| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <810f38150607101502v3d6493c3iaff15e31643bfdae@mail.gmail.com> Date: Mon, 10 Jul 2006 18:02:44 -0400 From: "José Parrella" <joseparrella@...il.com> To: "Alexander Hristov" <joffer@...il.com> Cc: bugtraq@...urityfocus.com, "Full Disclosure" <full-disclosure@...ts.grok.org.uk> Subject: Re: Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit On 7/9/06, Alexander Hristov <joffer@...il.com> wrote: > Name : Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit > Link : http://securitydot.net/xpl/exploits/vulnerabilities/articles/1152/exploit.html > Date : 2006-06-30 > Patch : update to version 1.290 > Advisory : http://securitydot.net/vuln/exploits/vulnerabilities/articles/17885/vuln.html Has anyone tested this? I've just tested this in Webmin 1.180 (Debian 3.1, package revision number 3) and didn't work (I had to explicitly allow the attacker IP to the miniserv.conf, which is not the default configuration in Debian and, I think, in Webmin's original tar.gz) Jose
Powered by blists - more mailing lists