Vendor CVEs
Webmin
All CVEs
111 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-40983 | 0.00 | — | 0.01 | Sep 15, 2023 | A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Find in Results file. | |||
| CVE-2023-40985 | 0.00 | — | 0.00 | Sep 15, 2023 | An issue was discovered in Webmin 2.100. The File Manager functionality allows an attacker to exploit a Cross-Site Scripting (XSS) vulnerability. By providing a malicious payload, an attacker can inject arbitrary code, which is then executed within the context of the victim's… | |||
| CVE-2023-40982 | 0.00 | — | 0.00 | Sep 15, 2023 | A stored cross-site scripting (XSS) vulnerability in Webmin v2.100 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cloned module name parameter. | |||
| CVE-2023-40986 | 0.00 | — | 0.00 | Sep 15, 2023 | A stored cross-site scripting (XSS) vulnerability in the Usermin Configuration function of Webmin v2.100 allows attackers to execute arbitrary web sripts or HTML via a crafted payload injected into the Custom field. | |||
| CVE-2023-41156 | 0.00 | — | 0.00 | Sep 14, 2023 | A Stored Cross-Site Scripting (XSS) vulnerability in the filter and forward mail tab in Usermin 2.001 allows remote attackers to inject arbitrary web script or HTML via the save to new folder named field while creating a new filter. | |||
| CVE-2023-41155 | 0.00 | — | 0.00 | Sep 13, 2023 | A Stored Cross-Site Scripting (XSS) vulnerability in the mail forwarding and replies tab in Webmin and Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the forward to field while creating a mail forwarding rule. | |||
| CVE-2023-41154 | 0.00 | — | 0.00 | Sep 13, 2023 | A Stored Cross-Site Scripting (XSS) vulnerability in the scheduled cron jobs tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the value field parameter while creating a new environment variable. | |||
| CVE-2023-41163 | 0.00 | — | 0.00 | Aug 30, 2023 | A Reflected Cross-site scripting (XSS) vulnerability in the file manager tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the replace in results field while replacing the results under the tools drop down. | |||
| CVE-2023-41153 | 0.00 | — | 0.00 | Aug 29, 2023 | A Stored Cross-Site Scripting (XSS) vulnerability in the SSH configuration tab in Usermin 2.001 allows remote attackers to inject arbitrary web script or HTML via options for the host value while editing the host options. | |||
| CVE-2023-38309 | 0.00 | — | 0.01 | Jul 31, 2023 | An issue was discovered in Webmin 2.021. A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the package search functionality. The vulnerability allows an attacker to inject a malicious payload in the "Search for Package" field, which gets reflected back in… | |||
| CVE-2023-38307 | 0.00 | — | 0.00 | Jul 31, 2023 | An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the Users and Groups functionality. The vulnerability occurs when an authenticated user adds a new user and inserts an XSS payload into the user's real name. | |||
| CVE-2023-38308 | 0.00 | — | 0.01 | Jul 31, 2023 | An issue was discovered in Webmin 2.021. A Cross-Site Scripting (XSS) vulnerability was discovered in the HTTP Tunnel functionality when handling third-party domain URLs. By providing a crafted URL from a third-party domain, an attacker can inject malicious code. leading to the… | |||
| CVE-2023-38310 | 0.00 | — | 0.00 | Jul 31, 2023 | An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the configuration settings of the system logs functionality. The vulnerability allows an attacker to store an XSS payload in the configuration settings of specific log… | |||
| CVE-2023-38305 | 0.00 | — | 0.01 | Jul 31, 2023 | An issue was discovered in Webmin 2.021. The download functionality allows an attacker to exploit a Cross-Site Scripting (XSS) vulnerability. By providing a crafted download path containing a malicious payload, an attacker can inject arbitrary code, which is then executed within… | |||
| CVE-2023-38311 | 0.00 | — | 0.00 | Jul 31, 2023 | An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the System Logs Viewer functionality. The vulnerability allows an attacker to store a malicious payload in the configuration field, triggering the execution of the… | |||
| CVE-2023-38303 | 0.00 | — | 0.01 | Jul 31, 2023 | An issue was discovered in Webmin 2.021. One can exploit a stored Cross-Site Scripting (XSS) attack to achieve Remote Command Execution (RCE) through the Users and Group's real name parameter. | |||
