Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2006-3274

Published: 28/06/2006 Updated: 18/10/2018
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 446
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Webmin

Vulnerability Summary

Directory traversal vulnerability in Webmin prior to 1.280, when run on Windows, allows remote malicious users to read arbitrary files via \ (backslash) characters in the URL to certain directories under the web root, such as the image directory.

Vulnerable Product Search on Vulmon Subscribe to Product

webmin webmin 1.2.40

webmin webmin 1.2.50

webmin webmin 1.2.30

webmin webmin 1.2.60

webmin webmin

Github Repositories

https://github.com/MrEmpy/CVE-2006-3392

CVE-2006-3392 Description Webmin before 1290 and Usermin before 1220 calls the simplify_path function before decoding HTML, which allows remote attackers to read arbitrary files, as demonstrated using "%01" sequences, which bypass the removal of "/" sequences before bytes such as "%01" are removed from the filename NOTE: This is a different

https://github.com/g1vi/CVE-2006-3392

Webmin < 1.290 / Usermin < 1.220 - Arbitrary file disclosure

CVE-2006-3392 wwwcvedetailscom/cve/CVE-2006-3392/ Webmin before 1290 and Usermin before 1220 calls the simplify_path function before decoding HTML, which allows remote attackers to read arbitrary files, as demonstrated using "%01" sequences, which bypass the removal of "/" sequences before bytes such as "%01" are removed from the fi

References

NVD-CWE-Otherhttp://jvn.jp/jp/JVN%2367974490/index.htmlhttp://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/88_e.htmlhttp://www.webmin.com/changes.htmlhttp://www.securityfocus.com/bid/18613http://securitytracker.com/id?1016375http://secunia.com/advisories/20777http://securityreason.com/securityalert/1161http://www.vupen.com/english/advisories/2006/2493https://exchange.xforce.ibmcloud.com/vulnerabilities/27366http://www.securityfocus.com/archive/1/438149/100/0/threadedhttps://nvd.nist.govhttps://github.com/MrEmpy/CVE-2006-3392https://github.com/g1vi/CVE-2006-3392
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
validationCVE-2024-34413CVE-2024-34089CVE-2024-33408localSQLCVE-2024-0402CVE-2024-33910CVE-2024-31848
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook