CVE-2006-3274 | Vulnerability Database | Aqua Security

Directory traversal vulnerability in Webmin before 1.280, when run on Windows, allows remote attackers to read arbitrary files via (backslash) characters in the URL to certain directories under the web root, such as the image directory.

Affected Software

Name	Vendor	Start Version	End Version
Webmin	Webmin	*	1.2.70 (including)
Webmin	Webmin	1.2.30 (including)	1.2.30 (including)
Webmin	Webmin	1.2.40 (including)	1.2.40 (including)
Webmin	Webmin	1.2.50 (including)	1.2.50 (including)
Webmin	Webmin	1.2.60 (including)	1.2.60 (including)

References

http://jvn.jp/jp/JVN%2367974490/index.html
http://secunia.com/advisories/20777
http://securityreason.com/securityalert/1161
http://securitytracker.com/id?1016375
http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/88_e.html
http://www.securityfocus.com/archive/1/438149/100/0/threaded
http://www.securityfocus.com/bid/18613
http://www.vupen.com/english/advisories/2006/2493
http://www.webmin.com/changes.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/27366
http://jvn.jp/jp/JVN%2367974490/index.html
http://secunia.com/advisories/20777
http://securityreason.com/securityalert/1161
http://securitytracker.com/id?1016375
http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/88_e.html
http://www.securityfocus.com/archive/1/438149/100/0/threaded
http://www.securityfocus.com/bid/18613
http://www.vupen.com/english/advisories/2006/2493
http://www.webmin.com/changes.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/27366

NVD	https://nvd.nist.gov/vuln/detail/CVE-2006-3274
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html