| CVE-2023-38304 | 0.00 | — | 0.00 | Jul 31, 2023 | An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the Users and Groups functionality, allowing an attacker to store a malicious payload in the Group Name field when creating a new group. | |||
| CVE-2023-38306 | 0.00 | — | 0.01 | Jul 31, 2023 | An issue was discovered in Webmin 2.021. A Cross-site Scripting (XSS) Bypass vulnerability was discovered in the file upload functionality. Normally, the application restricts the upload of certain file types such as .svg, .php, etc., and displays an error message if a… | |||
| CVE-2022-3844 | 0.00 | — | 0.01 | Nov 2, 2022 | A vulnerability, which was classified as problematic, was found in Webmin 2.001. Affected is an unknown function of the file xterm/index.cgi. The manipulation leads to basic cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.003 is able to… | |||
| CVE-2022-36880 | 0.00 | — | 0.01 | Jul 27, 2022 | The Read Mail module in Webmin 1.995 and Usermin through 1.850 allows XSS via a crafted HTML e-mail message. | |||
| CVE-2022-30708 | 0.00 | — | 0.03 | May 15, 2022 | Webmin through 1.991, when the Authentic theme is used, allows remote code execution when a user has been manually created (i.e., not created in Virtualmin or Cloudmin). This occurs because settings-editor_write.cgi does not properly restrict the file parameter. | |||
| CVE-2022-0829 | 0.00 | — | 0.01 | Mar 2, 2022 | Improper Authorization in GitHub repository webmin/webmin prior to 1.990. | |||
| CVE-2020-35769 | 0.00 | — | 0.02 | Dec 29, 2020 | miniserv.pl in Webmin 1.962 on Windows mishandles special characters in query arguments to the CGI program. | |||
| CVE-2020-12670 | 0.00 | — | 0.01 | Oct 12, 2020 | XSS exists in Webmin 1.941 and earlier affecting the Save function of the Read User Email Module / mailboxes Endpoint when attempting to save HTML emails. This module parses any output without sanitizing SCRIPT elements, as opposed to the View function, which sanitizes the input… | |||
| CVE-2020-8821 | 0.00 | — | 0.82 | Oct 12, 2020 | An Improper Data Validation Vulnerability exists in Webmin 1.941 and earlier affecting the Command Shell Endpoint. A user may enter HTML code into the Command field and submit it. Then, after visiting the Action Logs Menu and displaying logs, the HTML code will be rendered… | |||
| CVE-2020-8820 | 0.00 | — | 0.01 | Oct 12, 2020 | An XSS Vulnerability exists in Webmin 1.941 and earlier affecting the Cluster Shell Commands Endpoint. A user may enter any XSS Payload into the Command field and execute it. Then, after revisiting the Cluster Shell Commands Menu, the XSS Payload will be rendered and executed. | |||
| CVE-2019-15641 | 0.00 | — | 0.01 | Aug 26, 2019 | xmlrpc.cgi in Webmin through 1.930 allows authenticated XXE attacks. By default, only root, admin, and sysadm can access xmlrpc.cgi. | |||
| CVE-2018-19191 | 0.00 | — | 0.40 | Mar 17, 2019 | Webmin 1.890 has XSS via /config.cgi?webmin, the /shell/index.cgi history parameter, /shell/index.cgi?stripped=1, or the /webminlog/search.cgi uall or mall parameter. | |||
| CVE-2015-1377 | 0.00 | — | 0.00 | Feb 10, 2015 | The Read Mail module in Webmin 1.720 allows local users to read arbitrary files via a symlink attack on an unspecified file. | |||
| CVE-2014-3886 | 0.00 | — | 0.01 | Jul 20, 2014 | Cross-site scripting (XSS) vulnerability in Webmin before 1.690, when referrer checking is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2014-3924. | |||
| CVE-2014-3885 | 0.00 | — | 0.01 | Jul 20, 2014 | Cross-site scripting (XSS) vulnerability in Webmin before 1.690 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2014-3924. | |||
| CVE-2014-3884 | 0.00 | — | 0.01 | Jul 20, 2014 | Cross-site scripting (XSS) vulnerability in Usermin before 1.600 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2014-3924. | |||
| CVE-2014-3883 | 0.00 | — | 0.01 | Jun 21, 2014 | Usermin before 1.600 allows remote attackers to execute arbitrary operating-system commands via unspecified vectors related to a user action. | |||
| CVE-2014-3924 | 0.00 | — | 0.01 | May 30, 2014 | Multiple cross-site scripting (XSS) vulnerabilities in Webmin before 1.690 and Usermin before 1.600 allow remote attackers to inject arbitrary web script or HTML via vectors related to popup windows. | |||
