CVE-2008-2939 - (Medium) :
Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache
2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and
earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via wildcards
in a pathname in an FTP URI.
Note: After some upstream versioning limbo, this is the official first release
of argus 3.0 considered to be an release-candidate. Bug fixes for this
version will make its way into the upcoming 3.0.1!
Note: After some upstream versioning limbo, this is the official first release
of argus 3.0 considered to be an release-candidate. Bug fixes for this
version will make its way into the upcoming 3.0.1!
CVE-2008-1720 (High) :
Buffer overflow in rsync 2.6.9 to 3.0.1, with extended attribute (xattr) support enabled, might
allow remote attackers to execute arbitrary code via unknown vectors.
CVE-2007-1276 (Medium) :
Multiple cross-site scripting (XSS) vulnerabilities in chooser.cgi in Webmin before 1.330 and
Usermin before 1.260 allow remote attackers to inject arbitrary web script or HTML via a crafted
filename.
CVE-2007-3156 (Medium) :
Multiple cross-site scripting (XSS) vulnerabilities in pam_login.cgi in Webmin before 1.350 and
Usermin before 1.280 allow remote attackers to inject arbitrary web script or HTML via the (1) cid,
(2) message, or (3) question parameter. NOTE: some of these details are obtained from third
party information.
CVE-2007-5066 (High) :
Unspecified vulnerability in Webmin before 1.370 on Windows allows remote authenticated users
to execute arbitrary commands via a crafted URL.
CVE-2008-0720 (Medium) :
Cross-site scripting (XSS) vulnerability in Webmin 1.370 and 1.390 and Usermin 1.300 and 1.320
allows remote attackers to inject arbitrary web script or HTML via the search parameter to
webmin_search.cgi (aka the search section), and possibly other components accessed through
a "search box" or "open file box." NOTE: some of these details are obtained from third party
information.
Aldas Nabazas
Alejandro Mery
Christian Wiese