Back to search
CVE-2006-4542
Published: Sep 5, 2006
Modified: Aug 7, 2024
PUBLISHED
Description
Webmin before 1.296 and Usermin before 1.226 do not properly handle a URL with a null ("%00") character, which allows remote attackers to conduct cross-site scripting (XSS), read CGI program source code, list directories, and possibly execute programs.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
JVN#99776858
third-party-advisory
x_refsource_JVN
19820
vdb-entry
x_refsource_BID
22114
third-party-advisory
x_refsource_SECUNIA
ADV-2006-3424
vdb-entry
x_refsource_VUPEN
21690
third-party-advisory
x_refsource_SECUNIA
DSA-1199
vendor-advisory
x_refsource_DEBIAN
28338
vdb-entry
x_refsource_OSVDB
22087
third-party-advisory
x_refsource_SECUNIA
28337
vdb-entry
x_refsource_OSVDB
MDKSA-2006:170
vendor-advisory
x_refsource_MANDRIVA
1016776
vdb-entry
x_refsource_SECTRACK
http://webmin.com/security.html
x_refsource_CONFIRM
22556
third-party-advisory
x_refsource_SECUNIA
1016777
vdb-entry
x_refsource_SECTRACK
webmin-usermin-source-disclosure(28699)
vdb-entry
x_refsource_XF
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now