{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-06-16T00:00:00", "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in Webmin before 1.280, when run on Windows, allows remote attackers to read arbitrary files via \\ (backslash) characters in the URL to certain directories under the web root, such as the image directory."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-18T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20060623 [SNS Advisory No.88] Webmin Directory Traversal Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/438149/100/0/threaded"}, {"name": "webmin-backslash-directory-traversal(27366)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27366"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.webmin.com/changes.html"}, {"name": "1161", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/1161"}, {"name": "1016375", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1016375"}, {"name": "20777", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/20777"}, {"name": "ADV-2006-2493", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/2493"}, {"name": "JVN#67974490", "tags": ["third-party-advisory", "x_refsource_JVN"], "url": "http://jvn.jp/jp/JVN%2367974490/index.html"}, {"name": "18613", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/18613"}, {"tags": ["x_refsource_MISC"], "url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/88_e.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-3274", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Directory traversal vulnerability in Webmin before 1.280, when run on Windows, allows remote attackers to read arbitrary files via \\ (backslash) characters in the URL to certain directories under the web root, such as the image directory."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20060623 [SNS Advisory No.88] Webmin Directory Traversal Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/438149/100/0/threaded"}, {"name": "webmin-backslash-directory-traversal(27366)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27366"}, {"name": "http://www.webmin.com/changes.html", "refsource": "CONFIRM", "url": "http://www.webmin.com/changes.html"}, {"name": "1161", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/1161"}, {"name": "1016375", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1016375"}, {"name": "20777", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20777"}, {"name": "ADV-2006-2493", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/2493"}, {"name": "JVN#67974490", "refsource": "JVN", "url": "http://jvn.jp/jp/JVN%2367974490/index.html"}, {"name": "18613", "refsource": "BID", "url": "http://www.securityfocus.com/bid/18613"}, {"name": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/88_e.html", "refsource": "MISC", "url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/88_e.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-3274", "datePublished": "2006-06-28T22:00:00", "dateReserved": "2006-06-28T00:00:00", "dateUpdated": "2018-10-18T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*", "matchCriteriaId": "72A55881-A6A1-47F7-BEE5-E27981B2FE36", "versionEndIncluding": "1.2.70", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:1.2.30:*:*:*:*:*:*:*", "matchCriteriaId": "CD941A62-A41E-41CB-80C0-8B780AC39FB1", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:1.2.40:*:*:*:*:*:*:*", "matchCriteriaId": "786287DD-2565-4931-BBA0-2CACD7671352", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:1.2.50:*:*:*:*:*:*:*", "matchCriteriaId": "4784DC04-D2C5-46C6-831F-23D69B4B0513", "vulnerable": true}, {"criteria": "cpe:2.3:a:webmin:webmin:1.2.60:*:*:*:*:*:*:*", "matchCriteriaId": "9C219DAB-C13C-4232-8B98-2D7A9ED16E30", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in Webmin before 1.280, when run on Windows, allows remote attackers to read arbitrary files via \\ (backslash) characters in the URL to certain directories under the web root, such as the image directory."}, {"lang": "es", "value": "Vulnerabilidad de salto de directorio en versiones de Webmin anteriores a la v1.280, cuando se ejecuta en Windows, permite a atacantes remotos leer ficheros arbitrarios a trav\u00e9s del car\u00e1cter \\ (barra invertida) en la URL a determinados directorios bajo la ra\u00edz Web, tales como el directorio de imagenes."}], "evaluatorSolution": "Update to version 1.280.", "id": "CVE-2006-3274", "lastModified": "2018-10-18T16:46:32.517", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-06-28T22:05:00.000", "references": [{"source": "cve@mitre.org", "url": "http://jvn.jp/jp/JVN%2367974490/index.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/20777"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/1161"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1016375"}, {"source": "cve@mitre.org", "url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/88_e.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/438149/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/18613"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/2493"}, {"source": "cve@mitre.org", "url": "http://www.webmin.com/changes.html"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27366"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}