• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Webmin/Usermin Unspecifed Information Disclosure Vulnerability

Webmin and Usermin are prone to an unspecified information-disclosure vulnerability. This issue is due to a failure in the applications to properly sanitize user-supplied input.

An attacker can exploit this issue to retrieve potentially sensitive information.

This issue affects Webmin versions prior to 1.290 and Usermin versions prior to 1.220.

Unconfirmed reports suggest that this issue is the same as the one discussed in BID 18613 (Webmin Remote Directory Traversal Vulnerability). However, the fixes associated with that issue did not completely solve the vulnerability.