CVE-2006-3392 – Webmin < 1.290 / Usermin < 1.220 - Arbitrary File Disclosure
https://notcve.org/view.php?id=CVE-2006-3392
Webmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML, which allows remote attackers to read arbitrary files, as demonstrated using "..%01" sequences, which bypass the removal of "../" sequences before bytes such as "%01" are removed from the filename. NOTE: This is a different issue than CVE-2006-3274. Las aplicaciones Webmin antes de su versión 1.290 y Usermin antes de la 1.220 llaman a la función simplify_path antes de decodificar HTML, lo que permite a atacantes remotos leer ficheros arbitrarios, como se ha demostrado utilizando secuencias "..% 01", evitando de esta manera la supresión del nombre de fichero de las secuencias "../" anteriores a octetos del estilo de "%01". NOTA: Se trata de una vulnerabilidad diferente a CVE-2006-3274. • https://www.exploit-db.com/exploits/2017 https://www.exploit-db.com/exploits/1997 https://github.com/IvanGlinkin/CVE-2006-3392 https://github.com/MrEmpy/CVE-2006-3392 https://github.com/g1vi/CVE-2006-3392 https://github.com/Adel-kaka-dz/CVE-2006-3392 https://github.com/0xtz/CVE-2006-3392 https://github.com/kernel-cyber/CVE-2006-3392 http://attrition.org/pipermail/vim/2006-July/000923.html http://attrition.org/pipermail/vim/2006-June/000912.html http:/ •
CVE-2006-3274
https://notcve.org/view.php?id=CVE-2006-3274
Directory traversal vulnerability in Webmin before 1.280, when run on Windows, allows remote attackers to read arbitrary files via \ (backslash) characters in the URL to certain directories under the web root, such as the image directory. Vulnerabilidad de salto de directorio en versiones de Webmin anteriores a la v1.280, cuando se ejecuta en Windows, permite a atacantes remotos leer ficheros arbitrarios a través del carácter \ (barra invertida) en la URL a determinados directorios bajo la raíz Web, tales como el directorio de imagenes. • http://jvn.jp/jp/JVN%2367974490/index.html http://secunia.com/advisories/20777 http://securityreason.com/securityalert/1161 http://securitytracker.com/id?1016375 http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/88_e.html http://www.securityfocus.com/archive/1/438149/100/0/threaded http://www.securityfocus.com/bid/18613 http://www.vupen.com/english/advisories/2006/2493 http://www.webmin.com/changes.html https://exchange.xforce.ibmcloud.com/vulnerabilities/27366 •