Vulnerabilites related to Webmin - Webmin
CVE-2020-35769 (GCVE-0-2020-35769)
Vulnerability from cvelistv5
Published
2020-12-29 05:35
Modified
2024-08-04 17:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
miniserv.pl in Webmin 1.962 on Windows mishandles special characters in query arguments to the CGI program.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:09:15.226Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/webmin/webmin/commit/1163f3a7f418f249af64890f4636575e687e9de7#diff-9b33fd8f5603d4f0d1428689bc36f24af4770608a22c0d92b7a8bcc522450dc6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vigilance.fr/vulnerability/Webmin-code-execution-via-miniserv-pl-handle-request-34220"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "miniserv.pl in Webmin 1.962 on Windows mishandles special characters in query arguments to the CGI program."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-30T18:11:22",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/webmin/webmin/commit/1163f3a7f418f249af64890f4636575e687e9de7#diff-9b33fd8f5603d4f0d1428689bc36f24af4770608a22c0d92b7a8bcc522450dc6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vigilance.fr/vulnerability/Webmin-code-execution-via-miniserv-pl-handle-request-34220"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-35769",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "miniserv.pl in Webmin 1.962 on Windows mishandles special characters in query arguments to the CGI program."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/webmin/webmin/commit/1163f3a7f418f249af64890f4636575e687e9de7#diff-9b33fd8f5603d4f0d1428689bc36f24af4770608a22c0d92b7a8bcc522450dc6",
"refsource": "MISC",
"url": "https://github.com/webmin/webmin/commit/1163f3a7f418f249af64890f4636575e687e9de7#diff-9b33fd8f5603d4f0d1428689bc36f24af4770608a22c0d92b7a8bcc522450dc6"
},
{
"name": "https://vigilance.fr/vulnerability/Webmin-code-execution-via-miniserv-pl-handle-request-34220",
"refsource": "MISC",
"url": "https://vigilance.fr/vulnerability/Webmin-code-execution-via-miniserv-pl-handle-request-34220"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35769",
"datePublished": "2020-12-29T05:35:39",
"dateReserved": "2020-12-29T00:00:00",
"dateUpdated": "2024-08-04T17:09:15.226Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3885 (GCVE-0-2014-3885)
Vulnerability from cvelistv5
Published
2014-07-20 10:00
Modified
2024-08-06 10:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in Webmin before 1.690 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2014-3924.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:57:17.927Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVNDB-2014-000059",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000059"
},
{
"name": "JVN#49974594",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN49974594/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Webmin before 1.690 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2014-3924."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-07-20T06:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVNDB-2014-000059",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000059"
},
{
"name": "JVN#49974594",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN49974594/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2014-3885",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Webmin before 1.690 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2014-3924."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2014-000059",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000059"
},
{
"name": "JVN#49974594",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN49974594/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2014-3885",
"datePublished": "2014-07-20T10:00:00",
"dateReserved": "2014-05-27T00:00:00",
"dateUpdated": "2024-08-06T10:57:17.927Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-1377 (GCVE-0-2015-1377)
Vulnerability from cvelistv5
Published
2015-02-10 20:00
Modified
2024-08-06 04:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Read Mail module in Webmin 1.720 allows local users to read arbitrary files via a symlink attack on an unspecified file.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:40:18.586Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.webmin.com/security.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.webmin.com/changes.html"
},
{
"name": "62157",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62157"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Read Mail module in Webmin 1.720 allows local users to read arbitrary files via a symlink attack on an unspecified file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-02-10T19:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.webmin.com/security.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.webmin.com/changes.html"
},
{
"name": "62157",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62157"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1377",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Read Mail module in Webmin 1.720 allows local users to read arbitrary files via a symlink attack on an unspecified file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.webmin.com/security.html",
"refsource": "CONFIRM",
"url": "http://www.webmin.com/security.html"
},
{
"name": "http://www.webmin.com/changes.html",
"refsource": "CONFIRM",
"url": "http://www.webmin.com/changes.html"
},
{
"name": "62157",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62157"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-1377",
"datePublished": "2015-02-10T20:00:00",
"dateReserved": "2015-01-27T00:00:00",
"dateUpdated": "2024-08-06T04:40:18.586Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-0756 (GCVE-0-2002-0756)
Vulnerability from cvelistv5
Published
2002-07-26 04:00
Modified
2024-08-08 03:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting vulnerability in the authentication page for (1) Webmin 0.96 and (2) Usermin 0.90 allows remote attackers to insert script into an error page and possibly steal cookies.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:03:47.965Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "webmin-usermin-authpage-css(9036)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9036.php"
},
{
"name": "4694",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4694"
},
{
"name": "20020508 [SNS Advisory No.52] Webmin/Usermin Cross-site Scripting Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-05/0040.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-05-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in the authentication page for (1) Webmin 0.96 and (2) Usermin 0.90 allows remote attackers to insert script into an error page and possibly steal cookies."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-07-31T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "webmin-usermin-authpage-css(9036)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9036.php"
},
{
"name": "4694",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4694"
},
{
"name": "20020508 [SNS Advisory No.52] Webmin/Usermin Cross-site Scripting Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-05/0040.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0756",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in the authentication page for (1) Webmin 0.96 and (2) Usermin 0.90 allows remote attackers to insert script into an error page and possibly steal cookies."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "webmin-usermin-authpage-css(9036)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9036.php"
},
{
"name": "4694",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4694"
},
{
"name": "20020508 [SNS Advisory No.52] Webmin/Usermin Cross-site Scripting Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-05/0040.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0756",
"datePublished": "2002-07-26T04:00:00",
"dateReserved": "2002-07-25T00:00:00",
"dateUpdated": "2024-08-08T03:03:47.965Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38308 (GCVE-0-2023-38308)
Vulnerability from cvelistv5
Published
2023-07-31 00:00
Modified
2024-10-22 17:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Webmin 2.021. A Cross-Site Scripting (XSS) vulnerability was discovered in the HTTP Tunnel functionality when handling third-party domain URLs. By providing a crafted URL from a third-party domain, an attacker can inject malicious code. leading to the execution of arbitrary JavaScript code within the context of the victim's browser.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:39:12.247Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://webmin.com/tags/webmin-changelog/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38308"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38308",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T17:49:56.558892Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T17:50:05.120Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Webmin 2.021. A Cross-Site Scripting (XSS) vulnerability was discovered in the HTTP Tunnel functionality when handling third-party domain URLs. By providing a crafted URL from a third-party domain, an attacker can inject malicious code. leading to the execution of arbitrary JavaScript code within the context of the victim\u0027s browser."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-31T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://webmin.com/tags/webmin-changelog/"
},
{
"url": "https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38308"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-38308",
"datePublished": "2023-07-31T00:00:00",
"dateReserved": "2023-07-14T00:00:00",
"dateUpdated": "2024-10-22T17:50:05.120Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-1673 (GCVE-0-2002-1673)
Vulnerability from cvelistv5
Published
2005-06-21 04:00
Modified
2024-08-08 03:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The web interface for Webmin 0.92 does not properly quote or filter script code in files that are displayed to the interface, which allows local users to execute script and possibly steal cookies by inserting the script into certain files or fields, such as a real user name entry in the passwd file.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:34:55.628Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "4329",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4329"
},
{
"name": "webmin-functions-execute-code(8596)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8596"
},
{
"name": "20020320 Local privalege escalation issues with Webmin 0.92",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/263181"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-03-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The web interface for Webmin 0.92 does not properly quote or filter script code in files that are displayed to the interface, which allows local users to execute script and possibly steal cookies by inserting the script into certain files or fields, such as a real user name entry in the passwd file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "4329",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4329"
},
{
"name": "webmin-functions-execute-code(8596)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8596"
},
{
"name": "20020320 Local privalege escalation issues with Webmin 0.92",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/263181"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1673",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web interface for Webmin 0.92 does not properly quote or filter script code in files that are displayed to the interface, which allows local users to execute script and possibly steal cookies by inserting the script into certain files or fields, such as a real user name entry in the passwd file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4329",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4329"
},
{
"name": "webmin-functions-execute-code(8596)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8596"
},
{
"name": "20020320 Local privalege escalation issues with Webmin 0.92",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/263181"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1673",
"datePublished": "2005-06-21T04:00:00",
"dateReserved": "2005-06-21T00:00:00",
"dateUpdated": "2024-08-08T03:34:55.628Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36451 (GCVE-0-2024-36451)
Vulnerability from cvelistv5
Published
2024-07-10 07:01
Modified
2024-08-02 03:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Improper Handling of Insufficient Permissions or Privileges
Summary
Improper handling of insufficient permissions or privileges vulnerability exists in ajaxterm module of Webmin prior to 2.003. If this vulnerability is exploited, a console session may be hijacked by an unauthorized user. As a result, data within a system may be referred, a webpage may be altered, or a server may be permanently halted.
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:gentoo:webmin:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "webmin",
"vendor": "gentoo",
"versions": [
{
"lessThan": "2.003",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-36451",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-10T13:43:10.942023Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-280",
"description": "CWE-280 Improper Handling of Insufficient Permissions or Privileges ",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T13:44:57.574Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:37:05.144Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://webmin.com/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN81442045/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Webmin",
"vendor": "Webmin",
"versions": [
{
"status": "affected",
"version": "prior to 2.003"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper handling of insufficient permissions or privileges vulnerability exists in ajaxterm module of Webmin prior to 2.003. If this vulnerability is exploited, a console session may be hijacked by an unauthorized user. As a result, data within a system may be referred, a webpage may be altered, or a server may be permanently halted."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Handling of Insufficient Permissions or Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T07:01:26.121Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://webmin.com/"
},
{
"url": "https://jvn.jp/en/jp/JVN81442045/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-36451",
"datePublished": "2024-07-10T07:01:26.121Z",
"dateReserved": "2024-05-28T05:38:38.739Z",
"dateUpdated": "2024-08-02T03:37:05.144Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32156 (GCVE-0-2021-32156)
Vulnerability from cvelistv5
Published
2022-04-11 05:37
Modified
2024-08-03 23:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 via the Scheduled Cron Jobs feature.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:17:29.175Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Mesh3l911/CVE-2021-32156"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 via the Scheduled Cron Jobs feature."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-11T05:37:30",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Mesh3l911/CVE-2021-32156"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-32156",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 via the Scheduled Cron Jobs feature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Mesh3l911/CVE-2021-32156",
"refsource": "MISC",
"url": "https://github.com/Mesh3l911/CVE-2021-32156"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-32156",
"datePublished": "2022-04-11T05:37:30",
"dateReserved": "2021-05-07T00:00:00",
"dateUpdated": "2024-08-03T23:17:29.175Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-12828 (GCVE-0-2024-12828)
Vulnerability from cvelistv5
Published
2024-12-30 16:48
Modified
2024-12-30 17:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Summary
Webmin CGI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Webmin. Authentication is required to exploit this vulnerability.
The specific flaw exists within the handling of CGI requests. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22346.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12828",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-30T17:34:53.809557Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-30T17:35:11.375Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Webmin",
"vendor": "Webmin",
"versions": [
{
"status": "affected",
"version": "webmin 2.104"
}
]
}
],
"dateAssigned": "2024-12-19T15:57:37.257-06:00",
"datePublic": "2024-12-20T10:52:56.353-06:00",
"descriptions": [
{
"lang": "en",
"value": "Webmin CGI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Webmin. Authentication is required to exploit this vulnerability. \n\nThe specific flaw exists within the handling of CGI requests. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22346."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-30T16:48:13.347Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-1725",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1725/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/webmin/authentic-theme/commit/61e5b10227b50407e3c6ac494ffbd4385d1b59df"
}
],
"source": {
"lang": "en",
"value": "ptrstr"
},
"title": "Webmin CGI Command Injection Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-12828",
"datePublished": "2024-12-30T16:48:13.347Z",
"dateReserved": "2024-12-19T21:57:37.181Z",
"dateUpdated": "2024-12-30T17:35:11.375Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-40982 (GCVE-0-2023-40982)
Vulnerability from cvelistv5
Published
2023-09-15 00:00
Modified
2024-09-25 18:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A stored cross-site scripting (XSS) vulnerability in Webmin v2.100 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cloned module name parameter.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:46:11.151Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://webmin.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Vi39/Webmin-2.100/blob/main/CVE-2023-40982"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40982",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T18:07:28.649592Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T18:08:00.827Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting (XSS) vulnerability in Webmin v2.100 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cloned module name parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-15T02:56:27.452798",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://webmin.com"
},
{
"url": "https://github.com/Vi39/Webmin-2.100/blob/main/CVE-2023-40982"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-40982",
"datePublished": "2023-09-15T00:00:00",
"dateReserved": "2023-08-22T00:00:00",
"dateUpdated": "2024-09-25T18:08:00.827Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0582 (GCVE-0-2004-0582)
Vulnerability from cvelistv5
Published
2004-06-23 04:00
Modified
2024-08-08 00:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unknown vulnerability in Webmin 1.140 allows remote attackers to bypass access control rules and gain read access to configuration information for a module.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:24:26.361Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "10474",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10474"
},
{
"name": "DSA-526",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2004/dsa-526"
},
{
"name": "20040611 [SNS Advisory No.74] Webmin Access Control Rule Bypass Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108697184602191\u0026w=2"
},
{
"name": "MDKSA-2004:074",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:074"
},
{
"name": "CLA-2004:848",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000848"
},
{
"name": "webmin-bypass-security(16333)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16333"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.webmin.com/changes-1.150.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/74_e.html"
},
{
"name": "GLSA-200406-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200406-12.xml"
},
{
"name": "10522",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10522"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-06-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unknown vulnerability in Webmin 1.140 allows remote attackers to bypass access control rules and gain read access to configuration information for a module."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "10474",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10474"
},
{
"name": "DSA-526",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2004/dsa-526"
},
{
"name": "20040611 [SNS Advisory No.74] Webmin Access Control Rule Bypass Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108697184602191\u0026w=2"
},
{
"name": "MDKSA-2004:074",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:074"
},
{
"name": "CLA-2004:848",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000848"
},
{
"name": "webmin-bypass-security(16333)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16333"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.webmin.com/changes-1.150.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/74_e.html"
},
{
"name": "GLSA-200406-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200406-12.xml"
},
{
"name": "10522",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10522"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0582",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unknown vulnerability in Webmin 1.140 allows remote attackers to bypass access control rules and gain read access to configuration information for a module."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "10474",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10474"
},
{
"name": "DSA-526",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-526"
},
{
"name": "20040611 [SNS Advisory No.74] Webmin Access Control Rule Bypass Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108697184602191\u0026w=2"
},
{
"name": "MDKSA-2004:074",
"refsource": "MANDRAKE",
"url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:074"
},
{
"name": "CLA-2004:848",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000848"
},
{
"name": "webmin-bypass-security(16333)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16333"
},
{
"name": "http://www.webmin.com/changes-1.150.html",
"refsource": "CONFIRM",
"url": "http://www.webmin.com/changes-1.150.html"
},
{
"name": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/74_e.html",
"refsource": "MISC",
"url": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/74_e.html"
},
{
"name": "GLSA-200406-12",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200406-12.xml"
},
{
"name": "10522",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10522"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0582",
"datePublished": "2004-06-23T04:00:00",
"dateReserved": "2004-06-18T00:00:00",
"dateUpdated": "2024-08-08T00:24:26.361Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38309 (GCVE-0-2023-38309)
Vulnerability from cvelistv5
Published
2023-07-31 00:00
Modified
2024-10-22 17:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Webmin 2.021. A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the package search functionality. The vulnerability allows an attacker to inject a malicious payload in the "Search for Package" field, which gets reflected back in the application's response, leading to the execution of arbitrary JavaScript code within the context of the victim's browser.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:39:12.681Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://webmin.com/tags/webmin-changelog/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38309"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38309",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T17:49:21.693543Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T17:49:35.023Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Webmin 2.021. A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the package search functionality. The vulnerability allows an attacker to inject a malicious payload in the \"Search for Package\" field, which gets reflected back in the application\u0027s response, leading to the execution of arbitrary JavaScript code within the context of the victim\u0027s browser."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-31T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://webmin.com/tags/webmin-changelog/"
},
{
"url": "https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38309"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-38309",
"datePublished": "2023-07-31T00:00:00",
"dateReserved": "2023-07-14T00:00:00",
"dateUpdated": "2024-10-22T17:49:35.023Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32160 (GCVE-0-2021-32160)
Vulnerability from cvelistv5
Published
2022-04-11 05:43
Modified
2024-08-03 23:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 through the Add Users feature.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:17:29.338Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Mesh3l911/CVE-2021-32160"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 through the Add Users feature."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-11T05:43:44",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Mesh3l911/CVE-2021-32160"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-32160",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 through the Add Users feature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Mesh3l911/CVE-2021-32160",
"refsource": "MISC",
"url": "https://github.com/Mesh3l911/CVE-2021-32160"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-32160",
"datePublished": "2022-04-11T05:43:44",
"dateReserved": "2021-05-07T00:00:00",
"dateUpdated": "2024-08-03T23:17:29.338Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-0757 (GCVE-0-2002-0757)
Vulnerability from cvelistv5
Published
2002-07-26 04:00
Modified
2024-08-08 03:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
(1) Webmin 0.96 and (2) Usermin 0.90 with password timeouts enabled allow local and possibly remote attackers to bypass authentication and gain privileges via certain control characters in the authentication information, which can force Webmin or Usermin to accept arbitrary username/session ID combinations.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:03:47.946Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "webmin-usermin-sessionid-spoof(9037)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9037.php"
},
{
"name": "4700",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4700"
},
{
"name": "MDKSA-2002:033",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-033.php"
},
{
"name": "20020508 [SNS Advisory No.53] Webmin/Usermin Session ID Spoofing Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/271466"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-05-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "(1) Webmin 0.96 and (2) Usermin 0.90 with password timeouts enabled allow local and possibly remote attackers to bypass authentication and gain privileges via certain control characters in the authentication information, which can force Webmin or Usermin to accept arbitrary username/session ID combinations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-07-31T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "webmin-usermin-sessionid-spoof(9037)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9037.php"
},
{
"name": "4700",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4700"
},
{
"name": "MDKSA-2002:033",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-033.php"
},
{
"name": "20020508 [SNS Advisory No.53] Webmin/Usermin Session ID Spoofing Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/271466"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0757",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "(1) Webmin 0.96 and (2) Usermin 0.90 with password timeouts enabled allow local and possibly remote attackers to bypass authentication and gain privileges via certain control characters in the authentication information, which can force Webmin or Usermin to accept arbitrary username/session ID combinations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "webmin-usermin-sessionid-spoof(9037)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9037.php"
},
{
"name": "4700",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4700"
},
{
"name": "MDKSA-2002:033",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-033.php"
},
{
"name": "20020508 [SNS Advisory No.53] Webmin/Usermin Session ID Spoofing Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/271466"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0757",
"datePublished": "2002-07-26T04:00:00",
"dateReserved": "2002-07-25T00:00:00",
"dateUpdated": "2024-08-08T03:03:47.946Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3392 (GCVE-0-2006-3392)
Vulnerability from cvelistv5
Published
2006-07-06 20:00
Modified
2024-08-07 18:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Webmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML, which allows remote attackers to read arbitrary files, as demonstrated using "..%01" sequences, which bypass the removal of "../" sequences before bytes such as "%01" are removed from the filename. NOTE: This is a different issue than CVE-2006-3274.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:30:32.634Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "21365",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21365"
},
{
"name": "GLSA-200608-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200608-11.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.webmin.com/changes.html"
},
{
"name": "20060710 Re: Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/440125/100/0/threaded"
},
{
"name": "21105",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21105"
},
{
"name": "18744",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18744"
},
{
"name": "20060715 Webmin / Usermin Arbitrary File Disclosure Vulnerability Perl",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/440493/100/0/threaded"
},
{
"name": "20060715 Re: Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/440466/100/0/threaded"
},
{
"name": "VU#999601",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/999601"
},
{
"name": "DSA-1199",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1199"
},
{
"name": "20060630 Webmin traversal - changelog",
"tags": [
"mailing-list",
"x_refsource_VIM",
"x_transferred"
],
"url": "http://attrition.org/pipermail/vim/2006-June/000912.html"
},
{
"name": "20892",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20892"
},
{
"name": "MDKSA-2006:125",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:125"
},
{
"name": "ADV-2006-2612",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2612"
},
{
"name": "20060709 Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/439653/100/0/threaded"
},
{
"name": "26772",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/26772"
},
{
"name": "22556",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22556"
},
{
"name": "20060711 Re: Webmin traversal - changelog",
"tags": [
"mailing-list",
"x_refsource_VIM",
"x_transferred"
],
"url": "http://attrition.org/pipermail/vim/2006-July/000923.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Webmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML, which allows remote attackers to read arbitrary files, as demonstrated using \"..%01\" sequences, which bypass the removal of \"../\" sequences before bytes such as \"%01\" are removed from the filename. NOTE: This is a different issue than CVE-2006-3274."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "21365",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21365"
},
{
