Webmin
Sign in to watchby Webmin
Source repositories
CVEs (46)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2002-0757 | 0.00 | — | 0.01 | Aug 12, 2002 | (1) Webmin 0.96 and (2) Usermin 0.90 with password timeouts enabled allow local and possibly remote attackers to bypass authentication and gain privileges via certain control characters in the authentication information, which can force Webmin or Usermin to accept arbitrary username/session ID combinations. | ||
| CVE-2002-0756 | 0.00 | — | 0.01 | Aug 12, 2002 | Cross-site scripting vulnerability in the authentication page for (1) Webmin 0.96 and (2) Usermin 0.90 allows remote attackers to insert script into an error page and possibly steal cookies. | ||
| CVE-2001-1530 | 0.00 | — | 0.00 | Dec 31, 2001 | run.cgi in Webmin 0.80 and 0.88 creates temporary files with world-writable permissions, which allows local users to execute arbitrary commands. | ||
| CVE-2001-1074 | 0.00 | — | 0.00 | May 28, 2001 | Webmin 0.84 and earlier does not properly clear the HTTP_AUTHORIZATION environment variable when the web server is restarted, which makes authentication information available to all CGI programs and allows local users to gain privileges. | ||
| CVE-2001-0222 | 0.00 | — | 0.00 | Mar 26, 2001 | webmin 0.84 and earlier allows local users to overwrite and create arbitrary files via a symlink attack. | ||
| CVE-1999-1074 | 0.00 | — | 0.01 | Dec 31, 1999 | Webmin before 0.5 does not restrict the number of invalid passwords that are entered for a valid username, which could allow remote attackers to gain privileges via brute force password cracking. |
Page 3 of 3