Mandrake Local Security Checks : Mandrake Security Advisory MDKSA-2007:135 (webmin)

Vulnerability Search		Search 324607 CVE descriptions and 146377 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.58420

Category: Mandrake Local Security Checks

Title: Mandrake Security Advisory MDKSA-2007:135 (webmin)

Summary: NOSUMMARY

Description: Description:

The remote host is missing an update to webmin
announced via advisory MDKSA-2007:135.

Multiple cross-site scripting (XSS) vulnerabilities were discovered
in pam_login.cgi in webmin prior to version 1.350, which could allow
a remote attacker to inject arbitrary web script or HTML.

Updated packages have been patched to prevent this issue.

Affected: 2007.0, 2007.1, Corporate 4.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2007:135

Risk factor : Medium

CVSS Score:
4.3

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2007-3156
BugTraq ID: 24381
http://www.securityfocus.com/bid/24381
http://security.gentoo.org/glsa/glsa-200707-05.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:135
http://osvdb.org/36932
http://secunia.com/advisories/25580
http://secunia.com/advisories/25785
http://secunia.com/advisories/25956
http://www.vupen.com/english/advisories/2007/2117

Copyright Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.58420
Category:	Mandrake Local Security Checks
Title:	Mandrake Security Advisory MDKSA-2007:135 (webmin)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to webmin announced via advisory MDKSA-2007:135. Multiple cross-site scripting (XSS) vulnerabilities were discovered in pam_login.cgi in webmin prior to version 1.350, which could allow a remote attacker to inject arbitrary web script or HTML. Updated packages have been patched to prevent this issue. Affected: 2007.0, 2007.1, Corporate 4.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2007:135 Risk factor : Medium CVSS Score: 4.3
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-3156 BugTraq ID: 24381 http://www.securityfocus.com/bid/24381 http://security.gentoo.org/glsa/glsa-200707-05.xml http://www.mandriva.com/security/advisories?name=MDKSA-2007:135 http://osvdb.org/36932 http://secunia.com/advisories/25580 http://secunia.com/advisories/25785 http://secunia.com/advisories/25956 http://www.vupen.com/english/advisories/2007/2117
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com