"name": "GLSA-200608-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200608-11.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.webmin.com/changes.html"
},
{
"name": "20060710 Re: Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/440125/100/0/threaded"
},
{
"name": "21105",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21105"
},
{
"name": "18744",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18744"
},
{
"name": "20060715 Webmin / Usermin Arbitrary File Disclosure Vulnerability Perl",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/440493/100/0/threaded"
},
{
"name": "20060715 Re: Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/440466/100/0/threaded"
},
{
"name": "VU#999601",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/999601"
},
{
"name": "DSA-1199",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1199"
},
{
"name": "20060630 Webmin traversal - changelog",
"tags": [
"mailing-list",
"x_refsource_VIM"
],
"url": "http://attrition.org/pipermail/vim/2006-June/000912.html"
},
{
"name": "20892",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20892"
},
{
"name": "MDKSA-2006:125",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:125"
},
{
"name": "ADV-2006-2612",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2612"
},
{
"name": "20060709 Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/439653/100/0/threaded"
},
{
"name": "26772",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/26772"
},
{
"name": "22556",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22556"
},
{
"name": "20060711 Re: Webmin traversal - changelog",
"tags": [
"mailing-list",
"x_refsource_VIM"
],
"url": "http://attrition.org/pipermail/vim/2006-July/000923.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3392",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Webmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML, which allows remote attackers to read arbitrary files, as demonstrated using \"..%01\" sequences, which bypass the removal of \"../\" sequences before bytes such as \"%01\" are removed from the filename. NOTE: This is a different issue than CVE-2006-3274."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21365",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21365"
},
{
"name": "GLSA-200608-11",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200608-11.xml"
},
{
"name": "http://www.webmin.com/changes.html",
"refsource": "CONFIRM",
"url": "http://www.webmin.com/changes.html"
},
{
"name": "20060710 Re: Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/440125/100/0/threaded"
},
{
"name": "21105",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21105"
},
{
"name": "18744",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18744"
},
{
"name": "20060715 Webmin / Usermin Arbitrary File Disclosure Vulnerability Perl",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/440493/100/0/threaded"
},
{
"name": "20060715 Re: Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/440466/100/0/threaded"
},
{
"name": "VU#999601",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/999601"
},
{
"name": "DSA-1199",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1199"
},
{
"name": "20060630 Webmin traversal - changelog",
"refsource": "VIM",
"url": "http://attrition.org/pipermail/vim/2006-June/000912.html"
},
{
"name": "20892",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20892"
},
{
"name": "MDKSA-2006:125",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:125"
},
{
"name": "ADV-2006-2612",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2612"
},
{
"name": "20060709 Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/439653/100/0/threaded"
},
{
"name": "26772",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26772"
},
{
"name": "22556",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22556"
},
{
"name": "20060711 Re: Webmin traversal - changelog",
"refsource": "VIM",
"url": "http://attrition.org/pipermail/vim/2006-July/000923.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3392",
"datePublished": "2006-07-06T20:00:00",
"dateReserved": "2006-07-06T00:00:00",
"dateUpdated": "2024-08-07T18:30:32.634Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3912 (GCVE-0-2005-3912)
Vulnerability from cvelistv5
Published
2005-11-30 11:00
Modified
2024-08-07 23:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Format string vulnerability in miniserv.pl Perl web server in Webmin before 1.250 and Usermin before 1.180, with syslog logging enabled, allows remote attackers to cause a denial of service (crash or memory consumption) and possibly execute arbitrary code via format string specifiers in the username parameter to the login form, which is ultimately used in a syslog call. NOTE: the code execution might be associated with an issue in Perl.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:31:48.669Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.webmin.com/security.html"
},
{
"name": "17749",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17749"
},
{
"name": "GLSA-200512-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-02.xml"
},
{
"name": "[Dailydave] 20051129 Webmin miniserv.pl format string vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.immunitysec.com/pipermail/dailydave/2005-November/002685.html"
},
{
"name": "DSA-1199",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1199"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.webmin.com/changes-1.250.html"
},
{
"name": "18101",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18101"
},
{
"name": "ADV-2005-2660",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2660"
},
{
"name": "SUSE-SR:2005:030",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_30_sr.html"
},
{
"name": "17878",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17878"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.dyadsecurity.com/webmin-0001.html"
},
{
"name": "20051129 Webmin miniserv.pl format string vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/418093/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.webmin.com/uchanges-1.180.html"
},
{
"name": "22556",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22556"
},
{
"name": "MDKSA-2005:223",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:223"
},
{
"name": "17942",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17942"
},
{
"name": "17817",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17817"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in miniserv.pl Perl web server in Webmin before 1.250 and Usermin before 1.180, with syslog logging enabled, allows remote attackers to cause a denial of service (crash or memory consumption) and possibly execute arbitrary code via format string specifiers in the username parameter to the login form, which is ultimately used in a syslog call. NOTE: the code execution might be associated with an issue in Perl."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.webmin.com/security.html"
},
{
"name": "17749",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17749"
},
{
"name": "GLSA-200512-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-02.xml"
},
{
"name": "[Dailydave] 20051129 Webmin miniserv.pl format string vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.immunitysec.com/pipermail/dailydave/2005-November/002685.html"
},
{
"name": "DSA-1199",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1199"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.webmin.com/changes-1.250.html"
},
{
"name": "18101",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18101"
},
{
"name": "ADV-2005-2660",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2660"
},
{
"name": "SUSE-SR:2005:030",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_30_sr.html"
},
{
"name": "17878",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17878"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.dyadsecurity.com/webmin-0001.html"
},
{
"name": "20051129 Webmin miniserv.pl format string vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/418093/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.webmin.com/uchanges-1.180.html"
},
{
"name": "22556",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22556"
},
{
"name": "MDKSA-2005:223",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:223"
},
{
"name": "17942",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17942"
},
{
"name": "17817",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17817"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3912",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in miniserv.pl Perl web server in Webmin before 1.250 and Usermin before 1.180, with syslog logging enabled, allows remote attackers to cause a denial of service (crash or memory consumption) and possibly execute arbitrary code via format string specifiers in the username parameter to the login form, which is ultimately used in a syslog call. NOTE: the code execution might be associated with an issue in Perl."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.webmin.com/security.html",
"refsource": "CONFIRM",
"url": "http://www.webmin.com/security.html"
},
{
"name": "17749",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17749"
},
{
"name": "GLSA-200512-02",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-02.xml"
},
{
"name": "[Dailydave] 20051129 Webmin miniserv.pl format string vulnerability",
"refsource": "MLIST",
"url": "http://lists.immunitysec.com/pipermail/dailydave/2005-November/002685.html"
},
{
"name": "DSA-1199",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1199"
},
{
"name": "http://www.webmin.com/changes-1.250.html",
"refsource": "CONFIRM",
"url": "http://www.webmin.com/changes-1.250.html"
},
{
"name": "18101",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18101"
},
{
"name": "ADV-2005-2660",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2660"
},
{
"name": "SUSE-SR:2005:030",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_30_sr.html"
},
{
"name": "17878",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17878"
},
{
"name": "http://www.dyadsecurity.com/webmin-0001.html",
"refsource": "MISC",
"url": "http://www.dyadsecurity.com/webmin-0001.html"
},
{
"name": "20051129 Webmin miniserv.pl format string vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/418093/100/0/threaded"
},
{
"name": "http://www.webmin.com/uchanges-1.180.html",
"refsource": "CONFIRM",
"url": "http://www.webmin.com/uchanges-1.180.html"
},
{
"name": "22556",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22556"
},
{
"name": "MDKSA-2005:223",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:223"
},
{
"name": "17942",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17942"
},
{
"name": "17817",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17817"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3912",
"datePublished": "2005-11-30T11:00:00",
"dateReserved": "2005-11-30T00:00:00",
"dateUpdated": "2024-08-07T23:31:48.669Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-30708 (GCVE-0-2022-30708)
Vulnerability from cvelistv5
Published
2022-05-15 02:30
Modified
2024-08-03 06:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Webmin through 1.991, when the Authentic theme is used, allows remote code execution when a user has been manually created (i.e., not created in Virtualmin or Cloudmin). This occurs because settings-editor_write.cgi does not properly restrict the file parameter.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:56:13.713Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/webmin/webmin/issues/1635"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/esp0xdeadbeef/rce_webmin"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twitch.tv/videos/1483029790"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/webmin/webmin/releases"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/webmin/authentic-theme/releases"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://webmin.com/changes.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/webmin/webmin/commit/6a2334bf8b27d55c7edf0b2825cd14f3f8a69d4d"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/esp0xdeadbeef/rce_webmin/blob/main/exploit.py"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Webmin through 1.991, when the Authentic theme is used, allows remote code execution when a user has been manually created (i.e., not created in Virtualmin or Cloudmin). This occurs because settings-editor_write.cgi does not properly restrict the file parameter."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:U/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-15T02:30:14",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/webmin/webmin/issues/1635"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/esp0xdeadbeef/rce_webmin"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twitch.tv/videos/1483029790"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/webmin/webmin/releases"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/webmin/authentic-theme/releases"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://webmin.com/changes.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/webmin/webmin/commit/6a2334bf8b27d55c7edf0b2825cd14f3f8a69d4d"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/esp0xdeadbeef/rce_webmin/blob/main/exploit.py"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-30708",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Webmin through 1.991, when the Authentic theme is used, allows remote code execution when a user has been manually created (i.e., not created in Virtualmin or Cloudmin). This occurs because settings-editor_write.cgi does not properly restrict the file parameter."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:U/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/webmin/webmin/issues/1635",
"refsource": "MISC",
"url": "https://github.com/webmin/webmin/issues/1635"
},
{
"name": "https://github.com/esp0xdeadbeef/rce_webmin",
"refsource": "MISC",
"url": "https://github.com/esp0xdeadbeef/rce_webmin"
},
{
"name": "https://www.twitch.tv/videos/1483029790",
"refsource": "MISC",
"url": "https://www.twitch.tv/videos/1483029790"
},
{
"name": "https://github.com/webmin/webmin/releases",
"refsource": "MISC",
"url": "https://github.com/webmin/webmin/releases"
},
{
"name": "https://github.com/webmin/authentic-theme/releases",
"refsource": "MISC",
"url": "https://github.com/webmin/authentic-theme/releases"
},
{
"name": "https://webmin.com/changes.html",
"refsource": "MISC",
"url": "https://webmin.com/changes.html"
},
{
"name": "https://github.com/webmin/webmin/commit/6a2334bf8b27d55c7edf0b2825cd14f3f8a69d4d",
"refsource": "MISC",
"url": "https://github.com/webmin/webmin/commit/6a2334bf8b27d55c7edf0b2825cd14f3f8a69d4d"
},
{
"name": "https://github.com/esp0xdeadbeef/rce_webmin/blob/main/exploit.py",
"refsource": "MISC",
"url": "https://github.com/esp0xdeadbeef/rce_webmin/blob/main/exploit.py"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-30708",
"datePublished": "2022-05-15T02:30:14",
"dateReserved": "2022-05-15T00:00:00",
"dateUpdated": "2024-08-03T06:56:13.713Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32157 (GCVE-0-2021-32157)
Vulnerability from cvelistv5
Published
2022-04-11 05:38
Modified
2024-08-03 23:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via the Scheduled Cron Jobs feature.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:17:29.177Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Mesh3l911/CVE-2021-32157"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via the Scheduled Cron Jobs feature."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-11T05:38:51",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Mesh3l911/CVE-2021-32157"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-32157",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via the Scheduled Cron Jobs feature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Mesh3l911/CVE-2021-32157",
"refsource": "MISC",
"url": "https://github.com/Mesh3l911/CVE-2021-32157"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-32157",
"datePublished": "2022-04-11T05:38:51",
"dateReserved": "2021-05-07T00:00:00",
"dateUpdated": "2024-08-03T23:17:29.177Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-9624 (GCVE-0-2019-9624)
Vulnerability from cvelistv5
Published
2019-03-07 05:00
Modified
2024-08-04 21:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Webmin 1.900 allows remote attackers to execute arbitrary code by leveraging the "Java file manager" and "Upload and Download" privileges to upload a crafted .cgi file via the /updown/upload.cgi URI.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:54:45.440Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "46201",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/46201"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pentest.com.tr/exploits/Webmin-1900-Remote-Command-Execution.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rapid7.com/db/modules/exploit/unix/webapp/webmin_upload_exec"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-03-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Webmin 1.900 allows remote attackers to execute arbitrary code by leveraging the \"Java file manager\" and \"Upload and Download\" privileges to upload a crafted .cgi file via the /updown/upload.cgi URI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-22T09:06:10",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "46201",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/46201"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pentest.com.tr/exploits/Webmin-1900-Remote-Command-Execution.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rapid7.com/db/modules/exploit/unix/webapp/webmin_upload_exec"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9624",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Webmin 1.900 allows remote attackers to execute arbitrary code by leveraging the \"Java file manager\" and \"Upload and Download\" privileges to upload a crafted .cgi file via the /updown/upload.cgi URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "46201",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/46201"
},
{
"name": "https://pentest.com.tr/exploits/Webmin-1900-Remote-Command-Execution.html",
"refsource": "MISC",
"url": "https://pentest.com.tr/exploits/Webmin-1900-Remote-Command-Execution.html"
},
{
"name": "http://www.rapid7.com/db/modules/exploit/unix/webapp/webmin_upload_exec",
"refsource": "MISC",
"url": "http://www.rapid7.com/db/modules/exploit/unix/webapp/webmin_upload_exec"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-9624",
"datePublished": "2019-03-07T05:00:00",
"dateReserved": "2019-03-06T00:00:00",
"dateUpdated": "2024-08-04T21:54:45.440Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4568 (GCVE-0-2009-4568)
Vulnerability from cvelistv5
Published
2010-01-05 18:31
Modified
2024-08-07 07:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in Webmin before 1.500 and Usermin before 1.430 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:08:38.108Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.webmin.com/security.html"
},
{
"name": "37259",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37259"
},
{
"name": "MDVSA-2010:036",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:036"
},
{
"name": "37648",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37648"
},
{
"name": "ADV-2009-3457",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3457"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-12-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Webmin before 1.500 and Usermin before 1.430 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-02-24T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.webmin.com/security.html"
},
{
"name": "37259",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37259"
},
{
"name": "MDVSA-2010:036",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:036"
},
{
"name": "37648",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37648"
},
{
"name": "ADV-2009-3457",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3457"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4568",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Webmin before 1.500 and Usermin before 1.430 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.webmin.com/security.html",
"refsource": "CONFIRM",
"url": "http://www.webmin.com/security.html"
},
{
"name": "37259",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37259"
},
{
"name": "MDVSA-2010:036",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:036"
},
{
"name": "37648",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37648"
},
{
"name": "ADV-2009-3457",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3457"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4568",
"datePublished": "2010-01-05T18:31:00",
"dateReserved": "2010-01-05T00:00:00",
"dateUpdated": "2024-08-07T07:08:38.108Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-31761 (GCVE-0-2021-31761)
Vulnerability from cvelistv5
Published
2021-04-25 18:30
Modified
2024-08-03 23:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Webmin 1.973 is affected by reflected Cross Site Scripting (XSS) to achieve Remote Command Execution through Webmin's running process feature.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:03:33.750Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/webmin/webmin"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://youtu.be/23VvUMu-28c"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Mesh3l911/CVE-2021-31761"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/electronicbots/CVE-2021-31761"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/163559/Webmin-1.973-Cross-Site-Request-Forgery.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Webmin 1.973 is affected by reflected Cross Site Scripting (XSS) to achieve Remote Command Execution through Webmin\u0027s running process feature."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-20T15:06:11",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/webmin/webmin"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://youtu.be/23VvUMu-28c"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Mesh3l911/CVE-2021-31761"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/electronicbots/CVE-2021-31761"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/163559/Webmin-1.973-Cross-Site-Request-Forgery.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-31761",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Webmin 1.973 is affected by reflected Cross Site Scripting (XSS) to achieve Remote Command Execution through Webmin\u0027s running process feature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/webmin/webmin",
"refsource": "MISC",
"url": "https://github.com/webmin/webmin"
},
{
"name": "https://youtu.be/23VvUMu-28c",
"refsource": "MISC",
"url": "https://youtu.be/23VvUMu-28c"
},
{
"name": "https://github.com/Mesh3l911/CVE-2021-31761",
"refsource": "MISC",
"url": "https://github.com/Mesh3l911/CVE-2021-31761"
},
{
"name": "https://github.com/electronicbots/CVE-2021-31761",
"refsource": "MISC",
"url": "https://github.com/electronicbots/CVE-2021-31761"
},
{
"name": "http://packetstormsecurity.com/files/163559/Webmin-1.973-Cross-Site-Request-Forgery.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/163559/Webmin-1.973-Cross-Site-Request-Forgery.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-31761",
"datePublished": "2021-04-25T18:30:40",
"dateReserved": "2021-04-23T00:00:00",
"dateUpdated": "2024-08-03T23:03:33.750Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-31760 (GCVE-0-2021-31760)
Vulnerability from cvelistv5
Published
2021-04-25 18:28
Modified
2024-08-03 23:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to achieve Remote Command Execution (RCE) through Webmin's running process feature.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:03:33.851Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/webmin/webmin"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://youtu.be/D45FN8QrzDo"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/electronicbots/CVE-2021-31760"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Mesh3l911/CVE-2021-31760"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to achieve Remote Command Execution (RCE) through Webmin\u0027s running process feature."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-25T18:28:33",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/webmin/webmin"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://youtu.be/D45FN8QrzDo"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/electronicbots/CVE-2021-31760"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Mesh3l911/CVE-2021-31760"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-31760",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to achieve Remote Command Execution (RCE) through Webmin\u0027s running process feature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/webmin/webmin",
"refsource": "MISC",
"url": "https://github.com/webmin/webmin"
},
{
"name": "https://youtu.be/D45FN8QrzDo",
"refsource": "MISC",
"url": "https://youtu.be/D45FN8QrzDo"
},
{
"name": "https://github.com/electronicbots/CVE-2021-31760",
"refsource": "MISC",
"url": "https://github.com/electronicbots/CVE-2021-31760"
},
{
"name": "https://github.com/Mesh3l911/CVE-2021-31760",
"refsource": "MISC",
"url": "https://github.com/Mesh3l911/CVE-2021-31760"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-31760",
"datePublished": "2021-04-25T18:28:33",
"dateReserved": "2021-04-23T00:00:00",
"dateUpdated": "2024-08-03T23:03:33.851Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38310 (GCVE-0-2023-38310)
Vulnerability from cvelistv5
Published
2023-07-31 00:00
Modified
2024-10-22 17:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the configuration settings of the system logs functionality. The vulnerability allows an attacker to store an XSS payload in the configuration settings of specific log files. This results in the execution of that payload whenever the affected log files are accessed.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:39:12.615Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://webmin.com/tags/webmin-changelog/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38310"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38310",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T17:48:43.034415Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T17:48:55.099Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the configuration settings of the system logs functionality. The vulnerability allows an attacker to store an XSS payload in the configuration settings of specific log files. This results in the execution of that payload whenever the affected log files are accessed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-31T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://webmin.com/tags/webmin-changelog/"
},
{
"url": "https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38310"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-38310",
"datePublished": "2023-07-31T00:00:00",
"dateReserved": "2023-07-14T00:00:00",
"dateUpdated": "2024-10-22T17:48:55.099Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38305 (GCVE-0-2023-38305)
Vulnerability from cvelistv5
Published
2023-07-31 00:00
Modified
2024-10-22 17:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Webmin 2.021. The download functionality allows an attacker to exploit a Cross-Site Scripting (XSS) vulnerability. By providing a crafted download path containing a malicious payload, an attacker can inject arbitrary code, which is then executed within the context of the victim's browser when the download link is accessed.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:39:13.450Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://webmin.com/tags/webmin-changelog/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38305"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38305",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T17:57:24.792491Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T17:57:31.188Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Webmin 2.021. The download functionality allows an attacker to exploit a Cross-Site Scripting (XSS) vulnerability. By providing a crafted download path containing a malicious payload, an attacker can inject arbitrary code, which is then executed within the context of the victim\u0027s browser when the download link is accessed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-31T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://webmin.com/tags/webmin-changelog/"
},
{
"url": "https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38305"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-38305",
"datePublished": "2023-07-31T00:00:00",
"dateReserved": "2023-07-14T00:00:00",
"dateUpdated": "2024-10-22T17:57:31.188Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-41163 (GCVE-0-2023-41163)
Vulnerability from cvelistv5
Published
2023-08-30 00:00
Modified
2024-10-01 19:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A Reflected Cross-site scripting (XSS) vulnerability in the file manager tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the replace in results field while replacing the results under the tools drop down.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:54:04.351Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://webmin.com/tags/webmin-changelog/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/shindeanik/Usermin-2.000/blob/main/CVE-2023-41163"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41163",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-01T19:56:08.644439Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-01T19:56:18.044Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Reflected Cross-site scripting (XSS) vulnerability in the file manager tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the replace in results field while replacing the results under the tools drop down."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-31T22:05:27.878365",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://webmin.com/tags/webmin-changelog/"
},
{
"url": "https://github.com/shindeanik/Usermin-2.000/blob/main/CVE-2023-41163"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-41163",
"datePublished": "2023-08-30T00:00:00",
"dateReserved": "2023-08-24T00:00:00",
"dateUpdated": "2024-10-01T19:56:18.044Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32161 (GCVE-0-2021-32161)
Vulnerability from cvelistv5
Published
2022-04-11 05:45
Modified
2024-08-03 23:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 through the File Manager feature.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:17:29.102Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Mesh3l911/CVE-2021-32161"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 through the File Manager feature."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-11T05:45:24",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Mesh3l911/CVE-2021-32161"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-32161",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 through the File Manager feature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Mesh3l911/CVE-2021-32161",
"refsource": "MISC",
"url": "https://github.com/Mesh3l911/CVE-2021-32161"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-32161",
"datePublished": "2022-04-11T05:45:24",
"dateReserved": "2021-05-07T00:00:00",
"dateUpdated": "2024-08-03T23:17:29.102Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15644 (GCVE-0-2017-15644)
Vulnerability from cvelistv5
Published
2017-10-19 22:00
Modified
2024-09-16 20:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SSRF exists in Webmin 1.850 via the PATH_INFO to tunnel/link.cgi, as demonstrated by a GET request for tunnel/link.cgi/http://INTRANET-IP:8000.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:57:27.509Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.webmin.com/security.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/webmin/webmin/commit/0c58892732ee7610a7abba5507614366d382c9c9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blogs.securiteam.com/index.php/archives/3430"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.webmin.com/changes.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SSRF exists in Webmin 1.850 via the PATH_INFO to tunnel/link.cgi, as demonstrated by a GET request for tunnel/link.cgi/http://INTRANET-IP:8000."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-19T22:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.webmin.com/security.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/webmin/webmin/commit/0c58892732ee7610a7abba5507614366d382c9c9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blogs.securiteam.com/index.php/archives/3430"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.webmin.com/changes.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15644",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SSRF exists in Webmin 1.850 via the PATH_INFO to tunnel/link.cgi, as demonstrated by a GET request for tunnel/link.cgi/http://INTRANET-IP:8000."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.webmin.com/security.html",
"refsource": "MISC",
"url": "http://www.webmin.com/security.html"
},
{
"name": "https://github.com/webmin/webmin/commit/0c58892732ee7610a7abba5507614366d382c9c9",
"refsource": "MISC",
"url": "https://github.com/webmin/webmin/commit/0c58892732ee7610a7abba5507614366d382c9c9"
},
{
"name": "https://blogs.securiteam.com/index.php/archives/3430",
"refsource": "MISC",
"url": "https://blogs.securiteam.com/index.php/archives/3430"
},
{
"name": "http://www.webmin.com/changes.html",
"refsource": "MISC",
"url": "http://www.webmin.com/changes.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15644",
"datePublished": "2017-10-19T22:00:00Z",
"dateReserved": "2017-10-19T00:00:00Z",
"dateUpdated": "2024-09-16T20:07:05.121Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52046 (GCVE-0-2023-52046)
Vulnerability from cvelistv5
Published
2024-01-25 00:00
Modified
2025-05-30 14:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross Site Scripting vulnerability (XSS) in webmin v.2.105 and earlier allows a remote attacker to execute arbitrary code via a crafted payload to the "Execute cron job as" tab Input field.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:48:12.150Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Acklee/webadmin_xss/blob/main/xss.md"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-52046",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T17:24:18.677066Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-30T14:15:54.257Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability (XSS) in webmin v.2.105 and earlier allows a remote attacker to execute arbitrary code via a crafted payload to the \"Execute cron job as\" tab Input field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-25T20:41:07.313Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Acklee/webadmin_xss/blob/main/xss.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-52046",
"datePublished": "2024-01-25T00:00:00.000Z",
"dateReserved": "2023-12-26T00:00:00.000Z",
"dateUpdated": "2025-05-30T14:15:54.257Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-0101 (GCVE-0-2003-0101)
Vulnerability from cvelistv5
Published
2003-02-26 05:00
Modified
2024-08-08 01:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
miniserv.pl in (1) Webmin before 1.070 and (2) Usermin before 1.000 does not properly handle metacharacters such as line feeds and carriage returns (CRLF) in Base-64 encoded strings during Basic authentication, which allows remote attackers to spoof a session ID and gain root privileges.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:43:35.586Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-319",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2003/dsa-319"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.linuxsecurity.com/advisories/gentoo_advisory-2886.html"
},
{
"name": "20030224 GLSA: usermin (200302-14)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104610336226274\u0026w=2"
},
{
"name": "N-058",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC",
"x_transferred"
],
"url": "http://www.ciac.org/ciac/bulletins/n-058.shtml"
},
{
"name": "8163",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/8163"
},
{
"name": "MDKSA-2003:025",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:025"
},
{
"name": "HPSBUX0303-250",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/hp/2003-q1/0063.html"
},
{
"name": "8115",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/8115"
},
{
"name": "1006160",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1006160"
},
{
"name": "20030224 [SNS Advisory No.62] Webmin/Usermin Session ID Spoofing Vulnerability \"Episode 2\"",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104610300325629\u0026w=2"
},
{
"name": "ESA-20030225-006",
"tags": [
"vendor-advisory",
"x_refsource_ENGARDE",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/linux/engarde/2003-q1/0008.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://marc.info/?l=webmin-announce\u0026m=104587858408101\u0026w=2"
},
{
"name": "20030224 Webmin 1.050 - 1.060 remote exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104610245624895\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.lac.co.jp/security/english/snsadv_e/62_e.html"
},
{
"name": "20030602-01-I",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20030602-01-I"
},
{
"name": "webmin-usermin-root-access(11390)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/11390.php"
},
{
"name": "6915",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6915"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-02-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "miniserv.pl in (1) Webmin before 1.070 and (2) Usermin before 1.000 does not properly handle metacharacters such as line feeds and carriage returns (CRLF) in Base-64 encoded strings during Basic authentication, which allows remote attackers to spoof a session ID and gain root privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-319",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2003/dsa-319"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.linuxsecurity.com/advisories/gentoo_advisory-2886.html"
},
{
"name": "20030224 GLSA: usermin (200302-14)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104610336226274\u0026w=2"
},
{
"name": "N-058",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC"
],
"url": "http://www.ciac.org/ciac/bulletins/n-058.shtml"
},
{
"name": "8163",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/8163"
},
{
"name": "MDKSA-2003:025",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:025"
},
{
"name": "HPSBUX0303-250",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://archives.neohapsis.com/archives/hp/2003-q1/0063.html"
},
{
"name": "8115",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/8115"
},
{
"name": "1006160",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1006160"
},
{
"name": "20030224 [SNS Advisory No.62] Webmin/Usermin Session ID Spoofing Vulnerability \"Episode 2\"",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104610300325629\u0026w=2"
},
{
"name": "ESA-20030225-006",
"tags": [
"vendor-advisory",
"x_refsource_ENGARDE"
],
"url": "http://archives.neohapsis.com/archives/linux/engarde/2003-q1/0008.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://marc.info/?l=webmin-announce\u0026m=104587858408101\u0026w=2"
},
{
"name": "20030224 Webmin 1.050 - 1.060 remote exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104610245624895\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.lac.co.jp/security/english/snsadv_e/62_e.html"
},
{
"name": "20030602-01-I",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20030602-01-I"
},
{
"name": "webmin-usermin-root-access(11390)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/11390.php"
},
{
"name": "6915",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6915"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0101",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "miniserv.pl in (1) Webmin before 1.070 and (2) Usermin before 1.000 does not properly handle metacharacters such as line feeds and carriage returns (CRLF) in Base-64 encoded strings during Basic authentication, which allows remote attackers to spoof a session ID and gain root privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-319",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2003/dsa-319"
},
{
"name": "http://www.linuxsecurity.com/advisories/gentoo_advisory-2886.html",
"refsource": "CONFIRM",
"url": "http://www.linuxsecurity.com/advisories/gentoo_advisory-2886.html"
},
{
"name": "20030224 GLSA: usermin (200302-14)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=104610336226274\u0026w=2"
},
{
"name": "N-058",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/n-058.shtml"
},
{
"name": "8163",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/8163"
},
{
"name": "MDKSA-2003:025",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:025"
},
{
"name": "HPSBUX0303-250",
"refsource": "HP",
"url": "http://archives.neohapsis.com/archives/hp/2003-q1/0063.html"
},
{
"name": "8115",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/8115"
},
{
"name": "1006160",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1006160"
},
{
"name": "20030224 [SNS Advisory No.62] Webmin/Usermin Session ID Spoofing Vulnerability \"Episode 2\"",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=104610300325629\u0026w=2"
},
{
"name": "ESA-20030225-006",
"refsource": "ENGARDE",
"url": "http://archives.neohapsis.com/archives/linux/engarde/2003-q1/0008.html"
},
{
"name": "http://marc.info/?l=webmin-announce\u0026m=104587858408101\u0026w=2",
"refsource": "CONFIRM",
"url": "http://marc.info/?l=webmin-announce\u0026m=104587858408101\u0026w=2"
},
{
"name": "20030224 Webmin 1.050 - 1.060 remote exploit",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=104610245624895\u0026w=2"
},
{
"name": "http://www.lac.co.jp/security/english/snsadv_e/62_e.html",
"refsource": "MISC",
"url": "http://www.lac.co.jp/security/english/snsadv_e/62_e.html"
},
{
"name": "20030602-01-I",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20030602-01-I"
},
{
"name": "webmin-usermin-root-access(11390)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/11390.php"
},
{
"name": "6915",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6915"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0101",
"datePublished": "2003-02-26T05:00:00",
"dateReserved": "2003-02-24T00:00:00",
"dateUpdated": "2024-08-08T01:43:35.586Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-12840 (GCVE-0-2019-12840)
Vulnerability from cvelistv5
Published
2019-06-15 19:52
Modified
2024-08-04 23:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Webmin through 1.910, any user authorized to the "Package Updates" module can execute arbitrary commands with root privileges via the data parameter to update.cgi.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:32:55.415Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/46984"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pentest.com.tr/exploits/Webmin-1910-Package-Updates-Remote-Command-Execution.html"
},
{
"name": "108790",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108790"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/153372/Webmin-1.910-Remote-Command-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Webmin through 1.910, any user authorized to the \"Package Updates\" module can execute arbitrary commands with root privileges via the data parameter to update.cgi."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-20T20:06:05",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.exploit-db.com/exploits/46984"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pentest.com.tr/exploits/Webmin-1910-Package-Updates-Remote-Command-Execution.html"
},
{
"name": "108790",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108790"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/153372/Webmin-1.910-Remote-Command-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12840",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Webmin through 1.910, any user authorized to the \"Package Updates\" module can execute arbitrary commands with root privileges via the data parameter to update.cgi."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.exploit-db.com/exploits/46984",
"refsource": "MISC",
"url": "https://www.exploit-db.com/exploits/46984"
},
{
"name": "https://pentest.com.tr/exploits/Webmin-1910-Package-Updates-Remote-Command-Execution.html",
"refsource": "MISC",
"url": "https://pentest.com.tr/exploits/Webmin-1910-Package-Updates-Remote-Command-Execution.html"
},
{
"name": "108790",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108790"
},
{
"name": "http://packetstormsecurity.com/files/153372/Webmin-1.910-Remote-Command-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/153372/Webmin-1.910-Remote-Command-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12840",
"datePublished": "2019-06-15T19:52:10",
"dateReserved": "2019-06-15T00:00:00",
"dateUpdated": "2024-08-04T23:32:55.415Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-9313 (GCVE-0-2017-9313)
Vulnerability from cvelistv5
Published
2017-07-04 02:00
Modified
2024-08-05 17:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple Cross-site scripting (XSS) vulnerabilities in Webmin before 1.850 allow remote attackers to inject arbitrary web script or HTML via the sec parameter to view_man.cgi, the referers parameter to change_referers.cgi, or the name parameter to save_user.cgi. NOTE: these issues were not fixed in 1.840.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:02:44.374Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/webmin/webmin/commit/a330e913ee099cb9c586ce1b9267647fc566c1ab"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2017/Jul/3"
},
{
"name": "1038814",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038814"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/webmin/webmin/commit/c2d4a90639afb2403979aa91ba75cb332ae16d1b"
},
{
"name": "99373",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99373"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.webmin.com/changes.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple Cross-site scripting (XSS) vulnerabilities in Webmin before 1.850 allow remote attackers to inject arbitrary web script or HTML via the sec parameter to view_man.cgi, the referers parameter to change_referers.cgi, or the name parameter to save_user.cgi. NOTE: these issues were not fixed in 1.840."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-06T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/webmin/webmin/commit/a330e913ee099cb9c586ce1b9267647fc566c1ab"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/bugtraq/2017/Jul/3"
},
{
"name": "1038814",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038814"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/webmin/webmin/commit/c2d4a90639afb2403979aa91ba75cb332ae16d1b"
},
{
"name": "99373",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99373"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.webmin.com/changes.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9313",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple Cross-site scripting (XSS) vulnerabilities in Webmin before 1.850 allow remote attackers to inject arbitrary web script or HTML via the sec parameter to view_man.cgi, the referers parameter to change_referers.cgi, or the name parameter to save_user.cgi. NOTE: these issues were not fixed in 1.840."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/webmin/webmin/commit/a330e913ee099cb9c586ce1b9267647fc566c1ab",
"refsource": "MISC",
"url": "https://github.com/webmin/webmin/commit/a330e913ee099cb9c586ce1b9267647fc566c1ab"
},
{
"name": "http://seclists.org/bugtraq/2017/Jul/3",
"refsource": "MISC",
"url": "http://seclists.org/bugtraq/2017/Jul/3"
},
{
"name": "1038814",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038814"
},
{
"name": "https://github.com/webmin/webmin/commit/c2d4a90639afb2403979aa91ba75cb332ae16d1b",
"refsource": "MISC",
"url": "https://github.com/webmin/webmin/commit/c2d4a90639afb2403979aa91ba75cb332ae16d1b"
},
{
"name": "99373",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99373"
},
{
"name": "http://www.webmin.com/changes.html",
"refsource": "MISC",
"url": "http://www.webmin.com/changes.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9313",
"datePublished": "2017-07-04T02:00:00",
"dateReserved": "2017-05-30T00:00:00",
"dateUpdated": "2024-08-05T17:02:44.374Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3886 (GCVE-0-2014-3886)
Vulnerability from cvelistv5
Published
2014-07-20 10:00
Modified
2024-08-06 10:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in Webmin before 1.690, when referrer checking is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2014-3924.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:57:17.936Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#02213197",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN02213197/index.html"
},
{
"name": "JVNDB-2014-000060",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000060"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Webmin before 1.690, when referrer checking is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2014-3924."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-07-20T06:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#02213197",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN02213197/index.html"
},
{
"name": "JVNDB-2014-000060",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000060"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2014-3886",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Webmin before 1.690, when referrer checking is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2014-3924."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#02213197",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN02213197/index.html"
},
{
"name": "JVNDB-2014-000060",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000060"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2014-3886",
"datePublished": "2014-07-20T10:00:00",
"dateReserved": "2014-05-27T00:00:00",
"dateUpdated": "2024-08-06T10:57:17.936Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-1196 (GCVE-0-2001-1196)
Vulnerability from cvelistv5
Published
2002-03-15 05:00
Modified
2024-08-08 04:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Directory traversal vulnerability in edit_action.cgi of Webmin Directory 0.91 allows attackers to gain privileges via a '..' (dot dot) in the argument.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:44:08.283Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "webmin-dot-directory-traversal(7711)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/7711.php"
},
{
"name": "20011217 webmin 0.91 ../.. problem",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/245980"
},
{
"name": "3698",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3698"
},
{
"name": "20011218 Re: webmin 0.91 ../.. problem",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=webmin-l\u0026m=100865390306103\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-12-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in edit_action.cgi of Webmin Directory 0.91 allows attackers to gain privileges via a \u0027..\u0027 (dot dot) in the argument."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "webmin-dot-directory-traversal(7711)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/7711.php"
},
{
"name": "20011217 webmin 0.91 ../.. problem",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/245980"
},
{
"name": "3698",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3698"
},
{
"name": "20011218 Re: webmin 0.91 ../.. problem",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=webmin-l\u0026m=100865390306103\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1196",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in edit_action.cgi of Webmin Directory 0.91 allows attackers to gain privileges via a \u0027..\u0027 (dot dot) in the argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "webmin-dot-directory-traversal(7711)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/7711.php"
},
{
"name": "20011217 webmin 0.91 ../.. problem",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/245980"
},
{
"name": "3698",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3698"
},
{
"name": "20011218 Re: webmin 0.91 ../.. problem",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=webmin-l\u0026m=100865390306103\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1196",
"datePublished": "2002-03-15T05:00:00",
"dateReserved": "2002-03-15T00:00:00",
"dateUpdated": "2024-08-08T04:44:08.283Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32162 (GCVE-0-2021-32162)
Vulnerability from cvelistv5
Published
2022-04-11 05:46
Modified
2024-08-03 23:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A Cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 through the File Manager feature.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:17:29.375Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Mesh3l911/CVE-2021-32162"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 through the File Manager feature."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-11T05:46:44",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Mesh3l911/CVE-2021-32162"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-32162",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 through the File Manager feature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Mesh3l911/CVE-2021-32162",
"refsource": "MISC",
"url": "https://github.com/Mesh3l911/CVE-2021-32162"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-32162",
"datePublished": "2022-04-11T05:46:44",
"dateReserved": "2021-05-07T00:00:00",
"dateUpdated": "2024-08-03T23:17:29.375Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5066 (GCVE-0-2007-5066)
Vulnerability from cvelistv5
Published
2007-09-24 23:00
Modified
2024-08-07 15:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in Webmin before 1.370 on Windows allows remote authenticated users to execute arbitrary commands via a crafted URL.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:17:28.101Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.webmin.com/security.html"
},
{
"name": "webmin-url-command-execution(36759)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36759"
},
{
"name": "ADV-2007-3243",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3243"
},
{
"name": "40772",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/40772"
},
{
"name": "26885",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26885"
},
{
"name": "25773",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25773"
},
{
"name": "1018731",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018731"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-09-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Webmin before 1.370 on Windows allows remote authenticated users to execute arbitrary commands via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.webmin.com/security.html"
},
{
"name": "webmin-url-command-execution(36759)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36759"
},
{
"name": "ADV-2007-3243",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3243"
},
{
"name": "40772",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/40772"
},
{
"name": "26885",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26885"
},
{
"name": "25773",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25773"
},
{
"name": "1018731",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018731"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5066",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Webmin before 1.370 on Windows allows remote authenticated users to execute arbitrary commands via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.webmin.com/security.html",
"refsource": "CONFIRM",
"url": "http://www.webmin.com/security.html"
},
{
"name": "webmin-url-command-execution(36759)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36759"
},
{
"name": "ADV-2007-3243",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3243"
},
{
"name": "40772",
"refsource": "OSVDB",
"url": "http://osvdb.org/40772"
},
{
"name": "26885",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26885"
},
{
"name": "25773",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25773"
},
{
"name": "1018731",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018731"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5066",
"datePublished": "2007-09-24T23:00:00",
"dateReserved": "2007-09-24T00:00:00",
"dateUpdated": "2024-08-07T15:17:28.101Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-40984 (GCVE-0-2023-40984)
Vulnerability from cvelistv5
Published
2023-09-15 00:00
Modified
2024-09-25 15:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Replace in Results file.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:46:11.490Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://webmin.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Vi39/Webmin-2.100/blob/main/CVE-2023-40984"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40984",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T15:37:38.309801Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T15:38:02.147Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Replace in Results file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-15T00:46:32.383216",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://webmin.com"
},
{
"url": "https://github.com/Vi39/Webmin-2.100/blob/main/CVE-2023-40984"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-40984",
"datePublished": "2023-09-15T00:00:00",
"dateReserved": "2023-08-22T00:00:00",
"dateUpdated": "2024-09-25T15:38:02.147Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-40986 (GCVE-0-2023-40986)
Vulnerability from cvelistv5
Published
2023-09-15 00:00
Modified
2024-09-25 15:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A stored cross-site scripting (XSS) vulnerability in the Usermin Configuration function of Webmin v2.100 allows attackers to execute arbitrary web sripts or HTML via a crafted payload injected into the Custom field.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:46:11.273Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://webmin.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Vi39/Webmin-2.100/blob/main/CVE-2023-40986"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40986",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T15:34:21.045135Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T15:34:38.856Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting (XSS) vulnerability in the Usermin Configuration function of Webmin v2.100 allows attackers to execute arbitrary web sripts or HTML via a crafted payload injected into the Custom field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-15T00:23:09.645281",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://webmin.com"
},
{
"url": "https://github.com/Vi39/Webmin-2.100/blob/main/CVE-2023-40986"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-40986",
"datePublished": "2023-09-15T00:00:00",
"dateReserved": "2023-08-22T00:00:00",
"dateUpdated": "2024-09-25T15:34:38.856Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-36880 (GCVE-0-2022-36880)
Vulnerability from cvelistv5
Published
2022-07-27 03:32
Modified
2024-08-03 10:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Read Mail module in Webmin 1.995 and Usermin through 1.850 allows XSS via a crafted HTML e-mail message.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:14:29.054Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.webmin.com/security.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Read Mail module in Webmin 1.995 and Usermin through 1.850 allows XSS via a crafted HTML e-mail message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-27T03:32:30",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.webmin.com/security.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36880",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Read Mail module in Webmin 1.995 and Usermin through 1.850 allows XSS via a crafted HTML e-mail message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.webmin.com/security.html",
"refsource": "MISC",
"url": "https://www.webmin.com/security.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36880",
"datePublished": "2022-07-27T03:32:30",
"dateReserved": "2022-07-27T00:00:00",
"dateUpdated": "2024-08-03T10:14:29.054Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-1074 (GCVE-0-2001-1074)
Vulnerability from cvelistv5
Published
2002-06-25 04:00
Modified
2024-08-08 04:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Webmin 0.84 and earlier does not properly clear the HTTP_AUTHORIZATION environment variable when the web server is restarted, which makes authentication information available to all CGI programs and allows local users to gain privileges.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:44:07.505Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "2795",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/2795"
},
{
"name": "20010526 Webmin Doesn\u0027t Clean Env (root exploit)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-05/0262.html"
},
{
"name": "webmin-gain-information(6627)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6627"
},
{
"name": "CSSA-2001-019.1",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2001-019.1.txt"
},
{
"name": "MDKSA-2001:059",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-059.php3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-05-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Webmin 0.84 and earlier does not properly clear the HTTP_AUTHORIZATION environment variable when the web server is restarted, which makes authentication information available to all CGI programs and allows local users to gain privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-02-06T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "2795",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/2795"
},
{
"name": "20010526 Webmin Doesn\u0027t Clean Env (root exploit)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-05/0262.html"
},
{
"name": "webmin-gain-information(6627)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6627"
},
{
"name": "CSSA-2001-019.1",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2001-019.1.txt"
},
{
"name": "MDKSA-2001:059",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-059.php3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1074",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Webmin 0.84 and earlier does not properly clear the HTTP_AUTHORIZATION environment variable when the web server is restarted, which makes authentication information available to all CGI programs and allows local users to gain privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "2795",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2795"
},
{
"name": "20010526 Webmin Doesn\u0027t Clean Env (root exploit)",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-05/0262.html"
},
{
"name": "webmin-gain-information(6627)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6627"
},
{
"name": "CSSA-2001-019.1",
"refsource": "CALDERA",
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2001-019.1.txt"
},
{
"name": "MDKSA-2001:059",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-059.php3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1074",
"datePublished": "2002-06-25T04:00:00",
"dateReserved": "2002-01-31T00:00:00",
"dateUpdated": "2024-08-08T04:44:07.505Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3844 (GCVE-0-2022-3844)
Vulnerability from cvelistv5
Published
2022-11-02 00:00
Modified
2024-08-03 01:20
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
VLAI Severity ?
EPSS score ?
CWE
- CWE-80 - Basic Cross Site Scripting
Summary
A vulnerability, which was classified as problematic, was found in Webmin 2.001. Affected is an unknown function of the file xterm/index.cgi. The manipulation leads to basic cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.003 is able to address this issue. The patch is identified as d3d33af3c0c3fd3a889c84e287a038b7a457d811. It is recommended to upgrade the affected component. VDB-212862 is the identifier assigned to this vulnerability.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3844",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-18T18:29:08.700113Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-18T18:29:15.421Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:20:59.104Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.212862"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.212862"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/webmin/webmin/commit/d3d33af3c0c3fd3a889c84e287a038b7a457d811"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/webmin/webmin/releases/tag/2.003"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Webmin",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2.001"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "tool",
"value": "VulDB GitHub Commit Analyzer"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in Webmin 2.001. Affected is an unknown function of the file xterm/index.cgi. The manipulation leads to basic cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.003 is able to address this issue. The patch is identified as d3d33af3c0c3fd3a889c84e287a038b7a457d811. It is recommended to upgrade the affected component. VDB-212862 is the identifier assigned to this vulnerability."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in Webmin 2.001 gefunden. Sie wurde als problematisch eingestuft. Es geht dabei um eine nicht klar definierte Funktion der Datei xterm/index.cgi. Dank Manipulation mit unbekannten Daten kann eine basic cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Ein Aktualisieren auf die Version 2.003 vermag dieses Problem zu l\u00f6sen. Der Patch wird als d3d33af3c0c3fd3a889c84e287a038b7a457d811 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80 Basic Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-20T14:05:09.047Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.212862"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.212862"
},
{
"tags": [
"patch"
],
"url": "https://github.com/webmin/webmin/commit/d3d33af3c0c3fd3a889c84e287a038b7a457d811"
},
{
"tags": [
"patch"
],
"url": "https://github.com/webmin/webmin/releases/tag/2.003"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-11-02T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2022-11-02T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2022-11-02T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-01-26T15:32:36.000Z",
"value": "VulDB entry last update"
}
],
"title": "Webmin index.cgi cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2022-3844",
"datePublished": "2022-11-02T00:00:00",
"dateReserved": "2022-11-02T00:00:00",
"dateUpdated": "2024-08-03T01:20:59.104Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36453 (GCVE-0-2024-36453)
Vulnerability from cvelistv5
Published
2024-07-10 07:02
Modified
2024-11-06 21:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-site scripting (XSS)
Summary
Cross-site scripting vulnerability exists in session_login.cgi of Webmin versions prior to 1.970 and Usermin versions prior to 1.820. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product. As a result, a webpage may be altered or sensitive information such as a credential may be disclosed.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-36453",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-10T14:03:38.998862Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T21:34:36.873Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:37:05.102Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://webmin.com/"
},
{
"tags": [
"x_transferred"
],
"url": "https://webmin.com/usermin/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN81442045/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Webmin",
"vendor": "Webmin",
"versions": [
{
"status": "affected",
"version": "versions prior to 1.970"
}
]
},
{
"product": "Usermin",
"vendor": "Webmin",
"versions": [
{
"status": "affected",
"version": "versions prior to 1.820"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability exists in session_login.cgi of Webmin versions prior to 1.970 and Usermin versions prior to 1.820. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product. As a result, a webpage may be altered or sensitive information such as a credential may be disclosed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T07:02:17.776Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://webmin.com/"
},
{
"url": "https://webmin.com/usermin/"
},
{
"url": "https://jvn.jp/en/jp/JVN81442045/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-36453",
"datePublished": "2024-07-10T07:02:17.776Z",
"dateReserved": "2024-05-28T05:38:38.739Z",
"dateUpdated": "2024-11-06T21:34:36.873Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-40983 (GCVE-0-2023-40983)
Vulnerability from cvelistv5
Published
2023-09-15 00:00
Modified
2024-09-25 15:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Find in Results file.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:46:11.526Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://webmin.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Vi39/Webmin-2.100/blob/main/CVE-2023-40983"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40983",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T15:44:01.053063Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T15:44:40.955Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Find in Results file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-15T03:30:25.027954",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://webmin.com"
},
{
"url": "https://github.com/Vi39/Webmin-2.100/blob/main/CVE-2023-40983"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-40983",
"datePublished": "2023-09-15T00:00:00",
"dateReserved": "2023-08-22T00:00:00",
"dateUpdated": "2024-09-25T15:44:40.955Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0829 (GCVE-0-2022-0829)
Vulnerability from cvelistv5
Published
2022-03-02 12:10
Modified
2024-08-02 23:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-285 - Improper Authorization
Summary
Improper Authorization in GitHub repository webmin/webmin prior to 1.990.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| webmin | webmin/webmin |
Version: unspecified < 1.990 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:40:04.449Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/f2d0389f-d7d1-4f34-9f9d-268b0a0da05e"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/webmin/webmin/commit/eeeea3c097f5cc473770119f7ac61f1dcfa671b9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://notes.netbytesec.com/2022/03/webmin-broken-access-control-to-post-auth-rce.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "webmin/webmin",
"vendor": "webmin",
"versions": [
{
"lessThan": "1.990",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Authorization in GitHub repository webmin/webmin prior to 1.990."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285 Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-04T10:05:12",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/f2d0389f-d7d1-4f34-9f9d-268b0a0da05e"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/webmin/webmin/commit/eeeea3c097f5cc473770119f7ac61f1dcfa671b9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://notes.netbytesec.com/2022/03/webmin-broken-access-control-to-post-auth-rce.html"
}
],
"source": {
"advisory": "f2d0389f-d7d1-4f34-9f9d-268b0a0da05e",
"discovery": "EXTERNAL"
},
"title": "Improper Authorization in webmin/webmin",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0829",
"STATE": "PUBLIC",
"TITLE": "Improper Authorization in webmin/webmin"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "webmin/webmin",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.990"
}
]
}
}
]
},
"vendor_name": "webmin"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Authorization in GitHub repository webmin/webmin prior to 1.990."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285 Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/f2d0389f-d7d1-4f34-9f9d-268b0a0da05e",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/f2d0389f-d7d1-4f34-9f9d-268b0a0da05e"
},
{
"name": "https://github.com/webmin/webmin/commit/eeeea3c097f5cc473770119f7ac61f1dcfa671b9",
"refsource": "MISC",
"url": "https://github.com/webmin/webmin/commit/eeeea3c097f5cc473770119f7ac61f1dcfa671b9"
},
{
"name": "https://notes.netbytesec.com/2022/03/webmin-broken-access-control-to-post-auth-rce.html",
"refsource": "MISC",
"url": "https://notes.netbytesec.com/2022/03/webmin-broken-access-control-to-post-auth-rce.html"
}
]
},
"source": {
"advisory": "f2d0389f-d7d1-4f34-9f9d-268b0a0da05e",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0829",
"datePublished": "2022-03-02T12:10:12",
"dateReserved": "2022-03-02T00:00:00",
"dateUpdated": "2024-08-02T23:40:04.449Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-35606 (GCVE-0-2020-35606)
Vulnerability from cvelistv5
Published
2020-12-21 19:19
Modified
2024-08-04 17:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Arbitrary command execution can occur in Webmin through 1.962. Any user authorized for the Package Updates module can execute arbitrary commands with root privileges via vectors involving %0A and %0C. NOTE: this issue exists because of an incomplete fix for CVE-2019-12840.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:09:14.502Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.pentest.com.tr/exploits/Webmin-1962-PU-Escape-Bypass-Remote-Command-Execution.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.webmin.com/download.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/160676/Webmin-1.962-Remote-Command-Execution.html"
},
{
"name": "49318",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/49318"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Arbitrary command execution can occur in Webmin through 1.962. Any user authorized for the Package Updates module can execute arbitrary commands with root privileges via vectors involving %0A and %0C. NOTE: this issue exists because of an incomplete fix for CVE-2019-12840."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-28T20:30:13",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.pentest.com.tr/exploits/Webmin-1962-PU-Escape-Bypass-Remote-Command-Execution.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.webmin.com/download.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/160676/Webmin-1.962-Remote-Command-Execution.html"
},
{
"name": "49318",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/49318"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-35606",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Arbitrary command execution can occur in Webmin through 1.962. Any user authorized for the Package Updates module can execute arbitrary commands with root privileges via vectors involving %0A and %0C. NOTE: this issue exists because of an incomplete fix for CVE-2019-12840."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.pentest.com.tr/exploits/Webmin-1962-PU-Escape-Bypass-Remote-Command-Execution.html",
"refsource": "MISC",
"url": "https://www.pentest.com.tr/exploits/Webmin-1962-PU-Escape-Bypass-Remote-Command-Execution.html"
},
{
"name": "https://www.webmin.com/download.html",
"refsource": "MISC",
"url": "https://www.webmin.com/download.html"
},
{
"name": "http://packetstormsecurity.com/files/160676/Webmin-1.962-Remote-Command-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/160676/Webmin-1.962-Remote-Command-Execution.html"
},
{
"name": "49318",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/49318"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35606",
"datePublished": "2020-12-21T19:19:17",
"dateReserved": "2020-12-21T00:00:00",
"dateUpdated": "2024-08-04T17:09:14.502Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15107 (GCVE-0-2019-15107)
Vulnerability from cvelistv5
Published
2019-08-16 02:44
Modified
2025-07-30 01:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnerability.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:34:53.279Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.webmin.com/security.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/47230"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.pentest.com.tr/exploits/DEFCON-Webmin-1920-Unauthenticated-Remote-Command-Execution.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/154141/Webmin-Remote-Comman-Execution.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/154141/Webmin-1.920-Remote-Command-Execution.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/154197/Webmin-1.920-password_change.cgi-Backdoor.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/154485/Webmin-1.920-Remote-Code-Execution.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://attackerkb.com/topics/hxx3zmiCkR/webmin-password-change-cgi-command-injection"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2019-15107",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T20:34:32.075172Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2022-03-25",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-15107"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T01:45:57.811Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"timeline": [
{
"lang": "en",
"time": "2022-03-25T00:00:00+00:00",
"value": "CVE-2019-15107 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Webmin \u003c=1.920. The parameter old in password_change.cgi contains a command injection vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-27T20:41:21.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.webmin.com/security.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.exploit-db.com/exploits/47230"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.pentest.com.tr/exploits/DEFCON-Webmin-1920-Unauthenticated-Remote-Command-Execution.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/154141/Webmin-Remote-Comman-Execution.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/154141/Webmin-1.920-Remote-Command-Execution.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/154197/Webmin-1.920-password_change.cgi-Backdoor.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/154485/Webmin-1.920-Remote-Code-Execution.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://attackerkb.com/topics/hxx3zmiCkR/webmin-password-change-cgi-command-injection"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15107",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Webmin \u003c=1.920. The parameter old in password_change.cgi contains a command injection vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.webmin.com/security.html",
"refsource": "MISC",
"url": "http://www.webmin.com/security.html"
},
{
"name": "https://www.exploit-db.com/exploits/47230",
"refsource": "MISC",
"url": "https://www.exploit-db.com/exploits/47230"
},
{
"name": "http://www.pentest.com.tr/exploits/DEFCON-Webmin-1920-Unauthenticated-Remote-Command-Execution.html",
"refsource": "MISC",
"url": "http://www.pentest.com.tr/exploits/DEFCON-Webmin-1920-Unauthenticated-Remote-Command-Execution.html"
},
{
"name": "http://packetstormsecurity.com/files/154141/Webmin-Remote-Comman-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/154141/Webmin-Remote-Comman-Execution.html"
},
{
"name": "http://packetstormsecurity.com/files/154141/Webmin-1.920-Remote-Command-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/154141/Webmin-1.920-Remote-Command-Execution.html"
},
{
"name": "http://packetstormsecurity.com/files/154197/Webmin-1.920-password_change.cgi-Backdoor.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/154197/Webmin-1.920-password_change.cgi-Backdoor.html"
},
{
"name": "http://packetstormsecurity.com/files/154485/Webmin-1.920-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/154485/Webmin-1.920-Remote-Code-Execution.html"
},
{
"name": "https://attackerkb.com/topics/hxx3zmiCkR/webmin-password-change-cgi-command-injection",
"refsource": "MISC",
"url": "https://attackerkb.com/topics/hxx3zmiCkR/webmin-password-change-cgi-command-injection"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-15107",
"datePublished": "2019-08-16T02:44:04.000Z",
"dateReserved": "2019-08-15T00:00:00.000Z",
"dateUpdated": "2025-07-30T01:45:57.811Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-2201 (GCVE-0-2002-2201)
Vulnerability from cvelistv5
Published
2005-11-16 21:17
Modified
2024-09-16 18:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Printer Administration module for Webmin 0.990 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the printer name.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:51:17.630Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FreeBSD-SN-02:05",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:05.asc"
},
{
"name": "webmin-printer-shell-commands(10052)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/10052.php"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.webmin.com/updates.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Printer Administration module for Webmin 0.990 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the printer name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-16T21:17:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FreeBSD-SN-02:05",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:05.asc"
},
{
"name": "webmin-printer-shell-commands(10052)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/10052.php"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.webmin.com/updates.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2201",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Printer Administration module for Webmin 0.990 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the printer name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FreeBSD-SN-02:05",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:05.asc"
},
{
"name": "webmin-printer-shell-commands(10052)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10052.php"
},
{
"name": "http://www.webmin.com/updates.html",
"refsource": "CONFIRM",
"url": "http://www.webmin.com/updates.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-2201",
"datePublished": "2005-11-16T21:17:00Z",
"dateReserved": "2005-11-16T00:00:00Z",
"dateUpdated": "2024-09-16T18:56:10.934Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0339 (GCVE-0-2014-0339)
Vulnerability from cvelistv5
Published
2014-03-16 10:00
Modified
2024-08-06 09:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in view.cgi in Webmin before 1.680 allows remote attackers to inject arbitrary web script or HTML via the search parameter.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:13:09.939Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.webmin.com/changes.html"
},
{
"name": "20140315 Reflected XSS Attacks XSS vulnerabilities in Webmin 1.670 (CVE-2014-0339)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Mar/274"
},
{
"name": "VU#381692",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/381692"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21679713"
},
{
"name": "66248",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/66248"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in view.cgi in Webmin before 1.680 allows remote attackers to inject arbitrary web script or HTML via the search parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-06-02T14:57:00",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.webmin.com/changes.html"
},
{
"name": "20140315 Reflected XSS Attacks XSS vulnerabilities in Webmin 1.670 (CVE-2014-0339)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Mar/274"
},
{
"name": "VU#381692",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/381692"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21679713"
},
{
"name": "66248",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/66248"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-0339",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in view.cgi in Webmin before 1.680 allows remote attackers to inject arbitrary web script or HTML via the search parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.webmin.com/changes.html",
"refsource": "CONFIRM",
"url": "http://www.webmin.com/changes.html"
},
{
"name": "20140315 Reflected XSS Attacks XSS vulnerabilities in Webmin 1.670 (CVE-2014-0339)",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Mar/274"
},
{
"name": "VU#381692",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/381692"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21679713",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21679713"
},
{
"name": "66248",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66248"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2014-0339",
"datePublished": "2014-03-16T10:00:00",
"dateReserved": "2013-12-05T00:00:00",
"dateUpdated": "2024-08-06T09:13:09.939Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-0222 (GCVE-0-2001-0222)
Vulnerability from cvelistv5
Published
2001-05-07 04:00
Modified
2024-08-08 04:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
webmin 0.84 and earlier allows local users to overwrite and create arbitrary files via a symlink attack.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:14:07.182Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDKSA-2001-016",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-016.php3"
},
{
"name": "linux-webmin-tmpfiles(6011)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6011"
},
{
"name": "CSSA-2001-004.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2001-004.0.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-01-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "webmin 0.84 and earlier allows local users to overwrite and create arbitrary files via a symlink attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "MDKSA-2001-016",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-016.php3"
},
{
"name": "linux-webmin-tmpfiles(6011)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6011"
},
{
"name": "CSSA-2001-004.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2001-004.0.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0222",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "webmin 0.84 and earlier allows local users to overwrite and create arbitrary files via a symlink attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDKSA-2001-016",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-016.php3"
},
{
"name": "linux-webmin-tmpfiles(6011)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6011"
},
{
"name": "CSSA-2001-004.0",
"refsource": "CALDERA",
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2001-004.0.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0222",
"datePublished": "2001-05-07T04:00:00",
"dateReserved": "2001-03-08T00:00:00",
"dateUpdated": "2024-08-08T04:14:07.182Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38311 (GCVE-0-2023-38311)
Vulnerability from cvelistv5
Published
2023-07-31 00:00
Modified
2024-10-22 17:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the System Logs Viewer functionality. The vulnerability allows an attacker to store a malicious payload in the configuration field, triggering the execution of the payload when saving the configuration or when accessing the System Logs Viewer page.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:39:12.242Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://webmin.com/tags/webmin-changelog/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38311"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38311",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T17:43:17.142385Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T17:43:26.477Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the System Logs Viewer functionality. The vulnerability allows an attacker to store a malicious payload in the configuration field, triggering the execution of the payload when saving the configuration or when accessing the System Logs Viewer page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-31T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://webmin.com/tags/webmin-changelog/"
},
{
"url": "https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38311"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-38311",
"datePublished": "2023-07-31T00:00:00",
"dateReserved": "2023-07-14T00:00:00",
"dateUpdated": "2024-10-22T17:43:26.477Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15645 (GCVE-0-2017-15645)
Vulnerability from cvelistv5
Published
2017-10-19 22:00
Modified
2024-09-16 17:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
CSRF exists in Webmin 1.850. By sending a GET request to at/create_job.cgi containing dir=/&cmd= in the URI, an attacker to execute arbitrary commands.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:57:27.543Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.webmin.com/security.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/webmin/webmin/commit/0c58892732ee7610a7abba5507614366d382c9c9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blogs.securiteam.com/index.php/archives/3430"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.webmin.com/changes.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CSRF exists in Webmin 1.850. By sending a GET request to at/create_job.cgi containing dir=/\u0026cmd= in the URI, an attacker to execute arbitrary commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-19T22:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.webmin.com/security.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/webmin/webmin/commit/0c58892732ee7610a7abba5507614366d382c9c9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blogs.securiteam.com/index.php/archives/3430"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.webmin.com/changes.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15645",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CSRF exists in Webmin 1.850. By sending a GET request to at/create_job.cgi containing dir=/\u0026cmd= in the URI, an attacker to execute arbitrary commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.webmin.com/security.html",
"refsource": "MISC",
"url": "http://www.webmin.com/security.html"
},
{
"name": "https://github.com/webmin/webmin/commit/0c58892732ee7610a7abba5507614366d382c9c9",
"refsource": "MISC",
"url": "https://github.com/webmin/webmin/commit/0c58892732ee7610a7abba5507614366d382c9c9"
},
{
"name": "https://blogs.securiteam.com/index.php/archives/3430",
"refsource": "MISC",
"url": "https://blogs.securiteam.com/index.php/archives/3430"
},
{
"name": "http://www.webmin.com/changes.html",
"refsource": "MISC",
"url": "http://www.webmin.com/changes.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15645",
"datePublished": "2017-10-19T22:00:00Z",
"dateReserved": "2017-10-19T00:00:00Z",
"dateUpdated": "2024-09-16T17:53:07.920Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32159 (GCVE-0-2021-32159)
Vulnerability from cvelistv5
Published
2022-04-11 05:41
Modified
2024-08-03 23:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A Cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 via the Upload and Download feature.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:17:29.156Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Mesh3l911/CVE-2021-32159"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 via the Upload and Download feature."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-11T05:41:36",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Mesh3l911/CVE-2021-32159"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-32159",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 via the Upload and Download feature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Mesh3l911/CVE-2021-32159",
"refsource": "MISC",
"url": "https://github.com/Mesh3l911/CVE-2021-32159"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-32159",
"datePublished": "2022-04-11T05:41:36",
"dateReserved": "2021-05-07T00:00:00",
"dateUpdated": "2024-08-03T23:17:29.156Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-36446 (GCVE-0-2022-36446)
Vulnerability from cvelistv5
Published
2022-07-25 05:56
Modified
2024-08-03 10:07
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:07:34.060Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/webmin/webmin/commit/13f7bf9621a82d93f1e9dbd838d1e22020221bde"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/webmin/webmin/compare/1.996...1.997"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/167894/Webmin-1.996-Remote-Code-Execution.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/50998"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/emirpolatt/cf19d6c0128fa3e25ebb47e09243919b"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/168049/Webmin-Package-Updates-Command-Injection.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-10T17:06:16",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/webmin/webmin/commit/13f7bf9621a82d93f1e9dbd838d1e22020221bde"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/webmin/webmin/compare/1.996...1.997"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/167894/Webmin-1.996-Remote-Code-Execution.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.exploit-db.com/exploits/50998"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/emirpolatt/cf19d6c0128fa3e25ebb47e09243919b"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/168049/Webmin-Package-Updates-Command-Injection.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36446",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/webmin/webmin/commit/13f7bf9621a82d93f1e9dbd838d1e22020221bde",
"refsource": "MISC",
"url": "https://github.com/webmin/webmin/commit/13f7bf9621a82d93f1e9dbd838d1e22020221bde"
},
{
"name": "https://github.com/webmin/webmin/compare/1.996...1.997",
"refsource": "MISC",
"url": "https://github.com/webmin/webmin/compare/1.996...1.997"
},
{
"name": "http://packetstormsecurity.com/files/167894/Webmin-1.996-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/167894/Webmin-1.996-Remote-Code-Execution.html"
},
{
"name": "https://www.exploit-db.com/exploits/50998",
"refsource": "MISC",
"url": "https://www.exploit-db.com/exploits/50998"
},
{
"name": "https://gist.github.com/emirpolatt/cf19d6c0128fa3e25ebb47e09243919b",
"refsource": "MISC",
"url": "https://gist.github.com/emirpolatt/cf19d6c0128fa3e25ebb47e09243919b"
},
{
"name": "http://packetstormsecurity.com/files/168049/Webmin-Package-Updates-Command-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/168049/Webmin-Package-Updates-Command-Injection.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36446",
"datePublished": "2022-07-25T05:56:47",
"dateReserved": "2022-07-25T00:00:00",
"dateUpdated": "2024-08-03T10:07:34.060Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38304 (GCVE-0-2023-38304)
Vulnerability from cvelistv5
Published
2023-07-31 00:00
Modified
2024-10-18 20:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the Users and Groups functionality, allowing an attacker to store a malicious payload in the Group Name field when creating a new group.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:39:12.266Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://webmin.com/tags/webmin-changelog/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38304"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38304",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-18T20:26:02.096186Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-18T20:26:11.110Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the Users and Groups functionality, allowing an attacker to store a malicious payload in the Group Name field when creating a new group."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-31T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://webmin.com/tags/webmin-changelog/"
},
{
"url": "https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38304"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-38304",
"datePublished": "2023-07-31T00:00:00",
"dateReserved": "2023-07-14T00:00:00",
"dateUpdated": "2024-10-18T20:26:11.110Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3042 (GCVE-0-2005-3042)
Vulnerability from cvelistv5
Published
2005-09-22 04:00
Modified
2024-08-07 22:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
miniserv.pl in Webmin before 1.230 and Usermin before 1.160, when "full PAM conversations" is enabled, allows remote attackers to bypass authentication by spoofing session IDs via certain metacharacters (line feed or carriage return).
