[VIM] Webmin traversal - changelog
security curmudgeon
jericho at attrition.org
Fri Jun 30 16:39:52 EDT 2006
http://www.webmin.com/changes.html
Version 1.290 (29 June 2006)
Fixed a security hole that would allow a remote attacker to view any file
on the system.
Version 1.280 (16 June 2006)
Fixed a security hole that allows remote viewing of any file on the system
when Webmin is run on a Windows server.
--
Multiple guess!
a) Not properly fixed the first time
b) Originally thought to be Windows only, then discovered works on Unix
c) Completely seperate issues/scripts
More information about the VIM
mailing list