| CVE-2014-0339 | 0.00 | — | 0.02 | Mar 16, 2014 | Cross-site scripting (XSS) vulnerability in view.cgi in Webmin before 1.680 allows remote attackers to inject arbitrary web script or HTML via the search parameter. | |||
| CVE-2012-4893 | 0.00 | — | 0.01 | Sep 11, 2012 | Multiple cross-site request forgery (CSRF) vulnerabilities in file/show.cgi in Webmin 1.590 and earlier allow remote attackers to hijack the authentication of privileged users for requests that (1) read files or execute (2) tar, (3) zip, or (4) gzip commands, a different issue… | |||
| CVE-2012-2983 | 0.00 | — | 0.20 | Sep 11, 2012 | file/edit_html.cgi in Webmin 1.590 and earlier does not perform an authorization check before showing a file's unedited contents, which allows remote attackers to read arbitrary files via the file field. | |||
| CVE-2012-2981 | 0.00 | — | 0.02 | Sep 11, 2012 | Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary Perl code via a crafted file associated with the type (aka monitor type name) parameter. | |||
| CVE-2011-1937 | 0.00 | — | 0.02 | May 31, 2011 | Cross-site scripting (XSS) vulnerability in Webmin 1.540 and earlier allows local users to inject arbitrary web script or HTML via a chfn command that changes the real (aka Full Name) field, related to useradmin/index.cgi and useradmin/user-lib.pl. | |||
| CVE-2009-4568 | 0.00 | — | 0.02 | Jan 5, 2010 | Cross-site scripting (XSS) vulnerability in Webmin before 1.500 and Usermin before 1.430 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||
| CVE-2008-0720 | 0.00 | — | 0.01 | Feb 12, 2008 | Cross-site scripting (XSS) vulnerability in Webmin 1.370 and 1.390 and Usermin 1.300 and 1.320 allows remote attackers to inject arbitrary web script or HTML via the search parameter to webmin_search.cgi (aka the search section), and possibly other components accessed through a… | |||
| CVE-2007-5066 | 0.00 | — | 0.02 | Sep 24, 2007 | Unspecified vulnerability in Webmin before 1.370 on Windows allows remote authenticated users to execute arbitrary commands via a crafted URL. | |||
| CVE-2007-3156 | 0.00 | — | 0.02 | Jun 11, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in pam_login.cgi in Webmin before 1.350 and Usermin before 1.280 allow remote attackers to inject arbitrary web script or HTML via the (1) cid, (2) message, or (3) question parameter. NOTE: some of these details are obtained… | |||
| CVE-2007-1276 | 0.00 | — | 0.01 | Mar 5, 2007 | Multiple cross-site scripting (XSS) vulnerabilities in chooser.cgi in Webmin before 1.330 and Usermin before 1.260 allow remote attackers to inject arbitrary web script or HTML via a crafted filename. | |||
| CVE-2006-4542 | 0.00 | — | 0.03 | Sep 5, 2006 | Webmin before 1.296 and Usermin before 1.226 do not properly handle a URL with a null ("%00") character, which allows remote attackers to conduct cross-site scripting (XSS), read CGI program source code, list directories, and possibly execute programs. | |||
| CVE-2006-3274 | 0.00 | — | 0.02 | Jun 28, 2006 | Directory traversal vulnerability in Webmin before 1.280, when run on Windows, allows remote attackers to read arbitrary files via \ (backslash) characters in the URL to certain directories under the web root, such as the image directory. | |||
| CVE-2005-3042 | 0.00 | — | 0.04 | Sep 22, 2005 | miniserv.pl in Webmin before 1.230 and Usermin before 1.160, when "full PAM conversations" is enabled, allows remote attackers to bypass authentication by spoofing session IDs via certain metacharacters (line feed or carriage return). | |||
| CVE-2005-1177 | 0.00 | — | 0.02 | May 2, 2005 | Unknown vulnerability in (1) Webmin and (2) Usermin before 1.200 causes Webmin to change permissions and ownership of configuration files, with unknown impact. | |||
| CVE-2004-1468 | 0.00 | — | 0.04 | Dec 31, 2004 | The web mail functionality in Usermin 1.x and Webmin 1.x allows remote attackers to execute arbitrary commands via shell metacharacters in an e-mail message. | |||
| CVE-2004-0559 | 0.00 | — | 0.00 | Oct 20, 2004 | The maketemp.pl script in Usermin 1.070 and 1.080 allows local users to overwrite arbitrary files at install time via a symlink attack on the /tmp/.usermin directory. |
- CVE-2023-40983Sep 15, 2023risk 0.00cvss —epss 0.01
A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Find in Results file.