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:53:30.475Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "16858",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16858"
},
{
"name": "17282",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17282"
},
{
"name": "GLSA-200509-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-17.xml"
},
{
"name": "19575",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/19575"
},
{
"name": "17",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/17"
},
{
"name": "14889",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14889"
},
{
"name": "ADV-2005-1791",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/1791"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/83_e.html"
},
{
"name": "MDKSA-2005:176",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:176"
},
{
"name": "SUSE-SR:2005:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_24_sr.html"
},
{
"name": "20050921 [SNS Advisory No.83] Webmin/Usermin PAM Authentication Bypass Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2005-09/0257.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.webmin.com/changes-1.230.html"
},
{
"name": "JVN#40940493",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/jp/JVN%2340940493/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.webmin.com/uchanges-1.160.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-09-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "miniserv.pl in Webmin before 1.230 and Usermin before 1.160, when \"full PAM conversations\" is enabled, allows remote attackers to bypass authentication by spoofing session IDs via certain metacharacters (line feed or carriage return)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-09-29T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "16858",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16858"
},
{
"name": "17282",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17282"
},
{
"name": "GLSA-200509-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-17.xml"
},
{
"name": "19575",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/19575"
},
{
"name": "17",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/17"
},
{
"name": "14889",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14889"
},
{
"name": "ADV-2005-1791",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/1791"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/83_e.html"
},
{
"name": "MDKSA-2005:176",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:176"
},
{
"name": "SUSE-SR:2005:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_24_sr.html"
},
{
"name": "20050921 [SNS Advisory No.83] Webmin/Usermin PAM Authentication Bypass Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2005-09/0257.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.webmin.com/changes-1.230.html"
},
{
"name": "JVN#40940493",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/jp/JVN%2340940493/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.webmin.com/uchanges-1.160.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3042",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "miniserv.pl in Webmin before 1.230 and Usermin before 1.160, when \"full PAM conversations\" is enabled, allows remote attackers to bypass authentication by spoofing session IDs via certain metacharacters (line feed or carriage return)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16858",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16858"
},
{
"name": "17282",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17282"
},
{
"name": "GLSA-200509-17",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-17.xml"
},
{
"name": "19575",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/19575"
},
{
"name": "17",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/17"
},
{
"name": "14889",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14889"
},
{
"name": "ADV-2005-1791",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/1791"
},
{
"name": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/83_e.html",
"refsource": "MISC",
"url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/83_e.html"
},
{
"name": "MDKSA-2005:176",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:176"
},
{
"name": "SUSE-SR:2005:024",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_24_sr.html"
},
{
"name": "20050921 [SNS Advisory No.83] Webmin/Usermin PAM Authentication Bypass Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2005-09/0257.html"
},
{
"name": "http://www.webmin.com/changes-1.230.html",
"refsource": "CONFIRM",
"url": "http://www.webmin.com/changes-1.230.html"
},
{
"name": "JVN#40940493",
"refsource": "JVN",
"url": "http://jvn.jp/jp/JVN%2340940493/index.html"
},
{
"name": "http://www.webmin.com/uchanges-1.160.html",
"refsource": "CONFIRM",
"url": "http://www.webmin.com/uchanges-1.160.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3042",
"datePublished": "2005-09-22T04:00:00",
"dateReserved": "2005-09-22T00:00:00",
"dateUpdated": "2024-08-07T22:53:30.475Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0720 (GCVE-0-2008-0720)
Vulnerability from cvelistv5
Published
2008-02-12 01:00
Modified
2024-08-07 07:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in Webmin 1.370 and 1.390 and Usermin 1.300 and 1.320 allows remote attackers to inject arbitrary web script or HTML via the search parameter to webmin_search.cgi (aka the search section), and possibly other components accessed through a "search box" or "open file box." NOTE: some of these details are obtained from third party information.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:54:23.199Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20080206 Re: Tested on Webmin 1.390",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/487678/100/0/threaded"
},
{
"name": "28827",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28827"
},
{
"name": "27662",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27662"
},
{
"name": "20080206 Tested on Webmin 1.390",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/487656/100/0/threaded"
},
{
"name": "ADV-2008-0450",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0450"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://forum.aria-security.net/showthread.php?t=511"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Webmin 1.370 and 1.390 and Usermin 1.300 and 1.320 allows remote attackers to inject arbitrary web script or HTML via the search parameter to webmin_search.cgi (aka the search section), and possibly other components accessed through a \"search box\" or \"open file box.\" NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20080206 Re: Tested on Webmin 1.390",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/487678/100/0/threaded"
},
{
"name": "28827",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28827"
},
{
"name": "27662",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27662"
},
{
"name": "20080206 Tested on Webmin 1.390",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/487656/100/0/threaded"
},
{
"name": "ADV-2008-0450",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0450"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://forum.aria-security.net/showthread.php?t=511"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0720",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Webmin 1.370 and 1.390 and Usermin 1.300 and 1.320 allows remote attackers to inject arbitrary web script or HTML via the search parameter to webmin_search.cgi (aka the search section), and possibly other components accessed through a \"search box\" or \"open file box.\" NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20080206 Re: Tested on Webmin 1.390",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/487678/100/0/threaded"
},
{
"name": "28827",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28827"
},
{
"name": "27662",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27662"
},
{
"name": "20080206 Tested on Webmin 1.390",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/487656/100/0/threaded"
},
{
"name": "ADV-2008-0450",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0450"
},
{
"name": "http://forum.aria-security.net/showthread.php?t=511",
"refsource": "MISC",
"url": "http://forum.aria-security.net/showthread.php?t=511"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0720",
"datePublished": "2008-02-12T01:00:00",
"dateReserved": "2008-02-11T00:00:00",
"dateUpdated": "2024-08-07T07:54:23.199Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36450 (GCVE-0-2024-36450)
Vulnerability from cvelistv5
Published
2024-07-10 07:01
Modified
2025-03-13 14:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-site scripting (XSS)
Summary
Cross-site scripting vulnerability exists in sysinfo.cgi of Webmin versions prior to 1.910. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product. As a result, a session ID may be obtained, a webpage may be altered, or a server may be halted.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-36450",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-10T13:13:12.532819Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-13T14:38:27.167Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:37:05.132Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://webmin.com/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN81442045/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Webmin",
"vendor": "Webmin",
"versions": [
{
"status": "affected",
"version": "versions prior to 1.910"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability exists in sysinfo.cgi of Webmin versions prior to 1.910. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product. As a result, a session ID may be obtained, a webpage may be altered, or a server may be halted."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T07:01:07.082Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://webmin.com/"
},
{
"url": "https://jvn.jp/en/jp/JVN81442045/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-36450",
"datePublished": "2024-07-10T07:01:07.082Z",
"dateReserved": "2024-05-28T05:38:38.738Z",
"dateUpdated": "2025-03-13T14:38:27.167Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-43309 (GCVE-0-2023-43309)
Vulnerability from cvelistv5
Published
2023-09-21 00:00
Modified
2024-09-24 18:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
There is a stored cross-site scripting (XSS) vulnerability in Webmin 2.002 and below via the Cluster Cron Job tab Input field, which allows attackers to run malicious scripts by injecting a specially crafted payload.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:37:23.382Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/TishaManandhar/Webmin_xss_POC/blob/main/XSS"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-43309",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-24T18:21:22.413397Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T18:21:30.242Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is a stored cross-site scripting (XSS) vulnerability in Webmin 2.002 and below via the Cluster Cron Job tab Input field, which allows attackers to run malicious scripts by injecting a specially crafted payload."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-21T13:40:52.923212",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/TishaManandhar/Webmin_xss_POC/blob/main/XSS"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-43309",
"datePublished": "2023-09-21T00:00:00",
"dateReserved": "2023-09-18T00:00:00",
"dateUpdated": "2024-09-24T18:21:30.242Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3156 (GCVE-0-2007-3156)
Vulnerability from cvelistv5
Published
2007-06-11 22:00
Modified
2024-08-07 14:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in pam_login.cgi in Webmin before 1.350 and Usermin before 1.280 allow remote attackers to inject arbitrary web script or HTML via the (1) cid, (2) message, or (3) question parameter. NOTE: some of these details are obtained from third party information.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:05:29.294Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.webmin.com/security.html"
},
{
"name": "25785",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25785"
},
{
"name": "ADV-2007-2117",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2117"
},
{
"name": "24381",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24381"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.webmin.com/changes-1.350.html"
},
{
"name": "GLSA-200707-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200707-05.xml"
},
{
"name": "25580",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25580"
},
{
"name": "36932",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/36932"
},
{
"name": "MDKSA-2007:135",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:135"
},
{
"name": "25956",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25956"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in pam_login.cgi in Webmin before 1.350 and Usermin before 1.280 allow remote attackers to inject arbitrary web script or HTML via the (1) cid, (2) message, or (3) question parameter. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-06-27T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.webmin.com/security.html"
},
{
"name": "25785",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25785"
},
{
"name": "ADV-2007-2117",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2117"
},
{
"name": "24381",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24381"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.webmin.com/changes-1.350.html"
},
{
"name": "GLSA-200707-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200707-05.xml"
},
{
"name": "25580",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25580"
},
{
"name": "36932",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/36932"
},
{
"name": "MDKSA-2007:135",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:135"
},
{
"name": "25956",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25956"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3156",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in pam_login.cgi in Webmin before 1.350 and Usermin before 1.280 allow remote attackers to inject arbitrary web script or HTML via the (1) cid, (2) message, or (3) question parameter. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.webmin.com/security.html",
"refsource": "CONFIRM",
"url": "http://www.webmin.com/security.html"
},
{
"name": "25785",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25785"
},
{
"name": "ADV-2007-2117",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2117"
},
{
"name": "24381",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24381"
},
{
"name": "http://www.webmin.com/changes-1.350.html",
"refsource": "CONFIRM",
"url": "http://www.webmin.com/changes-1.350.html"
},
{
"name": "GLSA-200707-05",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200707-05.xml"
},
{
"name": "25580",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25580"
},
{
"name": "36932",
"refsource": "OSVDB",
"url": "http://osvdb.org/36932"
},
{
"name": "MDKSA-2007:135",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:135"
},
{
"name": "25956",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25956"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3156",
"datePublished": "2007-06-11T22:00:00",
"dateReserved": "2007-06-11T00:00:00",
"dateUpdated": "2024-08-07T14:05:29.294Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3274 (GCVE-0-2006-3274)
Vulnerability from cvelistv5
Published
2006-06-28 22:00
Modified
2024-08-07 18:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Directory traversal vulnerability in Webmin before 1.280, when run on Windows, allows remote attackers to read arbitrary files via \ (backslash) characters in the URL to certain directories under the web root, such as the image directory.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:23:21.196Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060623 [SNS Advisory No.88] Webmin Directory Traversal Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/438149/100/0/threaded"
},
{
"name": "webmin-backslash-directory-traversal(27366)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27366"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.webmin.com/changes.html"
},
{
"name": "1161",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1161"
},
{
"name": "1016375",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016375"
},
{
"name": "20777",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20777"
},
{
"name": "ADV-2006-2493",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2493"
},
{
"name": "JVN#67974490",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/jp/JVN%2367974490/index.html"
},
{
"name": "18613",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18613"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/88_e.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Webmin before 1.280, when run on Windows, allows remote attackers to read arbitrary files via \\ (backslash) characters in the URL to certain directories under the web root, such as the image directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060623 [SNS Advisory No.88] Webmin Directory Traversal Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/438149/100/0/threaded"
},
{
"name": "webmin-backslash-directory-traversal(27366)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27366"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.webmin.com/changes.html"
},
{
"name": "1161",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1161"
},
{
"name": "1016375",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016375"
},
{
"name": "20777",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20777"
},
{
"name": "ADV-2006-2493",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2493"
},
{
"name": "JVN#67974490",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/jp/JVN%2367974490/index.html"
},
{
"name": "18613",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18613"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/88_e.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3274",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Webmin before 1.280, when run on Windows, allows remote attackers to read arbitrary files via \\ (backslash) characters in the URL to certain directories under the web root, such as the image directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060623 [SNS Advisory No.88] Webmin Directory Traversal Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/438149/100/0/threaded"
},
{
"name": "webmin-backslash-directory-traversal(27366)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27366"
},
{
"name": "http://www.webmin.com/changes.html",
"refsource": "CONFIRM",
"url": "http://www.webmin.com/changes.html"
},
{
"name": "1161",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1161"
},
{
"name": "1016375",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016375"
},
{
"name": "20777",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20777"
},
{
"name": "ADV-2006-2493",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2493"
},
{
"name": "JVN#67974490",
"refsource": "JVN",
"url": "http://jvn.jp/jp/JVN%2367974490/index.html"
},
{
"name": "18613",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18613"
},
{
"name": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/88_e.html",
"refsource": "MISC",
"url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/88_e.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3274",
"datePublished": "2006-06-28T22:00:00",
"dateReserved": "2006-06-28T00:00:00",
"dateUpdated": "2024-08-07T18:23:21.196Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8820 (GCVE-0-2020-8820)
Vulnerability from cvelistv5
Published
2020-10-12 15:52
Modified
2024-08-04 10:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An XSS Vulnerability exists in Webmin 1.941 and earlier affecting the Cluster Shell Commands Endpoint. A user may enter any XSS Payload into the Command field and execute it. Then, after revisiting the Cluster Shell Commands Menu, the XSS Payload will be rendered and executed.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:12:10.555Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.webmin.com/security.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-10-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An XSS Vulnerability exists in Webmin 1.941 and earlier affecting the Cluster Shell Commands Endpoint. A user may enter any XSS Payload into the Command field and execute it. Then, after revisiting the Cluster Shell Commands Menu, the XSS Payload will be rendered and executed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-12T15:52:43",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.webmin.com/security.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-8820",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An XSS Vulnerability exists in Webmin 1.941 and earlier affecting the Cluster Shell Commands Endpoint. A user may enter any XSS Payload into the Command field and execute it. Then, after revisiting the Cluster Shell Commands Menu, the XSS Payload will be rendered and executed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.webmin.com/security.html",
"refsource": "CONFIRM",
"url": "https://www.webmin.com/security.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-8820",
"datePublished": "2020-10-12T15:52:43",
"dateReserved": "2020-02-10T00:00:00",
"dateUpdated": "2024-08-04T10:12:10.555Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0824 (GCVE-0-2022-0824)
Vulnerability from cvelistv5
Published
2022-03-02 00:00
Modified
2024-08-02 23:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-284 - Improper Access Control
Summary
Improper Access Control to Remote Code Execution in GitHub repository webmin/webmin prior to 1.990.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| webmin | webmin/webmin |
Version: unspecified < 1.990 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:40:04.370Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/d0049a96-de90-4b1a-9111-94de1044f295"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/webmin/webmin/commit/39ea464f0c40b325decd6a5bfb7833fa4a142e38"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/166240/Webmin-1.984-Remote-Code-Execution.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://notes.netbytesec.com/2022/03/webmin-broken-access-control-to-post-auth-rce.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/169700/Webmin-1.984-File-Manager-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "webmin/webmin",
"vendor": "webmin",
"versions": [
{
"lessThan": "1.990",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Access Control to Remote Code Execution in GitHub repository webmin/webmin prior to 1.990."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-02T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/d0049a96-de90-4b1a-9111-94de1044f295"
},
{
"url": "https://github.com/webmin/webmin/commit/39ea464f0c40b325decd6a5bfb7833fa4a142e38"
},
{
"url": "http://packetstormsecurity.com/files/166240/Webmin-1.984-Remote-Code-Execution.html"
},
{
"url": "https://notes.netbytesec.com/2022/03/webmin-broken-access-control-to-post-auth-rce.html"
},
{
"url": "http://packetstormsecurity.com/files/169700/Webmin-1.984-File-Manager-Remote-Code-Execution.html"
}
],
"source": {
"advisory": "d0049a96-de90-4b1a-9111-94de1044f295",
"discovery": "EXTERNAL"
},
"title": "Improper Access Control to Remote Code Execution in webmin/webmin"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0824",
"datePublished": "2022-03-02T00:00:00",
"dateReserved": "2022-03-02T00:00:00",
"dateUpdated": "2024-08-02T23:40:04.370Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-45692 (GCVE-0-2024-45692)
Vulnerability from cvelistv5
Published
2024-09-04 00:00
Modified
2024-09-05 13:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Webmin before 2.202 and Virtualmin before 7.20.2 allow a network traffic loop via spoofed UDP packets on port 10000.
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "webmin",
"vendor": "webmin",
"versions": [
{
"lessThan": "2.202",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:virtualmin:virtualmin:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "virtualmin",
"vendor": "virtualmin",
"versions": [
{
"lessThan": "7.20.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-45692",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T13:39:24.498078Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835 Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T13:43:51.165Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Webmin before 2.202 and Virtualmin before 7.20.2 allow a network traffic loop via spoofed UDP packets on port 10000."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-04T23:11:49.503438",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://cispa.de/en/loop-dos"
},
{
"url": "https://webmin.com"
},
{
"url": "https://www.openwall.com/lists/oss-security/2024/09/04/1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-45692",
"datePublished": "2024-09-04T00:00:00",
"dateReserved": "2024-09-04T00:00:00",
"dateUpdated": "2024-09-05T13:43:51.165Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-36452 (GCVE-0-2024-36452)
Vulnerability from cvelistv5
Published
2024-07-10 07:01
Modified
2024-11-05 21:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-site request forgery (CSRF)
Summary
Cross-site request forgery vulnerability exists in ajaxterm module of Webmin versions prior to 2.003. If this vulnerability is exploited, unintended operations may be performed when a user views a malicious page while logged in. As a result, data within a system may be referred, a webpage may be altered, or a server may be permanently halted.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-36452",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-10T13:29:35.481782Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-05T21:12:24.776Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:37:05.210Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://webmin.com/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN81442045/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Webmin",
"vendor": "Webmin",
"versions": [
{
"status": "affected",
"version": "versions prior to 2.003"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery vulnerability exists in ajaxterm module of Webmin versions prior to 2.003. If this vulnerability is exploited, unintended operations may be performed when a user views a malicious page while logged in. As a result, data within a system may be referred, a webpage may be altered, or a server may be permanently halted."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site request forgery (CSRF)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T07:01:48.896Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://webmin.com/"
},
{
"url": "https://jvn.jp/en/jp/JVN81442045/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-36452",
"datePublished": "2024-07-10T07:01:48.896Z",
"dateReserved": "2024-05-28T05:38:38.739Z",
"dateUpdated": "2024-11-05T21:12:24.776Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38306 (GCVE-0-2023-38306)
Vulnerability from cvelistv5
Published
2023-07-31 00:00
Modified
2024-10-22 17:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Webmin 2.021. A Cross-site Scripting (XSS) Bypass vulnerability was discovered in the file upload functionality. Normally, the application restricts the upload of certain file types such as .svg, .php, etc., and displays an error message if a prohibited file type is detected. However, by following certain steps, an attacker can bypass these restrictions and inject malicious code.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:39:12.246Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://webmin.com/tags/webmin-changelog/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38306"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38306",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T17:51:06.893501Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T17:51:13.901Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Webmin 2.021. A Cross-site Scripting (XSS) Bypass vulnerability was discovered in the file upload functionality. Normally, the application restricts the upload of certain file types such as .svg, .php, etc., and displays an error message if a prohibited file type is detected. However, by following certain steps, an attacker can bypass these restrictions and inject malicious code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-31T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://webmin.com/tags/webmin-changelog/"
},
{
"url": "https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38306"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-38306",
"datePublished": "2023-07-31T00:00:00",
"dateReserved": "2023-07-14T00:00:00",
"dateUpdated": "2024-10-22T17:51:13.901Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-1530 (GCVE-0-2001-1530)
Vulnerability from cvelistv5
Published
2005-07-14 04:00
Modified
2024-09-16 20:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
run.cgi in Webmin 0.80 and 0.88 creates temporary files with world-writable permissions, which allows local users to execute arbitrary commands.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:58:11.438Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20011022 Webmin 0.88 temporary insecure file creation, root compromise",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2001-q4/0015.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securiteam.com/unixfocus/6R00M0K2UC.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "run.cgi in Webmin 0.80 and 0.88 creates temporary files with world-writable permissions, which allows local users to execute arbitrary commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-07-14T04:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20011022 Webmin 0.88 temporary insecure file creation, root compromise",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2001-q4/0015.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securiteam.com/unixfocus/6R00M0K2UC.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1530",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "run.cgi in Webmin 0.80 and 0.88 creates temporary files with world-writable permissions, which allows local users to execute arbitrary commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20011022 Webmin 0.88 temporary insecure file creation, root compromise",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2001-q4/0015.html"
},
{
"name": "http://www.securiteam.com/unixfocus/6R00M0K2UC.html",
"refsource": "MISC",
"url": "http://www.securiteam.com/unixfocus/6R00M0K2UC.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1530",
"datePublished": "2005-07-14T04:00:00Z",
"dateReserved": "2005-07-14T00:00:00Z",
"dateUpdated": "2024-09-16T20:43:21.612Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-1947 (GCVE-0-2002-1947)
Vulnerability from cvelistv5
Published
2005-06-28 04:00
Modified
2024-08-08 03:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Webmin 0.21 through 1.0 uses the same built-in SSL key for all installations, which allows remote attackers to eavesdrop or highjack the SSL session.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:43:33.788Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "webmin-identical-ssl-keys(10381)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/10381.php"
},
{
"name": "5936",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5936"
},
{
"name": "FreeBSD-SA-02:06",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02%3A06.asc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.webmin.com/changes.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-10-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Webmin 0.21 through 1.0 uses the same built-in SSL key for all installations, which allows remote attackers to eavesdrop or highjack the SSL session."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-15T16:39:43",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "webmin-identical-ssl-keys(10381)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/10381.php"
},
{
"name": "5936",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5936"
},
{
"name": "FreeBSD-SA-02:06",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02%3A06.asc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.webmin.com/changes.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1947",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Webmin 0.21 through 1.0 uses the same built-in SSL key for all installations, which allows remote attackers to eavesdrop or highjack the SSL session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "webmin-identical-ssl-keys(10381)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10381.php"
},
{
"name": "5936",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5936"
},
{
"name": "FreeBSD-SA-02:06",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02%3A06.asc"
},
{
"name": "http://www.webmin.com/changes.html",
"refsource": "CONFIRM",
"url": "http://www.webmin.com/changes.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1947",
"datePublished": "2005-06-28T04:00:00",
"dateReserved": "2005-06-29T00:00:00",
"dateUpdated": "2024-08-08T03:43:33.788Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2106 (GCVE-0-2017-2106)
Vulnerability from cvelistv5
Published
2017-04-28 16:00
Modified
2024-08-05 13:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Cross-site scripting
Summary
Multiple cross-site scripting vulnerabilities in Webmin versions prior to 1.830 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:39:32.276Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "96227",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96227"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/webmin/webmin/commit/475cc4fbdf51c865b291d252d81a58bad05de0c7"
},
{
"name": "JVN#34207650",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN34207650/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Webmin",
"vendor": "Webmin",
"versions": [
{
"status": "affected",
"version": "versions prior to 1.830"
}
]
}
],
"datePublic": "2017-04-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting vulnerabilities in Webmin versions prior to 1.830 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-01T09:57:02",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "96227",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96227"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/webmin/webmin/commit/475cc4fbdf51c865b291d252d81a58bad05de0c7"
},
{
"name": "JVN#34207650",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN34207650/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2106",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Webmin",
"version": {
"version_data": [
{
"version_value": "versions prior to 1.830"
}
]
}
}
]
},
"vendor_name": "Webmin"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting vulnerabilities in Webmin versions prior to 1.830 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96227",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96227"
},
{
"name": "https://github.com/webmin/webmin/commit/475cc4fbdf51c865b291d252d81a58bad05de0c7",
"refsource": "MISC",
"url": "https://github.com/webmin/webmin/commit/475cc4fbdf51c865b291d252d81a58bad05de0c7"
},
{
"name": "JVN#34207650",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN34207650/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2106",
"datePublished": "2017-04-28T16:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T13:39:32.276Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15641 (GCVE-0-2019-15641)
Vulnerability from cvelistv5
Published
2019-08-26 17:07
Modified
2024-08-05 00:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
xmlrpc.cgi in Webmin through 1.930 allows authenticated XXE attacks. By default, only root, admin, and sysadm can access xmlrpc.cgi.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:56:22.070Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.calypt.com/blog/index.php/authenticated-xxe-on-webmin/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "xmlrpc.cgi in Webmin through 1.930 allows authenticated XXE attacks. By default, only root, admin, and sysadm can access xmlrpc.cgi."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-26T17:07:38",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.calypt.com/blog/index.php/authenticated-xxe-on-webmin/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15641",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "xmlrpc.cgi in Webmin through 1.930 allows authenticated XXE attacks. By default, only root, admin, and sysadm can access xmlrpc.cgi."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.calypt.com/blog/index.php/authenticated-xxe-on-webmin/",
"refsource": "MISC",
"url": "https://www.calypt.com/blog/index.php/authenticated-xxe-on-webmin/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-15641",
"datePublished": "2019-08-26T17:07:38",
"dateReserved": "2019-08-26T00:00:00",
"dateUpdated": "2024-08-05T00:56:22.070Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-1999-1074 (GCVE-0-1999-1074)
Vulnerability from cvelistv5
Published
2002-03-09 05:00
Modified
2024-08-01 17:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Webmin before 0.5 does not restrict the number of invalid passwords that are entered for a valid username, which could allow remote attackers to gain privileges via brute force password cracking.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T17:02:53.696Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "19980501 Warning! Webmin Security Advisory",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/9138"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.webmin.com/webmin/changes.html"
},
{
"name": "98",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "1998-05-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Webmin before 0.5 does not restrict the number of invalid passwords that are entered for a valid username, which could allow remote attackers to gain privileges via brute force password cracking."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-03-01T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "19980501 Warning! Webmin Security Advisory",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/9138"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.webmin.com/webmin/changes.html"
},
{
"name": "98",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-1074",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Webmin before 0.5 does not restrict the number of invalid passwords that are entered for a valid username, which could allow remote attackers to gain privileges via brute force password cracking."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19980501 Warning! Webmin Security Advisory",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/9138"
},
{
"name": "http://www.webmin.com/webmin/changes.html",
"refsource": "CONFIRM",
"url": "http://www.webmin.com/webmin/changes.html"
},
{
"name": "98",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-1074",
"datePublished": "2002-03-09T05:00:00",
"dateReserved": "2001-08-31T00:00:00",
"dateUpdated": "2024-08-01T17:02:53.696Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3924 (GCVE-0-2014-3924)
Vulnerability from cvelistv5
Published
2014-05-30 14:00
Modified
2024-08-06 10:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Webmin before 1.690 and Usermin before 1.600 allow remote attackers to inject arbitrary web script or HTML via vectors related to popup windows.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:57:18.053Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.webmin.com/changes.html"
},
{
"name": "58917",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/58917"
},
{
"name": "58919",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/58919"
},
{
"name": "67649",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/67649"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.webmin.com/uchanges.html"
},
{
"name": "1030296",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030296"
},
{
"name": "1030297",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030297"
},
{
"name": "67647",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/67647"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Webmin before 1.690 and Usermin before 1.600 allow remote attackers to inject arbitrary web script or HTML via vectors related to popup windows."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-07-09T12:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.webmin.com/changes.html"
},
{
"name": "58917",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/58917"
},
{
"name": "58919",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/58919"
},
{
"name": "67649",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/67649"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.webmin.com/uchanges.html"
},
{
"name": "1030296",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030296"
},
{
"name": "1030297",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030297"
},
{
"name": "67647",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/67647"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3924",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Webmin before 1.690 and Usermin before 1.600 allow remote attackers to inject arbitrary web script or HTML via vectors related to popup windows."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.webmin.com/changes.html",
"refsource": "CONFIRM",
"url": "http://www.webmin.com/changes.html"
},
{
"name": "58917",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58917"
},
{
"name": "58919",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58919"
},
{
"name": "67649",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67649"
},
{
"name": "http://www.webmin.com/uchanges.html",
"refsource": "CONFIRM",
"url": "http://www.webmin.com/uchanges.html"
},
{
"name": "1030296",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030296"
},
{
"name": "1030297",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030297"
},
{
"name": "67647",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67647"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3924",
"datePublished": "2014-05-30T14:00:00",
"dateReserved": "2014-05-30T00:00:00",
"dateUpdated": "2024-08-06T10:57:18.053Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15642 (GCVE-0-2019-15642)
Vulnerability from cvelistv5
Published
2019-08-26 17:07
Modified
2024-08-05 00:56
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
rpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execution via a crafted object name because unserialise_variable makes an eval call. NOTE: the Webmin_Servers_Index documentation states "RPC can be used to run any command or modify any file on a server, which is why access to it must not be granted to un-trusted Webmin users."
