As it says on http://www.dyadsecurity.com/s_advisory.html:
PUBLISHED ADVISORIES. Webmin Date Found: September 23, 2005. Public Release: November 29, 2005. Application: webmin miniserv.pl, all known versions Details: Webmin 0001 Advisory UPCOMING ADVISORIES. Perl Description: Cross platform programming language. Affected: To be announced. Release Date: To be announced. I guess we can expect some kind of "code execution thru perl sprintf" advisory. [EMAIL PROTECTED] wrote: > SUMMARY. The webmin `miniserv.pl' web server component is vulnerable to > a new class of exploitable (remote code) perl format string > vulnerabilities. During the login process it is possible to trigger this >(...) > > A generic remote code execution exploit method has been developed by a > third party that is reachable though this hole itself. > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