- CVE-2023-40985Sep 15, 2023risk 0.00cvss —epss 0.00
An issue was discovered in Webmin 2.100. The File Manager functionality allows an attacker to exploit a Cross-Site Scripting (XSS) vulnerability. By providing a malicious payload, an attacker can inject arbitrary code, which is then executed within the context of the victim's…
- CVE-2023-40982Sep 15, 2023risk 0.00cvss —epss 0.00
A stored cross-site scripting (XSS) vulnerability in Webmin v2.100 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cloned module name parameter.
- CVE-2023-40986Sep 15, 2023risk 0.00cvss —epss 0.00
A stored cross-site scripting (XSS) vulnerability in the Usermin Configuration function of Webmin v2.100 allows attackers to execute arbitrary web sripts or HTML via a crafted payload injected into the Custom field.
- CVE-2023-41156Sep 14, 2023risk 0.00cvss —epss 0.00
A Stored Cross-Site Scripting (XSS) vulnerability in the filter and forward mail tab in Usermin 2.001 allows remote attackers to inject arbitrary web script or HTML via the save to new folder named field while creating a new filter.
- CVE-2023-41155Sep 13, 2023risk 0.00cvss —epss 0.00
A Stored Cross-Site Scripting (XSS) vulnerability in the mail forwarding and replies tab in Webmin and Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the forward to field while creating a mail forwarding rule.
- CVE-2023-41154Sep 13, 2023risk 0.00cvss —epss 0.00
A Stored Cross-Site Scripting (XSS) vulnerability in the scheduled cron jobs tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the value field parameter while creating a new environment variable.
- CVE-2023-41163Aug 30, 2023risk 0.00cvss —epss 0.00
A Reflected Cross-site scripting (XSS) vulnerability in the file manager tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the replace in results field while replacing the results under the tools drop down.
- CVE-2023-41153Aug 29, 2023risk 0.00cvss —epss 0.00
A Stored Cross-Site Scripting (XSS) vulnerability in the SSH configuration tab in Usermin 2.001 allows remote attackers to inject arbitrary web script or HTML via options for the host value while editing the host options.
- CVE-2023-38309Jul 31, 2023risk 0.00cvss —epss 0.01
An issue was discovered in Webmin 2.021. A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the package search functionality. The vulnerability allows an attacker to inject a malicious payload in the "Search for Package" field, which gets reflected back in…
- CVE-2023-38307Jul 31, 2023risk 0.00cvss —epss 0.00
An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the Users and Groups functionality. The vulnerability occurs when an authenticated user adds a new user and inserts an XSS payload into the user's real name.
- CVE-2023-38308Jul 31, 2023risk 0.00cvss —epss 0.01
An issue was discovered in Webmin 2.021. A Cross-Site Scripting (XSS) vulnerability was discovered in the HTTP Tunnel functionality when handling third-party domain URLs. By providing a crafted URL from a third-party domain, an attacker can inject malicious code. leading to the…
- CVE-2023-38310Jul 31, 2023risk 0.00cvss —epss 0.00
An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the configuration settings of the system logs functionality. The vulnerability allows an attacker to store an XSS payload in the configuration settings of specific log…
- CVE-2023-38305Jul 31, 2023risk 0.00cvss —epss 0.01
An issue was discovered in Webmin 2.021. The download functionality allows an attacker to exploit a Cross-Site Scripting (XSS) vulnerability. By providing a crafted download path containing a malicious payload, an attacker can inject arbitrary code, which is then executed within…
- CVE-2023-38311Jul 31, 2023risk 0.00cvss —epss 0.00
An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the System Logs Viewer functionality. The vulnerability allows an attacker to store a malicious payload in the configuration field, triggering the execution of the…
- CVE-2023-38303Jul 31, 2023risk 0.00cvss —epss 0.01
An issue was discovered in Webmin 2.021. One can exploit a stored Cross-Site Scripting (XSS) attack to achieve Remote Command Execution (RCE) through the Users and Group's real name parameter.
