allows remote attackers to conduct cross-site scripting (XSS) read CGI program source code list directories and possibly execute programs.
Reference
http://jvn.jp/jp/JVN2399776858/index.html http://secunia.com/advisories/21690 http://secunia.com/advisories/22087 http://secunia.com/advisories/22114 http://secunia.com/advisories/22556 http://securitytracker.com/id?1016776 http://securitytracker.com/id?1016777 http://webmin.com/security.html http://www.debian.org/security/2006/dsa-1199 http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/89_e.html http://www.mandriva.com/security/advisories?name=MDKSA-2006:170 http://www.osvdb.org/28337 http://www.osvdb.org/28338 http://www.securityfocus.com/bid/19820 http://www.vupen.com/english/advisories/2006/3424 https://exchange.xforce.ibmcloud.com/vulnerabilities/28699
Share on: