Package: webmin
Severity: grave
Tags: security
Justification: user security hole
Webmin in sarge is probably vulnerable to CVE-2006-4542:
Webmin before 1.296 and Usermin before 1.226 do not properly handle a
URL with a null ("%00") character, which allows remote attackers to
conduct cross-site scripting (XSS), read CGI program source code, list
directories, and possibly execute programs.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