- CVE-2023-38304Jul 31, 2023risk 0.00cvss —epss 0.00
An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the Users and Groups functionality, allowing an attacker to store a malicious payload in the Group Name field when creating a new group.
- CVE-2023-38306Jul 31, 2023risk 0.00cvss —epss 0.01
An issue was discovered in Webmin 2.021. A Cross-site Scripting (XSS) Bypass vulnerability was discovered in the file upload functionality. Normally, the application restricts the upload of certain file types such as .svg, .php, etc., and displays an error message if a…
- CVE-2022-3844Nov 2, 2022risk 0.00cvss —epss 0.01
A vulnerability, which was classified as problematic, was found in Webmin 2.001. Affected is an unknown function of the file xterm/index.cgi. The manipulation leads to basic cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.003 is able to…
- CVE-2022-36880Jul 27, 2022risk 0.00cvss —epss 0.01
The Read Mail module in Webmin 1.995 and Usermin through 1.850 allows XSS via a crafted HTML e-mail message.
- CVE-2022-30708May 15, 2022risk 0.00cvss —epss 0.03
Webmin through 1.991, when the Authentic theme is used, allows remote code execution when a user has been manually created (i.e., not created in Virtualmin or Cloudmin). This occurs because settings-editor_write.cgi does not properly restrict the file parameter.
- CVE-2022-0829Mar 2, 2022risk 0.00cvss —epss 0.01
Improper Authorization in GitHub repository webmin/webmin prior to 1.990.
- CVE-2020-35769Dec 29, 2020risk 0.00cvss —epss 0.02
miniserv.pl in Webmin 1.962 on Windows mishandles special characters in query arguments to the CGI program.
- CVE-2020-12670Oct 12, 2020risk 0.00cvss —epss 0.01
XSS exists in Webmin 1.941 and earlier affecting the Save function of the Read User Email Module / mailboxes Endpoint when attempting to save HTML emails. This module parses any output without sanitizing SCRIPT elements, as opposed to the View function, which sanitizes the input…
- CVE-2020-8821Oct 12, 2020risk 0.00cvss —epss 0.82
An Improper Data Validation Vulnerability exists in Webmin 1.941 and earlier affecting the Command Shell Endpoint. A user may enter HTML code into the Command field and submit it. Then, after visiting the Action Logs Menu and displaying logs, the HTML code will be rendered…
- CVE-2020-8820Oct 12, 2020risk 0.00cvss —epss 0.01
An XSS Vulnerability exists in Webmin 1.941 and earlier affecting the Cluster Shell Commands Endpoint. A user may enter any XSS Payload into the Command field and execute it. Then, after revisiting the Cluster Shell Commands Menu, the XSS Payload will be rendered and executed.
- CVE-2019-15641Aug 26, 2019risk 0.00cvss —epss 0.01
xmlrpc.cgi in Webmin through 1.930 allows authenticated XXE attacks. By default, only root, admin, and sysadm can access xmlrpc.cgi.
- CVE-2018-19191Mar 17, 2019risk 0.00cvss —epss 0.40
Webmin 1.890 has XSS via /config.cgi?webmin, the /shell/index.cgi history parameter, /shell/index.cgi?stripped=1, or the /webminlog/search.cgi uall or mall parameter.
- CVE-2015-1377Feb 10, 2015risk 0.00cvss —epss 0.00
The Read Mail module in Webmin 1.720 allows local users to read arbitrary files via a symlink attack on an unspecified file.
- CVE-2014-3886Jul 20, 2014risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Webmin before 1.690, when referrer checking is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2014-3924.
- CVE-2014-3885Jul 20, 2014risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Webmin before 1.690 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2014-3924.
- CVE-2014-3884Jul 20, 2014risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Usermin before 1.600 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2014-3924.
- CVE-2014-3883Jun 21, 2014risk 0.00cvss —epss 0.01
Usermin before 1.600 allows remote attackers to execute arbitrary operating-system commands via unspecified vectors related to a user action.
- CVE-2014-3924May 30, 2014risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in Webmin before 1.690 and Usermin before 1.600 allow remote attackers to inject arbitrary web script or HTML via vectors related to popup windows.
- CVE-2014-0339Mar 16, 2014risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in view.cgi in Webmin before 1.680 allows remote attackers to inject arbitrary web script or HTML via the search parameter.
- CVE-2012-4893Sep 11, 2012risk 0.00cvss —epss 0.01
Multiple cross-site request forgery (CSRF) vulnerabilities in file/show.cgi in Webmin 1.590 and earlier allow remote attackers to hijack the authentication of privileged users for requests that (1) read files or execute (2) tar, (3) zip, or (4) gzip commands, a different issue…
- CVE-2012-2983Sep 11, 2012risk 0.00cvss —epss 0.20
file/edit_html.cgi in Webmin 1.590 and earlier does not perform an authorization check before showing a file's unedited contents, which allows remote attackers to read arbitrary files via the file field.
- CVE-2012-2981Sep 11, 2012risk 0.00cvss —epss 0.02
Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary Perl code via a crafted file associated with the type (aka monitor type name) parameter.
- CVE-2011-1937May 31, 2011risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in Webmin 1.540 and earlier allows local users to inject arbitrary web script or HTML via a chfn command that changes the real (aka Full Name) field, related to useradmin/index.cgi and useradmin/user-lib.pl.
- CVE-2009-4568Jan 5, 2010risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in Webmin before 1.500 and Usermin before 1.430 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- CVE-2008-0720Feb 12, 2008risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in Webmin 1.370 and 1.390 and Usermin 1.300 and 1.320 allows remote attackers to inject arbitrary web script or HTML via the search parameter to webmin_search.cgi (aka the search section), and possibly other components accessed through a…
- CVE-2007-5066Sep 24, 2007risk 0.00cvss —epss 0.02
Unspecified vulnerability in Webmin before 1.370 on Windows allows remote authenticated users to execute arbitrary commands via a crafted URL.
- CVE-2007-3156Jun 11, 2007risk 0.00cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in pam_login.cgi in Webmin before 1.350 and Usermin before 1.280 allow remote attackers to inject arbitrary web script or HTML via the (1) cid, (2) message, or (3) question parameter. NOTE: some of these details are obtained…
- CVE-2007-1276Mar 5, 2007risk 0.00cvss —epss 0.01
Multiple cross-site scripting (XSS) vulnerabilities in chooser.cgi in Webmin before 1.330 and Usermin before 1.260 allow remote attackers to inject arbitrary web script or HTML via a crafted filename.
- CVE-2006-4542Sep 5, 2006risk 0.00cvss —epss 0.03
Webmin before 1.296 and Usermin before 1.226 do not properly handle a URL with a null ("%00") character, which allows remote attackers to conduct cross-site scripting (XSS), read CGI program source code, list directories, and possibly execute programs.
- CVE-2006-3274Jun 28, 2006risk 0.00cvss —epss 0.02
Directory traversal vulnerability in Webmin before 1.280, when run on Windows, allows remote attackers to read arbitrary files via \ (backslash) characters in the URL to certain directories under the web root, such as the image directory.
- CVE-2005-3042Sep 22, 2005risk 0.00cvss —epss 0.04
miniserv.pl in Webmin before 1.230 and Usermin before 1.160, when "full PAM conversations" is enabled, allows remote attackers to bypass authentication by spoofing session IDs via certain metacharacters (line feed or carriage return).
- CVE-2005-1177May 2, 2005risk 0.00cvss —epss 0.02
Unknown vulnerability in (1) Webmin and (2) Usermin before 1.200 causes Webmin to change permissions and ownership of configuration files, with unknown impact.
- CVE-2004-1468Dec 31, 2004risk 0.00cvss —epss 0.04
The web mail functionality in Usermin 1.x and Webmin 1.x allows remote attackers to execute arbitrary commands via shell metacharacters in an e-mail message.
- CVE-2004-0559Oct 20, 2004risk 0.00cvss —epss 0.00
The maketemp.pl script in Usermin 1.070 and 1.080 allows local users to overwrite arbitrary files at install time via a symlink attack on the /tmp/.usermin directory.
Page 2 of 3