paul Posted September 28, 2006 Report Share Posted September 28, 2006 Webmin before 1.296 and Usermin before 1.226 does not properly handle a URL with a null ("%00") character, which allows remote attackers to conduct cross-site scripting (XSS), read CGI program source code, list directories, and possibly execute programs. Updated packages have been patched to correct this issue. Update: Packages are now available for Mandriva Linux 2007. Link to comment Share on other sites More sharing options...
Recommended Posts