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:56:22.017Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.calypt.com/blog/index.php/authenticated-rce-on-webmin/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/webmin/webmin/commit/df8a43fb4bdc9c858874f72773bcba597ae9432c"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/webmin/webmin/blob/ab5e00e41ea1ecc1e24b8f8693f3495a0abb1aed/rpc.cgi#L26-L37"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://doxfer.webmin.com/Webmin/Webmin_Servers_Index"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "rpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execution via a crafted object name because unserialise_variable makes an eval call. NOTE: the Webmin_Servers_Index documentation states \"RPC can be used to run any command or modify any file on a server, which is why access to it must not be granted to un-trusted Webmin users.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-26T17:36:42",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.calypt.com/blog/index.php/authenticated-rce-on-webmin/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/webmin/webmin/commit/df8a43fb4bdc9c858874f72773bcba597ae9432c"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/webmin/webmin/blob/ab5e00e41ea1ecc1e24b8f8693f3495a0abb1aed/rpc.cgi#L26-L37"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://doxfer.webmin.com/Webmin/Webmin_Servers_Index"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15642",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "rpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execution via a crafted object name because unserialise_variable makes an eval call. NOTE: the Webmin_Servers_Index documentation states \"RPC can be used to run any command or modify any file on a server, which is why access to it must not be granted to un-trusted Webmin users.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.calypt.com/blog/index.php/authenticated-rce-on-webmin/",
"refsource": "MISC",
"url": "https://www.calypt.com/blog/index.php/authenticated-rce-on-webmin/"
},
{
"name": "https://github.com/webmin/webmin/commit/df8a43fb4bdc9c858874f72773bcba597ae9432c",
"refsource": "MISC",
"url": "https://github.com/webmin/webmin/commit/df8a43fb4bdc9c858874f72773bcba597ae9432c"
},
{
"name": "https://github.com/webmin/webmin/blob/ab5e00e41ea1ecc1e24b8f8693f3495a0abb1aed/rpc.cgi#L26-L37",
"refsource": "MISC",
"url": "https://github.com/webmin/webmin/blob/ab5e00e41ea1ecc1e24b8f8693f3495a0abb1aed/rpc.cgi#L26-L37"
},
{
"name": "https://doxfer.webmin.com/Webmin/Webmin_Servers_Index",
"refsource": "MISC",
"url": "https://doxfer.webmin.com/Webmin/Webmin_Servers_Index"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-15642",
"datePublished": "2019-08-26T17:07:47",
"dateReserved": "2019-08-26T00:00:00",
"dateUpdated": "2024-08-05T00:56:22.017Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0583 (GCVE-0-2004-0583)
Vulnerability from cvelistv5
Published
2004-06-23 04:00
Modified
2024-08-08 00:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The account lockout functionality in (1) Webmin 1.140 and (2) Usermin 1.070 does not parse certain character strings, which allows remote attackers to conduct a brute force attack to guess user IDs and passwords.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:24:26.063Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "10474",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10474"
},
{
"name": "DSA-526",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2004/dsa-526"
},
{
"name": "webmin-username-password-dos(16334)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16334"
},
{
"name": "10523",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10523"
},
{
"name": "MDKSA-2004:074",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:074"
},
{
"name": "20040611 [SNS Advisory No.75] Webmin/Usermin Account Lockout Bypass Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108737059313829\u0026w=2"
},
{
"name": "GLSA-200406-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200406-15.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.webmin.com/changes-1.150.html"
},
{
"name": "GLSA-200406-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200406-12.xml"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/75_e.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-06-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The account lockout functionality in (1) Webmin 1.140 and (2) Usermin 1.070 does not parse certain character strings, which allows remote attackers to conduct a brute force attack to guess user IDs and passwords."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "10474",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10474"
},
{
"name": "DSA-526",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2004/dsa-526"
},
{
"name": "webmin-username-password-dos(16334)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16334"
},
{
"name": "10523",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10523"
},
{
"name": "MDKSA-2004:074",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:074"
},
{
"name": "20040611 [SNS Advisory No.75] Webmin/Usermin Account Lockout Bypass Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108737059313829\u0026w=2"
},
{
"name": "GLSA-200406-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200406-15.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.webmin.com/changes-1.150.html"
},
{
"name": "GLSA-200406-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200406-12.xml"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/75_e.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0583",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The account lockout functionality in (1) Webmin 1.140 and (2) Usermin 1.070 does not parse certain character strings, which allows remote attackers to conduct a brute force attack to guess user IDs and passwords."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "10474",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10474"
},
{
"name": "DSA-526",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-526"
},
{
"name": "webmin-username-password-dos(16334)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16334"
},
{
"name": "10523",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10523"
},
{
"name": "MDKSA-2004:074",
"refsource": "MANDRAKE",
"url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:074"
},
{
"name": "20040611 [SNS Advisory No.75] Webmin/Usermin Account Lockout Bypass Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108737059313829\u0026w=2"
},
{
"name": "GLSA-200406-15",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200406-15.xml"
},
{
"name": "http://www.webmin.com/changes-1.150.html",
"refsource": "CONFIRM",
"url": "http://www.webmin.com/changes-1.150.html"
},
{
"name": "GLSA-200406-12",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200406-12.xml"
},
{
"name": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/75_e.html",
"refsource": "MISC",
"url": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/75_e.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0583",
"datePublished": "2004-06-23T04:00:00",
"dateReserved": "2004-06-18T00:00:00",
"dateUpdated": "2024-08-08T00:24:26.063Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-17089 (GCVE-0-2017-17089)
Vulnerability from cvelistv5
Published
2017-12-30 17:00
Modified
2024-08-05 20:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
custom/run.cgi in Webmin before 1.870 allows remote authenticated administrators to conduct XSS attacks via the description field in the custom command functionality.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:43:59.825Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "102339",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102339"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/webmin/webmin/commit/a9c97eea6c268fb83d93a817d58bac75e0d2599e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-12-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "custom/run.cgi in Webmin before 1.870 allows remote authenticated administrators to conduct XSS attacks via the description field in the custom command functionality."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-03T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "102339",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102339"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/webmin/webmin/commit/a9c97eea6c268fb83d93a817d58bac75e0d2599e"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17089",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "custom/run.cgi in Webmin before 1.870 allows remote authenticated administrators to conduct XSS attacks via the description field in the custom command functionality."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102339",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102339"
},
{
"name": "https://github.com/webmin/webmin/commit/a9c97eea6c268fb83d93a817d58bac75e0d2599e",
"refsource": "CONFIRM",
"url": "https://github.com/webmin/webmin/commit/a9c97eea6c268fb83d93a817d58bac75e0d2599e"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-17089",
"datePublished": "2017-12-30T17:00:00",
"dateReserved": "2017-12-01T00:00:00",
"dateUpdated": "2024-08-05T20:43:59.825Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-40985 (GCVE-0-2023-40985)
Vulnerability from cvelistv5
Published
2023-09-15 00:00
Modified
2024-09-25 15:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Webmin 2.100. The File Manager functionality allows an attacker to exploit a Cross-Site Scripting (XSS) vulnerability. By providing a malicious payload, an attacker can inject arbitrary code, which is then executed within the context of the victim's browser when any file is searched/replaced.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:46:11.503Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://webmin.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Vi39/Webmin-2.100/blob/main/CVE-2023-40985"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40985",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T15:36:11.791675Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T15:36:46.617Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Webmin 2.100. The File Manager functionality allows an attacker to exploit a Cross-Site Scripting (XSS) vulnerability. By providing a malicious payload, an attacker can inject arbitrary code, which is then executed within the context of the victim\u0027s browser when any file is searched/replaced."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-15T00:35:18.399295",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://webmin.com"
},
{
"url": "https://github.com/Vi39/Webmin-2.100/blob/main/CVE-2023-40985"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-40985",
"datePublished": "2023-09-15T00:00:00",
"dateReserved": "2023-08-22T00:00:00",
"dateUpdated": "2024-09-25T15:36:46.617Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1468 (GCVE-0-2004-1468)
Vulnerability from cvelistv5
Published
2005-02-13 05:00
Modified
2024-08-08 00:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The web mail functionality in Usermin 1.x and Webmin 1.x allows remote attackers to execute arbitrary commands via shell metacharacters in an e-mail message.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:53:23.804Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "11122",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11122"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/77_e.html"
},
{
"name": "12488",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12488/"
},
{
"name": "GLSA-200409-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-15.xml"
},
{
"name": "usermin-web-mail-command-execution(17293)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17293"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-09-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The web mail functionality in Usermin 1.x and Webmin 1.x allows remote attackers to execute arbitrary commands via shell metacharacters in an e-mail message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "11122",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11122"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/77_e.html"
},
{
"name": "12488",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12488/"
},
{
"name": "GLSA-200409-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-15.xml"
},
{
"name": "usermin-web-mail-command-execution(17293)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17293"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1468",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web mail functionality in Usermin 1.x and Webmin 1.x allows remote attackers to execute arbitrary commands via shell metacharacters in an e-mail message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11122",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11122"
},
{
"name": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/77_e.html",
"refsource": "MISC",
"url": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/77_e.html"
},
{
"name": "12488",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12488/"
},
{
"name": "GLSA-200409-15",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-15.xml"
},
{
"name": "usermin-web-mail-command-execution(17293)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17293"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1468",
"datePublished": "2005-02-13T05:00:00",
"dateReserved": "2005-02-13T00:00:00",
"dateUpdated": "2024-08-08T00:53:23.804Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32158 (GCVE-0-2021-32158)
Vulnerability from cvelistv5
Published
2022-04-11 05:40
Modified
2024-08-03 23:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via the Upload and Download feature.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:17:29.367Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Mesh3l911/CVE-2021-32158"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via the Upload and Download feature."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-11T05:40:27",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Mesh3l911/CVE-2021-32158"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-32158",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via the Upload and Download feature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Mesh3l911/CVE-2021-32158",
"refsource": "MISC",
"url": "https://github.com/Mesh3l911/CVE-2021-32158"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-32158",
"datePublished": "2022-04-11T05:40:27",
"dateReserved": "2021-05-07T00:00:00",
"dateUpdated": "2024-08-03T23:17:29.367Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-1672 (GCVE-0-2002-1672)
Vulnerability from cvelistv5
Published
2005-06-21 04:00
Modified
2024-08-08 03:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Webmin 0.92, when installed from an RPM, creates /var/webmin with insecure permissions (world readable), which could allow local users to read the root user's cookie-based authentication credentials and possibly hijack the root user's session using the credentials.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:34:55.701Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.webmin.com/changes.html"
},
{
"name": "4328",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4328"
},
{
"name": "webmin-directory-permissions(8595)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8595"
},
{
"name": "20020320 Local privalege escalation issues with Webmin 0.92",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/263181"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-03-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Webmin 0.92, when installed from an RPM, creates /var/webmin with insecure permissions (world readable), which could allow local users to read the root user\u0027s cookie-based authentication credentials and possibly hijack the root user\u0027s session using the credentials."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.webmin.com/changes.html"
},
{
"name": "4328",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4328"
},
{
"name": "webmin-directory-permissions(8595)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8595"
},
{
"name": "20020320 Local privalege escalation issues with Webmin 0.92",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/263181"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1672",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Webmin 0.92, when installed from an RPM, creates /var/webmin with insecure permissions (world readable), which could allow local users to read the root user\u0027s cookie-based authentication credentials and possibly hijack the root user\u0027s session using the credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.webmin.com/changes.html",
"refsource": "CONFIRM",
"url": "http://www.webmin.com/changes.html"
},
{
"name": "4328",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4328"
},
{
"name": "webmin-directory-permissions(8595)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8595"
},
{
"name": "20020320 Local privalege escalation issues with Webmin 0.92",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/263181"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1672",
"datePublished": "2005-06-21T04:00:00",
"dateReserved": "2005-06-21T00:00:00",
"dateUpdated": "2024-08-08T03:34:55.701Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-41155 (GCVE-0-2023-41155)
Vulnerability from cvelistv5
Published
2023-09-13 00:00
Modified
2024-09-25 20:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A Stored Cross-Site Scripting (XSS) vulnerability in the mail forwarding and replies tab in Webmin and Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the forward to field while creating a mail forwarding rule.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:54:04.491Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://webmin.com/tags/webmin-changelog/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/shindeanik/Usermin-2.000/blob/main/CVE-2023-41155"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41155",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T20:39:47.299305Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T20:39:56.424Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Stored Cross-Site Scripting (XSS) vulnerability in the mail forwarding and replies tab in Webmin and Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the forward to field while creating a mail forwarding rule."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-13T21:41:29.263678",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://webmin.com/tags/webmin-changelog/"
},
{
"url": "https://github.com/shindeanik/Usermin-2.000/blob/main/CVE-2023-41155"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-41155",
"datePublished": "2023-09-13T00:00:00",
"dateReserved": "2023-08-24T00:00:00",
"dateUpdated": "2024-09-25T20:39:56.424Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8821 (GCVE-0-2020-8821)
Vulnerability from cvelistv5
Published
2020-10-12 15:54
Modified
2024-08-04 10:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An Improper Data Validation Vulnerability exists in Webmin 1.941 and earlier affecting the Command Shell Endpoint. A user may enter HTML code into the Command field and submit it. Then, after visiting the Action Logs Menu and displaying logs, the HTML code will be rendered (however, JavaScript is not executed). Changes are kept across users.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:12:10.584Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.webmin.com/security.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-10-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An Improper Data Validation Vulnerability exists in Webmin 1.941 and earlier affecting the Command Shell Endpoint. A user may enter HTML code into the Command field and submit it. Then, after visiting the Action Logs Menu and displaying logs, the HTML code will be rendered (however, JavaScript is not executed). Changes are kept across users."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-12T15:54:34",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.webmin.com/security.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-8821",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Improper Data Validation Vulnerability exists in Webmin 1.941 and earlier affecting the Command Shell Endpoint. A user may enter HTML code into the Command field and submit it. Then, after visiting the Action Logs Menu and displaying logs, the HTML code will be rendered (however, JavaScript is not executed). Changes are kept across users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.webmin.com/security.html",
"refsource": "MISC",
"url": "https://www.webmin.com/security.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-8821",
"datePublished": "2020-10-12T15:54:34",
"dateReserved": "2020-02-10T00:00:00",
"dateUpdated": "2024-08-04T10:12:10.584Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-31762 (GCVE-0-2021-31762)
Vulnerability from cvelistv5
Published
2021-04-25 18:32
Modified
2024-08-03 23:03
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to create a privileged user through Webmin's add users feature, and then get a reverse shell through Webmin's running process feature.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:03:33.704Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/webmin/webmin"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://youtu.be/qCvEXwyaF5U"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Mesh3l911/CVE-2021-31762"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/electronicbots/CVE-2021-31762"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/163492/Webmin-1.973-Cross-Site-Request-Forgery.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to create a privileged user through Webmin\u0027s add users feature, and then get a reverse shell through Webmin\u0027s running process feature."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-14T16:06:16",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/webmin/webmin"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://youtu.be/qCvEXwyaF5U"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Mesh3l911/CVE-2021-31762"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/electronicbots/CVE-2021-31762"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/163492/Webmin-1.973-Cross-Site-Request-Forgery.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-31762",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to create a privileged user through Webmin\u0027s add users feature, and then get a reverse shell through Webmin\u0027s running process feature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/webmin/webmin",
"refsource": "MISC",
"url": "https://github.com/webmin/webmin"
},
{
"name": "https://youtu.be/qCvEXwyaF5U",
"refsource": "MISC",
"url": "https://youtu.be/qCvEXwyaF5U"
},
{
"name": "https://github.com/Mesh3l911/CVE-2021-31762",
"refsource": "MISC",
"url": "https://github.com/Mesh3l911/CVE-2021-31762"
},
{
"name": "https://github.com/electronicbots/CVE-2021-31762",
"refsource": "MISC",
"url": "https://github.com/electronicbots/CVE-2021-31762"
},
{
"name": "http://packetstormsecurity.com/files/163492/Webmin-1.973-Cross-Site-Request-Forgery.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/163492/Webmin-1.973-Cross-Site-Request-Forgery.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-31762",
"datePublished": "2021-04-25T18:32:12",
"dateReserved": "2021-04-23T00:00:00",
"dateUpdated": "2024-08-03T23:03:33.704Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4542 (GCVE-0-2006-4542)
Vulnerability from cvelistv5
Published
2006-09-05 23:00
Modified
2024-08-07 19:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Webmin before 1.296 and Usermin before 1.226 do not properly handle a URL with a null ("%00") character, which allows remote attackers to conduct cross-site scripting (XSS), read CGI program source code, list directories, and possibly execute programs.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:14:47.503Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#99776858",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/jp/JVN%2399776858/index.html"
},
{
"name": "19820",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19820"
},
{
"name": "22114",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22114"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/89_e.html"
},
{
"name": "ADV-2006-3424",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3424"
},
{
"name": "21690",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21690"
},
{
"name": "DSA-1199",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1199"
},
{
"name": "28338",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/28338"
},
{
"name": "22087",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22087"
},
{
"name": "28337",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/28337"
},
{
"name": "MDKSA-2006:170",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:170"
},
{
"name": "1016776",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016776"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://webmin.com/security.html"
},
{
"name": "22556",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22556"
},
{
"name": "1016777",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016777"
},
{
"name": "webmin-usermin-source-disclosure(28699)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28699"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Webmin before 1.296 and Usermin before 1.226 do not properly handle a URL with a null (\"%00\") character, which allows remote attackers to conduct cross-site scripting (XSS), read CGI program source code, list directories, and possibly execute programs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "JVN#99776858",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/jp/JVN%2399776858/index.html"
},
{
"name": "19820",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19820"
},
{
"name": "22114",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22114"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/89_e.html"
},
{
"name": "ADV-2006-3424",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3424"
},
{
"name": "21690",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21690"
},
{
"name": "DSA-1199",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1199"
},
{
"name": "28338",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/28338"
},
{
"name": "22087",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22087"
},
{
"name": "28337",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/28337"
},
{
"name": "MDKSA-2006:170",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:170"
},
{
"name": "1016776",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016776"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://webmin.com/security.html"
},
{
"name": "22556",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22556"
},
{
"name": "1016777",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016777"
},
{
"name": "webmin-usermin-source-disclosure(28699)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28699"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4542",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Webmin before 1.296 and Usermin before 1.226 do not properly handle a URL with a null (\"%00\") character, which allows remote attackers to conduct cross-site scripting (XSS), read CGI program source code, list directories, and possibly execute programs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#99776858",
"refsource": "JVN",
"url": "http://jvn.jp/jp/JVN%2399776858/index.html"
},
{
"name": "19820",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19820"
},
{
"name": "22114",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22114"
},
{
"name": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/89_e.html",
"refsource": "MISC",
"url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/89_e.html"
},
{
"name": "ADV-2006-3424",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3424"
},
{
"name": "21690",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21690"
},
{
"name": "DSA-1199",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1199"
},
{
"name": "28338",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28338"
},
{
"name": "22087",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22087"
},
{
"name": "28337",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28337"
},
{
"name": "MDKSA-2006:170",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:170"
},
{
"name": "1016776",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016776"
},
{
"name": "http://webmin.com/security.html",
"refsource": "CONFIRM",
"url": "http://webmin.com/security.html"
},
{
"name": "22556",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22556"
},
{
"name": "1016777",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016777"
},
{
"name": "webmin-usermin-source-disclosure(28699)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28699"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4542",
"datePublished": "2006-09-05T23:00:00",
"dateReserved": "2006-09-05T00:00:00",
"dateUpdated": "2024-08-07T19:14:47.503Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-1177 (GCVE-0-2005-1177)
Vulnerability from cvelistv5
Published
2005-04-19 04:00
Modified
2024-08-07 21:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unknown vulnerability in (1) Webmin and (2) Usermin before 1.200 causes Webmin to change permissions and ownership of configuration files, with unknown impact.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:44:05.268Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.webmin.com/changes.html"
},
{
"name": "1013723",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1013723"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.webmin.com/uchanges.html"
},
{
"name": "webmin-config-file-permissions(20607)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20607"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-04-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unknown vulnerability in (1) Webmin and (2) Usermin before 1.200 causes Webmin to change permissions and ownership of configuration files, with unknown impact."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.webmin.com/changes.html"
