[VIM] Webmin traversal - changelog

George A. Theall theall at tenablesecurity.com
Tue Jul 11 09:55:44 EDT 2006

Heinbockel, Bill wrote:

> Is this (CVE-2006-3392) related to the resent posting on Bugtraq?
> http://www.securityfocus.com/archive/1/archive/1/439653/100/0/threaded
> which lists a directory traversal URL similar to that below:
> http:
> //[url]/unauthenticated/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01
> /..%01/[file]
> (the "/..%01" sequence is repeated 61 times).

Yes, it's *very* similar to the exploit I used when I wrote my Nessus
plugin to test for the original flaw:


That plugin was first published on 6/30.

theall at tenablesecurity.com

More information about the VIM mailing list