},
{
"name": "1013723",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1013723"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.webmin.com/uchanges.html"
},
{
"name": "webmin-config-file-permissions(20607)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20607"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1177",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unknown vulnerability in (1) Webmin and (2) Usermin before 1.200 causes Webmin to change permissions and ownership of configuration files, with unknown impact."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.webmin.com/changes.html",
"refsource": "CONFIRM",
"url": "http://www.webmin.com/changes.html"
},
{
"name": "1013723",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013723"
},
{
"name": "http://www.webmin.com/uchanges.html",
"refsource": "CONFIRM",
"url": "http://www.webmin.com/uchanges.html"
},
{
"name": "webmin-config-file-permissions(20607)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20607"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1177",
"datePublished": "2005-04-19T04:00:00",
"dateReserved": "2005-04-19T00:00:00",
"dateUpdated": "2024-08-07T21:44:05.268Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-2360 (GCVE-0-2002-2360)
Vulnerability from cvelistv5
Published
2007-10-29 19:00
Modified
2024-09-17 02:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The RPC module in Webmin 0.21 through 0.99, when installed without root or admin privileges, allows remote attackers to read and write to arbitrary files and execute arbitrary commands via remote_foreign_require and remote_foreign_call requests.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:59:11.950Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "5591",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5591"
},
{
"name": "20020828 Webmin Vulnerability Leads to Remote Compromise (RPC CGI)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2002-08/0403.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securiteam.com/unixfocus/5CP0R1P80G.html"
},
{
"name": "webmin-cgi-improper-permissions(9983)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9983.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The RPC module in Webmin 0.21 through 0.99, when installed without root or admin privileges, allows remote attackers to read and write to arbitrary files and execute arbitrary commands via remote_foreign_require and remote_foreign_call requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-10-29T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "5591",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5591"
},
{
"name": "20020828 Webmin Vulnerability Leads to Remote Compromise (RPC CGI)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2002-08/0403.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securiteam.com/unixfocus/5CP0R1P80G.html"
},
{
"name": "webmin-cgi-improper-permissions(9983)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9983.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2360",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The RPC module in Webmin 0.21 through 0.99, when installed without root or admin privileges, allows remote attackers to read and write to arbitrary files and execute arbitrary commands via remote_foreign_require and remote_foreign_call requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "5591",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5591"
},
{
"name": "20020828 Webmin Vulnerability Leads to Remote Compromise (RPC CGI)",
"refsource": "BUGTRAQ",
"url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2002-08/0403.html"
},
{
"name": "http://www.securiteam.com/unixfocus/5CP0R1P80G.html",
"refsource": "MISC",
"url": "http://www.securiteam.com/unixfocus/5CP0R1P80G.html"
},
{
"name": "webmin-cgi-improper-permissions(9983)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9983.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-2360",
"datePublished": "2007-10-29T19:00:00Z",
"dateReserved": "2007-10-29T00:00:00Z",
"dateUpdated": "2024-09-17T02:21:10.252Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1937 (GCVE-0-2011-1937)
Vulnerability from cvelistv5
Published
2011-05-31 20:00
Modified
2024-08-06 22:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in Webmin 1.540 and earlier allows local users to inject arbitrary web script or HTML via a chfn command that changes the real (aka Full Name) field, related to useradmin/index.cgi and useradmin/user-lib.pl.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:46:00.806Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20110524 Re: CVE Request: Webmin Local Privilege Escalation Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/05/24/7"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.youtube.com/watch?v=CUO7JLIGUf0"
},
{
"name": "1025438",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1025438"
},
{
"name": "20110424 XSS in Webmin 1.540 + exploit for privilege escalation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/517658"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/webmin/webmin/commit/46e3d3ad195dcdc1af1795c96b6e0dc778fb6881"
},
{
"name": "[oss-security] 20110522 CVE Request: Webmin Local Privilege Escalation Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/05/22/1"
},
{
"name": "MDVSA-2011:109",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:109"
},
{
"name": "8264",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8264"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://javierb.com.ar/2011/04/24/xss-webmin-1-540/"
},
{
"name": "47558",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/47558"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-04-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Webmin 1.540 and earlier allows local users to inject arbitrary web script or HTML via a chfn command that changes the real (aka Full Name) field, related to useradmin/index.cgi and useradmin/user-lib.pl."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-07T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20110524 Re: CVE Request: Webmin Local Privilege Escalation Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/05/24/7"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.youtube.com/watch?v=CUO7JLIGUf0"
},
{
"name": "1025438",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1025438"
},
{
"name": "20110424 XSS in Webmin 1.540 + exploit for privilege escalation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/517658"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/webmin/webmin/commit/46e3d3ad195dcdc1af1795c96b6e0dc778fb6881"
},
{
"name": "[oss-security] 20110522 CVE Request: Webmin Local Privilege Escalation Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/05/22/1"
},
{
"name": "MDVSA-2011:109",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:109"
},
{
"name": "8264",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8264"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://javierb.com.ar/2011/04/24/xss-webmin-1-540/"
},
{
"name": "47558",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/47558"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-1937",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Webmin 1.540 and earlier allows local users to inject arbitrary web script or HTML via a chfn command that changes the real (aka Full Name) field, related to useradmin/index.cgi and useradmin/user-lib.pl."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110524 Re: CVE Request: Webmin Local Privilege Escalation Vulnerability",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/05/24/7"
},
{
"name": "http://www.youtube.com/watch?v=CUO7JLIGUf0",
"refsource": "MISC",
"url": "http://www.youtube.com/watch?v=CUO7JLIGUf0"
},
{
"name": "1025438",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025438"
},
{
"name": "20110424 XSS in Webmin 1.540 + exploit for privilege escalation",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/517658"
},
{
"name": "https://github.com/webmin/webmin/commit/46e3d3ad195dcdc1af1795c96b6e0dc778fb6881",
"refsource": "CONFIRM",
"url": "https://github.com/webmin/webmin/commit/46e3d3ad195dcdc1af1795c96b6e0dc778fb6881"
},
{
"name": "[oss-security] 20110522 CVE Request: Webmin Local Privilege Escalation Vulnerability",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/05/22/1"
},
{
"name": "MDVSA-2011:109",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:109"
},
{
"name": "8264",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8264"
},
{
"name": "http://javierb.com.ar/2011/04/24/xss-webmin-1-540/",
"refsource": "MISC",
"url": "http://javierb.com.ar/2011/04/24/xss-webmin-1-540/"
},
{
"name": "47558",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47558"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-1937",
"datePublished": "2011-05-31T20:00:00",
"dateReserved": "2011-05-09T00:00:00",
"dateUpdated": "2024-08-06T22:46:00.806Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1276 (GCVE-0-2007-1276)
Vulnerability from cvelistv5
Published
2007-03-05 20:00
Modified
2024-08-07 12:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in chooser.cgi in Webmin before 1.330 and Usermin before 1.260 allow remote attackers to inject arbitrary web script or HTML via a crafted filename.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:50:34.879Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.webmin.com/security.html"
},
{
"name": "33832",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/33832"
},
{
"name": "24321",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24321"
},
{
"name": "ADV-2007-0780",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0780"
},
{
"name": "1017711",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017711"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.webmin.com/changes-1.330.html"
},
{
"name": "webmin-chooser-xss(32725)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32725"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-02-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in chooser.cgi in Webmin before 1.330 and Usermin before 1.260 allow remote attackers to inject arbitrary web script or HTML via a crafted filename."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.webmin.com/security.html"
},
{
"name": "33832",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/33832"
},
{
"name": "24321",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24321"
},
{
"name": "ADV-2007-0780",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0780"
},
{
"name": "1017711",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017711"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.webmin.com/changes-1.330.html"
},
{
"name": "webmin-chooser-xss(32725)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32725"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1276",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in chooser.cgi in Webmin before 1.330 and Usermin before 1.260 allow remote attackers to inject arbitrary web script or HTML via a crafted filename."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.webmin.com/security.html",
"refsource": "CONFIRM",
"url": "http://www.webmin.com/security.html"
},
{
"name": "33832",
"refsource": "OSVDB",
"url": "http://osvdb.org/33832"
},
{
"name": "24321",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24321"
},
{
"name": "ADV-2007-0780",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0780"
},
{
"name": "1017711",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017711"
},
{
"name": "http://www.webmin.com/changes-1.330.html",
"refsource": "CONFIRM",
"url": "http://www.webmin.com/changes-1.330.html"
},
{
"name": "webmin-chooser-xss(32725)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32725"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1276",
"datePublished": "2007-03-05T20:00:00",
"dateReserved": "2007-03-05T00:00:00",
"dateUpdated": "2024-08-07T12:50:34.879Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-19191 (GCVE-0-2018-19191)
Vulnerability from cvelistv5
Published
2019-03-17 21:27
Modified
2024-08-05 11:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Webmin 1.890 has XSS via /config.cgi?webmin, the /shell/index.cgi history parameter, /shell/index.cgi?stripped=1, or the /webminlog/search.cgi uall or mall parameter.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:30:04.199Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/151144/Webmin-1.890-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.webmin.com/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-01-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Webmin 1.890 has XSS via /config.cgi?webmin, the /shell/index.cgi history parameter, /shell/index.cgi?stripped=1, or the /webminlog/search.cgi uall or mall parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-17T21:27:18",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/151144/Webmin-1.890-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.webmin.com/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19191",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Webmin 1.890 has XSS via /config.cgi?webmin, the /shell/index.cgi history parameter, /shell/index.cgi?stripped=1, or the /webminlog/search.cgi uall or mall parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/151144/Webmin-1.890-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/151144/Webmin-1.890-Cross-Site-Scripting.html"
},
{
"name": "http://www.webmin.com/index.html",
"refsource": "CONFIRM",
"url": "http://www.webmin.com/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-19191",
"datePublished": "2019-03-17T21:27:18",
"dateReserved": "2018-11-11T00:00:00",
"dateUpdated": "2024-08-05T11:30:04.199Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-12670 (GCVE-0-2020-12670)
Vulnerability from cvelistv5
Published
2020-10-12 15:56
Modified
2024-08-04 12:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
XSS exists in Webmin 1.941 and earlier affecting the Save function of the Read User Email Module / mailboxes Endpoint when attempting to save HTML emails. This module parses any output without sanitizing SCRIPT elements, as opposed to the View function, which sanitizes the input correctly. A malicious user can send any JavaScript payload into the message body and execute it if the user decides to save that email.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:04:22.560Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.webmin.com/security.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-10-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XSS exists in Webmin 1.941 and earlier affecting the Save function of the Read User Email Module / mailboxes Endpoint when attempting to save HTML emails. This module parses any output without sanitizing SCRIPT elements, as opposed to the View function, which sanitizes the input correctly. A malicious user can send any JavaScript payload into the message body and execute it if the user decides to save that email."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-12T15:56:28",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.webmin.com/security.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-12670",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XSS exists in Webmin 1.941 and earlier affecting the Save function of the Read User Email Module / mailboxes Endpoint when attempting to save HTML emails. This module parses any output without sanitizing SCRIPT elements, as opposed to the View function, which sanitizes the input correctly. A malicious user can send any JavaScript payload into the message body and execute it if the user decides to save that email."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.webmin.com/security.html",
"refsource": "CONFIRM",
"url": "https://www.webmin.com/security.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-12670",
"datePublished": "2020-10-12T15:56:28",
"dateReserved": "2020-05-06T00:00:00",
"dateUpdated": "2024-08-04T12:04:22.560Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38303 (GCVE-0-2023-38303)
Vulnerability from cvelistv5
Published
2023-07-31 00:00
Modified
2024-10-22 18:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Webmin 2.021. One can exploit a stored Cross-Site Scripting (XSS) attack to achieve Remote Command Execution (RCE) through the Users and Group's real name parameter.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:39:12.243Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://webmin.com/tags/webmin-changelog/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38303"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38303",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T18:00:21.153709Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T18:00:29.020Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Webmin 2.021. One can exploit a stored Cross-Site Scripting (XSS) attack to achieve Remote Command Execution (RCE) through the Users and Group\u0027s real name parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-31T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://webmin.com/tags/webmin-changelog/"
},
{
"url": "https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38303"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-38303",
"datePublished": "2023-07-31T00:00:00",
"dateReserved": "2023-07-14T00:00:00",
"dateUpdated": "2024-10-22T18:00:29.020Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0559 (GCVE-0-2004-0559)
Vulnerability from cvelistv5
Published
2004-09-24 04:00
Modified
2024-08-08 00:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The maketemp.pl script in Usermin 1.070 and 1.080 allows local users to overwrite arbitrary files at install time via a symlink attack on the /tmp/.usermin directory.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:24:25.802Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.webmin.com/uchanges-1.089.html"
},
{
"name": "11153",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11153"
},
{
"name": "12488",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12488/"
},
{
"name": "GLSA-200409-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-15.xml"
},
{
"name": "usermin-installation-unspecified(17299)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17299"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-09-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The maketemp.pl script in Usermin 1.070 and 1.080 allows local users to overwrite arbitrary files at install time via a symlink attack on the /tmp/.usermin directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.webmin.com/uchanges-1.089.html"
},
{
"name": "11153",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11153"
},
{
"name": "12488",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12488/"
},
{
"name": "GLSA-200409-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-15.xml"
},
{
"name": "usermin-installation-unspecified(17299)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17299"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0559",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The maketemp.pl script in Usermin 1.070 and 1.080 allows local users to overwrite arbitrary files at install time via a symlink attack on the /tmp/.usermin directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.webmin.com/uchanges-1.089.html",
"refsource": "CONFIRM",
"url": "http://www.webmin.com/uchanges-1.089.html"
},
{
"name": "11153",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11153"
},
{
"name": "12488",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12488/"
},
{
"name": "GLSA-200409-15",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-15.xml"
},
{
"name": "usermin-installation-unspecified(17299)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17299"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0559",
"datePublished": "2004-09-24T04:00:00",
"dateReserved": "2004-06-14T00:00:00",
"dateUpdated": "2024-08-08T00:24:25.802Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-8712 (GCVE-0-2018-8712)
Vulnerability from cvelistv5
Published
2018-03-14 19:00
Modified
2024-09-17 00:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Webmin 1.840 and 1.880 when the default Yes setting of "Can view any file as a log file" is enabled. As a result of weak default configuration settings, limited users have full access rights to the underlying Unix system files, allowing the user to read sensitive data from the local system (using Local File Include) such as the '/etc/shadow' file via a "GET /syslog/save_log.cgi?view=1&file=/etc/shadow" request.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:02:26.020Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.7elements.co.uk/resources/technical-advisories/webmin-1-840-1-880-unrestricted-access-arbitrary-files-using-local-file-include/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Webmin 1.840 and 1.880 when the default Yes setting of \"Can view any file as a log file\" is enabled. As a result of weak default configuration settings, limited users have full access rights to the underlying Unix system files, allowing the user to read sensitive data from the local system (using Local File Include) such as the \u0027/etc/shadow\u0027 file via a \"GET /syslog/save_log.cgi?view=1\u0026file=/etc/shadow\" request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-14T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.7elements.co.uk/resources/technical-advisories/webmin-1-840-1-880-unrestricted-access-arbitrary-files-using-local-file-include/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8712",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Webmin 1.840 and 1.880 when the default Yes setting of \"Can view any file as a log file\" is enabled. As a result of weak default configuration settings, limited users have full access rights to the underlying Unix system files, allowing the user to read sensitive data from the local system (using Local File Include) such as the \u0027/etc/shadow\u0027 file via a \"GET /syslog/save_log.cgi?view=1\u0026file=/etc/shadow\" request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.7elements.co.uk/resources/technical-advisories/webmin-1-840-1-880-unrestricted-access-arbitrary-files-using-local-file-include/",
"refsource": "MISC",
"url": "https://www.7elements.co.uk/resources/technical-advisories/webmin-1-840-1-880-unrestricted-access-arbitrary-files-using-local-file-include/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-8712",
"datePublished": "2018-03-14T19:00:00Z",
"dateReserved": "2018-03-14T00:00:00Z",
"dateUpdated": "2024-09-17T00:37:20.145Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-38307 (GCVE-0-2023-38307)
Vulnerability from cvelistv5
Published
2023-07-31 00:00
Modified
2024-10-22 17:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the Users and Groups functionality. The vulnerability occurs when an authenticated user adds a new user and inserts an XSS payload into the user's real name.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:39:12.239Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://webmin.com/tags/webmin-changelog/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38307"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38307",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T17:50:31.767656Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T17:50:42.240Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the Users and Groups functionality. The vulnerability occurs when an authenticated user adds a new user and inserts an XSS payload into the user\u0027s real name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-31T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://webmin.com/tags/webmin-changelog/"
},
{
"url": "https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38307"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-38307",
"datePublished": "2023-07-31T00:00:00",
"dateReserved": "2023-07-14T00:00:00",
"dateUpdated": "2024-10-22T17:50:42.240Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15646 (GCVE-0-2017-15646)
Vulnerability from cvelistv5
Published
2017-10-19 22:00
Modified
2024-09-17 00:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Webmin before 1.860 has XSS with resultant remote code execution. Under the 'Others/File Manager' menu, there is a 'Download from remote URL' option to download a file from a remote server. After setting up a malicious server, one can wait for a file download request and then send an XSS payload that will lead to Remote Code Execution, as demonstrated by an OS command in the value attribute of a name='cmd' input element.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:57:27.458Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.webmin.com/security.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/webmin/webmin/commit/0c58892732ee7610a7abba5507614366d382c9c9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blogs.securiteam.com/index.php/archives/3430"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.webmin.com/changes.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Webmin before 1.860 has XSS with resultant remote code execution. Under the \u0027Others/File Manager\u0027 menu, there is a \u0027Download from remote URL\u0027 option to download a file from a remote server. After setting up a malicious server, one can wait for a file download request and then send an XSS payload that will lead to Remote Code Execution, as demonstrated by an OS command in the value attribute of a name=\u0027cmd\u0027 input element."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-19T22:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.webmin.com/security.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/webmin/webmin/commit/0c58892732ee7610a7abba5507614366d382c9c9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blogs.securiteam.com/index.php/archives/3430"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.webmin.com/changes.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15646",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Webmin before 1.860 has XSS with resultant remote code execution. Under the \u0027Others/File Manager\u0027 menu, there is a \u0027Download from remote URL\u0027 option to download a file from a remote server. After setting up a malicious server, one can wait for a file download request and then send an XSS payload that will lead to Remote Code Execution, as demonstrated by an OS command in the value attribute of a name=\u0027cmd\u0027 input element."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.webmin.com/security.html",
"refsource": "MISC",
"url": "http://www.webmin.com/security.html"
},
{
"name": "https://github.com/webmin/webmin/commit/0c58892732ee7610a7abba5507614366d382c9c9",
"refsource": "MISC",
"url": "https://github.com/webmin/webmin/commit/0c58892732ee7610a7abba5507614366d382c9c9"
},
{
"name": "https://blogs.securiteam.com/index.php/archives/3430",
"refsource": "MISC",
"url": "https://blogs.securiteam.com/index.php/archives/3430"
},
{
"name": "http://www.webmin.com/changes.html",
"refsource": "MISC",
"url": "http://www.webmin.com/changes.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15646",
"datePublished": "2017-10-19T22:00:00Z",
"dateReserved": "2017-10-19T00:00:00Z",
"dateUpdated": "2024-09-17T00:11:41.559Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2007-06-11 22:30
Modified
2025-04-09 00:30
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in pam_login.cgi in Webmin before 1.350 and Usermin before 1.280 allow remote attackers to inject arbitrary web script or HTML via the (1) cid, (2) message, or (3) question parameter. NOTE: some of these details are obtained from third party information.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://osvdb.org/36932 | ||
| cve@mitre.org | http://secunia.com/advisories/25580 | Patch, Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/25785 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/25956 | Vendor Advisory | |
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-200707-05.xml | ||
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDKSA-2007:135 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/24381 | Patch | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2007/2117 | Vendor Advisory | |
| cve@mitre.org | http://www.webmin.com/changes-1.350.html | ||
| cve@mitre.org | http://www.webmin.com/security.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/36932 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/25580 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/25785 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/25956 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200707-05.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDKSA-2007:135 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/24381 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/2117 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.webmin.com/changes-1.350.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.webmin.com/security.html |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:usermin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DD9A726E-9D24-40A5-A82A-B7D1B4EE3677",
"versionEndIncluding": "1.280",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E60E962F-8A39-481D-B272-BEA4A2E02A99",
"versionEndIncluding": "1.340",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in pam_login.cgi in Webmin before 1.350 and Usermin before 1.280 allow remote attackers to inject arbitrary web script or HTML via the (1) cid, (2) message, or (3) question parameter. NOTE: some of these details are obtained from third party information."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de tipo cross-site scripting (XSS) en el archivo pam_login.cgi en webmin versiones anteriores a 1.350 y Usermin versiones anteriores a 1.280, permiten a atacantes remotos inyectar script web o HTML arbitrario por medio del par\u00e1metro (1) cid, (2) message o (3) question. NOTA: algunos de estos datos son obtenidos a partir de la informaci\u00f3n de terceros."
}
],
"id": "CVE-2007-3156",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-06-11T22:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/36932"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25580"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25785"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25956"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200707-05.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:135"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/24381"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/2117"
},
{
"source": "cve@mitre.org",
"url": "http://www.webmin.com/changes-1.350.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.webmin.com/security.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/36932"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25580"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25785"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25956"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200707-05.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:135"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/24381"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/2117"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.webmin.com/changes-1.350.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.webmin.com/security.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-11 06:15
Modified
2024-11-21 06:06
Severity ?
Summary
A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via the Scheduled Cron Jobs feature.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Mesh3l911/CVE-2021-32157 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Mesh3l911/CVE-2021-32157 | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:1.973:*:*:*:*:*:*:*",
"matchCriteriaId": "36AF9E26-A663-4BCE-AD76-CABD6DA36B66",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via the Scheduled Cron Jobs feature."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de tipo Cross-Site Scripting (XSS) en Webmin versi\u00f3n 1.973, por medio de la funcionalidad Scheduled Cron Jobs"
}
],
"id": "CVE-2021-32157",
"lastModified": "2024-11-21T06:06:52.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-11T06:15:08.290",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Mesh3l911/CVE-2021-32157"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Mesh3l911/CVE-2021-32157"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-02-12 02:00
Modified
2025-04-09 00:30
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Webmin 1.370 and 1.390 and Usermin 1.300 and 1.320 allows remote attackers to inject arbitrary web script or HTML via the search parameter to webmin_search.cgi (aka the search section), and possibly other components accessed through a "search box" or "open file box." NOTE: some of these details are obtained from third party information.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://forum.aria-security.net/showthread.php?t=511 | ||
| cve@mitre.org | http://secunia.com/advisories/28827 | Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/archive/1/487656/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/487678/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/27662 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2008/0450 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://forum.aria-security.net/showthread.php?t=511 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/28827 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/487656/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/487678/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/27662 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/0450 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:usermin:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "74E28AB1-D60A-4CFC-9133-552B7AA12D8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:usermin:1.32:*:*:*:*:*:*:*",
"matchCriteriaId": "06EBBDAA-05C2-4CFD-AC36-A24E5A768B09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.370:*:*:*:*:*:*:*",
"matchCriteriaId": "E948F223-D365-4D5B-9C2B-FB064F8DC00B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.390:*:*:*:*:*:*:*",
"matchCriteriaId": "2B767E9C-D321-4972-BF7A-B5E62956D6CD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Webmin 1.370 and 1.390 and Usermin 1.300 and 1.320 allows remote attackers to inject arbitrary web script or HTML via the search parameter to webmin_search.cgi (aka the search section), and possibly other components accessed through a \"search box\" or \"open file box.\" NOTE: some of these details are obtained from third party information."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Webmin 1.370 y 1.390 y Usermin 1.300 y 1.320. Permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del par\u00e1metro de b\u00fasqueda a webmin_search.cgi (tambi\u00e9n conocido como la secci\u00f3n de b\u00fasqueda) y posiblemente otros componentes accedidos a trav\u00e9s de una \"caja de b\u00fasqueda\" o \"caja de archivo abierto\". NOTA: algunos de estos detalles se han obtenido de informaci\u00f3n de terceros."
}
],
"id": "CVE-2008-0720",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-02-12T02:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://forum.aria-security.net/showthread.php?t=511"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28827"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/487656/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/487678/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/27662"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0450"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://forum.aria-security.net/showthread.php?t=511"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28827"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/487656/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/487678/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/27662"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0450"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-11 06:15
Modified
2024-11-21 06:06
Severity ?
Summary
A Cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 via the Upload and Download feature.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Mesh3l911/CVE-2021-32159 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Mesh3l911/CVE-2021-32159 | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:1.973:*:*:*:*:*:*:*",
"matchCriteriaId": "36AF9E26-A663-4BCE-AD76-CABD6DA36B66",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 via the Upload and Download feature."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de tipo Cross-site request forgery (CSRF) en Webmin versi\u00f3n 1.973, por medio de la funcionalidad Upload and Download"
}
],
"id": "CVE-2021-32159",
"lastModified": "2024-11-21T06:06:53.143",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-11T06:15:08.393",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Mesh3l911/CVE-2021-32159"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Mesh3l911/CVE-2021-32159"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-11-30 11:03
Modified
2025-04-03 01:03
Severity ?
Summary
Format string vulnerability in miniserv.pl Perl web server in Webmin before 1.250 and Usermin before 1.180, with syslog logging enabled, allows remote attackers to cause a denial of service (crash or memory consumption) and possibly execute arbitrary code via format string specifiers in the username parameter to the login form, which is ultimately used in a syslog call. NOTE: the code execution might be associated with an issue in Perl.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.immunitysec.com/pipermail/dailydave/2005-November/002685.html | Patch, Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/17749 | Patch, Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/17817 | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/17878 | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/17942 | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/18101 | Third Party Advisory | |
| cve@mitre.org | http://secunia.com/advisories/22556 | Third Party Advisory | |
| cve@mitre.org | http://www.debian.org/security/2006/dsa-1199 | Third Party Advisory | |
| cve@mitre.org | http://www.dyadsecurity.com/webmin-0001.html | Patch, Third Party Advisory | |
| cve@mitre.org | http://www.gentoo.org/security/en/glsa/glsa-200512-02.xml | Third Party Advisory | |
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDKSA-2005:223 | Third Party Advisory | |
| cve@mitre.org | http://www.novell.com/linux/security/advisories/2005_30_sr.html | Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/archive/1/418093/100/0/threaded | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2005/2660 | Third Party Advisory | |
| cve@mitre.org | http://www.webmin.com/changes-1.250.html | Vendor Advisory | |
| cve@mitre.org | http://www.webmin.com/security.html | Vendor Advisory | |
| cve@mitre.org | http://www.webmin.com/uchanges-1.180.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.immunitysec.com/pipermail/dailydave/2005-November/002685.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/17749 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/17817 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/17878 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/17942 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/18101 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/22556 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2006/dsa-1199 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.dyadsecurity.com/webmin-0001.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.gentoo.org/security/en/glsa/glsa-200512-02.xml | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDKSA-2005:223 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.novell.com/linux/security/advisories/2005_30_sr.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/418093/100/0/threaded | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2005/2660 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.webmin.com/changes-1.250.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.webmin.com/security.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.webmin.com/uchanges-1.180.html | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52FDD9E6-97F7-48AB-ACB8-689E3470143C",
"versionEndExcluding": "1.180",
"versionStartIncluding": "1.100",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8A834E83-26D4-4B71-AE8B-46EF532464B0",
"versionEndExcluding": "1.250",
"versionStartIncluding": "1.200",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A2E0C1F8-31F5-4F61-9DF7-E49B43D3C873",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in miniserv.pl Perl web server in Webmin before 1.250 and Usermin before 1.180, with syslog logging enabled, allows remote attackers to cause a denial of service (crash or memory consumption) and possibly execute arbitrary code via format string specifiers in the username parameter to the login form, which is ultimately used in a syslog call. NOTE: the code execution might be associated with an issue in Perl."
}
],
"id": "CVE-2005-3912",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-11-30T11:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://lists.immunitysec.com/pipermail/dailydave/2005-November/002685.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/17749"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/17817"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/17878"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/17942"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/18101"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/22556"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2006/dsa-1199"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.dyadsecurity.com/webmin-0001.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-02.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:223"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.novell.com/linux/security/advisories/2005_30_sr.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/418093/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2005/2660"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.webmin.com/changes-1.250.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.webmin.com/security.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.webmin.com/uchanges-1.180.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://lists.immunitysec.com/pipermail/dailydave/2005-November/002685.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/17749"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/17817"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/17878"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/17942"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/18101"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/22556"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2006/dsa-1199"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.dyadsecurity.com/webmin-0001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-02.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:223"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.novell.com/linux/security/advisories/2005_30_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/418093/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2005/2660"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.webmin.com/changes-1.250.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.webmin.com/security.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.webmin.com/uchanges-1.180.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-19 22:29
Modified
2025-04-20 01:37
Severity ?
Summary
Webmin before 1.860 has XSS with resultant remote code execution. Under the 'Others/File Manager' menu, there is a 'Download from remote URL' option to download a file from a remote server. After setting up a malicious server, one can wait for a file download request and then send an XSS payload that will lead to Remote Code Execution, as demonstrated by an OS command in the value attribute of a name='cmd' input element.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.webmin.com/changes.html | Release Notes, Vendor Advisory | |
| cve@mitre.org | http://www.webmin.com/security.html | Vendor Advisory | |
| cve@mitre.org | https://blogs.securiteam.com/index.php/archives/3430 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://github.com/webmin/webmin/commit/0c58892732ee7610a7abba5507614366d382c9c9 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.webmin.com/changes.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.webmin.com/security.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blogs.securiteam.com/index.php/archives/3430 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/webmin/webmin/commit/0c58892732ee7610a7abba5507614366d382c9c9 | Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A946EA8C-A37B-497C-96F0-68F5AD312139",
"versionEndIncluding": "1.850",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Webmin before 1.860 has XSS with resultant remote code execution. Under the \u0027Others/File Manager\u0027 menu, there is a \u0027Download from remote URL\u0027 option to download a file from a remote server. After setting up a malicious server, one can wait for a file download request and then send an XSS payload that will lead to Remote Code Execution, as demonstrated by an OS command in the value attribute of a name=\u0027cmd\u0027 input element."
},
{
"lang": "es",
"value": "Webmin, en versiones anteriores a la 1.860, tiene XSS que puede resultar en la ejecuci\u00f3n remota de c\u00f3digo. En el men\u00fa \"Others/File Manager\", hay una opci\u00f3n \"Download from remote URL\" (descarga desde URL remota) para descargar un archivo desde un servidor remoto. Despu\u00e9s de establecer un servidor malicioso, el atacante puede esperar una petici\u00f3n de descarga de archivo y entonces enviar un payload XSS que dar\u00e1 lugar a la ejecuci\u00f3n remota de c\u00f3digo. Esto ha sido demostrado por un comando de sistema operativo en el atributo valor de un elemento de entrada name=\u0027cmd\u0027."
}
],
"id": "CVE-2017-15646",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-19T22:29:00.323",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://www.webmin.com/changes.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.webmin.com/security.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blogs.securiteam.com/index.php/archives/3430"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/webmin/webmin/commit/0c58892732ee7610a7abba5507614366d382c9c9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://www.webmin.com/changes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.webmin.com/security.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blogs.securiteam.com/index.php/archives/3430"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/webmin/webmin/commit/0c58892732ee7610a7abba5507614366d382c9c9"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-31 15:15
Modified
2024-11-21 08:13
Severity ?
Summary
An issue was discovered in Webmin 2.021. A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the package search functionality. The vulnerability allows an attacker to inject a malicious payload in the "Search for Package" field, which gets reflected back in the application's response, leading to the execution of arbitrary JavaScript code within the context of the victim's browser.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38309 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://webmin.com/tags/webmin-changelog/ | Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38309 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://webmin.com/tags/webmin-changelog/ | Release Notes |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:2.021:*:*:*:*:*:*:*",
"matchCriteriaId": "80238B58-DA47-4036-900B-61044249B404",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Webmin 2.021. A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the package search functionality. The vulnerability allows an attacker to inject a malicious payload in the \"Search for Package\" field, which gets reflected back in the application\u0027s response, leading to the execution of arbitrary JavaScript code within the context of the victim\u0027s browser."
}
],
"id": "CVE-2023-38309",
"lastModified": "2024-11-21T08:13:17.847",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-31T15:15:10.847",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38309"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://webmin.com/tags/webmin-changelog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38309"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://webmin.com/tags/webmin-changelog/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-03-26 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
webmin 0.84 and earlier allows local users to overwrite and create arbitrary files via a symlink attack.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.calderasystems.com/support/security/advisories/CSSA-2001-004.0.txt | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-016.php3 | Patch | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/6011 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.calderasystems.com/support/security/advisories/CSSA-2001-004.0.txt | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-016.php3 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/6011 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:0.83:*:*:*:*:*:*:*",
"matchCriteriaId": "DFD94AA9-CABA-4FC8-8367-D5D9D8B4F623",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "webmin 0.84 and earlier allows local users to overwrite and create arbitrary files via a symlink attack."
}
],
"id": "CVE-2001-0222",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.2,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 1.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-03-26T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2001-004.0.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-016.php3"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6011"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2001-004.0.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-016.php3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6011"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-03-05 20:19
Modified
2025-04-09 00:30
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in chooser.cgi in Webmin before 1.330 and Usermin before 1.260 allow remote attackers to inject arbitrary web script or HTML via a crafted filename.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://osvdb.org/33832 | ||
| cve@mitre.org | http://secunia.com/advisories/24321 | Vendor Advisory | |
| cve@mitre.org | http://www.securitytracker.com/id?1017711 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2007/0780 | Vendor Advisory | |
| cve@mitre.org | http://www.webmin.com/changes-1.330.html | ||
| cve@mitre.org | http://www.webmin.com/security.html | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/32725 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/33832 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/24321 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1017711 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/0780 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.webmin.com/changes-1.330.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.webmin.com/security.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/32725 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| usermin | usermin | 1.000 | |
| usermin | usermin | 1.010 | |
| usermin | usermin | 1.020 | |
| usermin | usermin | 1.030 | |
| usermin | usermin | 1.040 | |
| usermin | usermin | 1.051 | |
| usermin | usermin | 1.060 | |
| usermin | usermin | 1.070 | |
| usermin | usermin | 1.080 | |
| usermin | usermin | 1.090 | |
| usermin | usermin | 1.100 | |
| usermin | usermin | 1.110 | |
| usermin | usermin | 1.120 | |
| usermin | usermin | 1.130 | |
| usermin | usermin | 1.140 | |
| usermin | usermin | 1.150 | |
| usermin | usermin | 1.210 | |
| usermin | usermin | 1.220 | |
| usermin | usermin | 1.230 | |
| usermin | usermin | 1.240 | |
| usermin | usermin | 1.250 | |
| webmin | webmin | 1.0.00 | |
| webmin | webmin | 1.0.10 | |
| webmin | webmin | 1.0.20 | |
| webmin | webmin | 1.0.30 | |
| webmin | webmin | 1.0.40 | |
| webmin | webmin | 1.0.50 | |
| webmin | webmin | 1.0.51 | |
| webmin | webmin | 1.0.60 | |
| webmin | webmin | 1.0.70 | |
| webmin | webmin | 1.0.80 | |
| webmin | webmin | 1.0.90 | |
| webmin | webmin | 1.1.00 | |
| webmin | webmin | 1.1.10 | |
| webmin | webmin | 1.1.20 | |
| webmin | webmin | 1.1.21 | |
| webmin | webmin | 1.1.30 | |
| webmin | webmin | 1.1.40 | |
| webmin | webmin | 1.1.50 | |
| webmin | webmin | 1.2.20 | |
| webmin | webmin | 1.2.30 | |
| webmin | webmin | 1.2.40 | |
| webmin | webmin | 1.2.50 | |
| webmin | webmin | 1.3.20 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:usermin:usermin:1.000:*:*:*:*:*:*:*",
"matchCriteriaId": "C70274C3-7CA0-49A2-B63C-7DAF492CCD0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.010:*:*:*:*:*:*:*",
"matchCriteriaId": "A7C4A319-0EA6-47E0-831A-27530DCF714E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.020:*:*:*:*:*:*:*",
"matchCriteriaId": "D1009D90-9851-441B-A2E2-FA5B676E8182",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.030:*:*:*:*:*:*:*",
"matchCriteriaId": "934A3D3F-CF10-478C-9206-DB468BCA4702",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.040:*:*:*:*:*:*:*",
"matchCriteriaId": "77B42570-F094-4C25-B246-6439D3FF4B30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.051:*:*:*:*:*:*:*",
"matchCriteriaId": "69A30BB5-2C3F-4C39-8CDC-CC0CC280384C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.060:*:*:*:*:*:*:*",
"matchCriteriaId": "753BF8DE-D225-4301-A6A6-50CD60B34234",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.070:*:*:*:*:*:*:*",
"matchCriteriaId": "FC37A972-11D7-4C85-A8DC-5EDE808629F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.080:*:*:*:*:*:*:*",
"matchCriteriaId": "EA7131C0-4FE1-4D69-9B21-8A9BFADE2A2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.090:*:*:*:*:*:*:*",
"matchCriteriaId": "6499BF74-CA64-4192-A45F-0D8B30C1FF37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.100:*:*:*:*:*:*:*",
"matchCriteriaId": "C0E9BC53-C2EC-43B8-9B5D-40675CF4C335",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.110:*:*:*:*:*:*:*",
"matchCriteriaId": "4702AEBE-E774-4015-974C-761901D50697",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.120:*:*:*:*:*:*:*",
"matchCriteriaId": "9AC9875A-3D23-4E4B-9A18-F8F86A62E5DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.130:*:*:*:*:*:*:*",
"matchCriteriaId": "8AED1941-33C5-4C29-BC85-F43B0BE3920B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.140:*:*:*:*:*:*:*",
"matchCriteriaId": "D05ED34F-0D69-4A4F-B59B-15437E991075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.150:*:*:*:*:*:*:*",
"matchCriteriaId": "B443FCF7-5949-4084-BA55-74F45A8ADB66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.210:*:*:*:*:*:*:*",
"matchCriteriaId": "D42C312D-82DE-48A5-9FDE-00D547A57416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.220:*:*:*:*:*:*:*",
"matchCriteriaId": "278FE0A3-D3F2-4C36-BD87-CE3E349B6D0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.230:*:*:*:*:*:*:*",
"matchCriteriaId": "5083E992-E844-4101-ADE2-123FAA1E35BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.240:*:*:*:*:*:*:*",
"matchCriteriaId": "0B322237-AA34-4D87-ADB4-7AF4EB01E71E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.250:*:*:*:*:*:*:*",
"matchCriteriaId": "4F399AAA-68FC-41AF-B701-219D1D5373CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.00:*:*:*:*:*:*:*",
"matchCriteriaId": "2B4A574A-5B2A-4769-B932-E1736564160A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C644D728-1DD4-48E0-9E42-35E836006F41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "D9425C1F-5E6A-489A-9A8B-9156E79FEAA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.30:*:*:*:*:*:*:*",
"matchCriteriaId": "8B8347DA-13F8-40E9-B9EA-2703C049AFA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.40:*:*:*:*:*:*:*",
"matchCriteriaId": "BD9C3443-526E-4D68-9C7E-F3432BECE6C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.50:*:*:*:*:*:*:*",
"matchCriteriaId": "C968FBE9-191A-40B1-9A69-BF24511E40B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.51:*:*:*:*:*:*:*",
"matchCriteriaId": "FC77E1B6-E368-4ECD-8459-69C718CE5409",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.60:*:*:*:*:*:*:*",
"matchCriteriaId": "D89047FD-39F0-4614-B1EC-D13BAF57405E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.70:*:*:*:*:*:*:*",
"matchCriteriaId": "6CDF2120-F341-4C2E-88C1-A6C76626BFF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.80:*:*:*:*:*:*:*",
"matchCriteriaId": "01DFC15C-3513-4E94-B46D-94FEA0D627FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.90:*:*:*:*:*:*:*",
"matchCriteriaId": "F4E068D3-F6B5-4102-B9FA-949E2FAA33D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.00:*:*:*:*:*:*:*",
"matchCriteriaId": "7E6BD551-EC6A-4C77-B9E7-B9CF3DC21021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "01B0FE2D-02BC-4081-B172-64A74389C5F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "43433ECE-8225-43EE-9F5E-FBB170B60CFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "1615ACA2-32CC-48B7-AB5A-0BB0FDA7F190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.30:*:*:*:*:*:*:*",
"matchCriteriaId": "F5ABAE43-0EEF-44D5-AB36-44DA54290122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.40:*:*:*:*:*:*:*",
"matchCriteriaId": "AD33CE40-DFC9-4BDC-BF4F-9E0B268B8503",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.50:*:*:*:*:*:*:*",
"matchCriteriaId": "8608F5A2-B6FA-43C6-9862-43DBAF01EB1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "E815171B-B054-450F-A9B3-2D522161DD02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "CD941A62-A41E-41CB-80C0-8B780AC39FB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "786287DD-2565-4931-BBA0-2CACD7671352",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.2.50:*:*:*:*:*:*:*",
"matchCriteriaId": "4784DC04-D2C5-46C6-831F-23D69B4B0513",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.3.20:*:*:*:*:*:*:*",
"matchCriteriaId": "4C02919F-4201-4D1E-8395-04C6A7193077",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in chooser.cgi in Webmin before 1.330 and Usermin before 1.260 allow remote attackers to inject arbitrary web script or HTML via a crafted filename."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de tipo cross-site scripting (XSS) en el archivo chooser.cgi en Webmin versiones anteriores a 1.330 y Usermin versiones anteriores a 1.260, permite a atacantes remotos inyectar script web o HTML arbitrario por medio de un nombre de archivo dise\u00f1ado."
}
],
"id": "CVE-2007-1276",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-03-05T20:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/33832"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24321"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1017711"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/0780"
},
{
"source": "cve@mitre.org",
"url": "http://www.webmin.com/changes-1.330.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.webmin.com/security.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32725"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/33832"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24321"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1017711"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/0780"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.webmin.com/changes-1.330.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.webmin.com/security.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32725"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-11-02 20:15
Modified
2024-11-21 07:20
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability, which was classified as problematic, was found in Webmin 2.001. Affected is an unknown function of the file xterm/index.cgi. The manipulation leads to basic cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.003 is able to address this issue. The patch is identified as d3d33af3c0c3fd3a889c84e287a038b7a457d811. It is recommended to upgrade the affected component. VDB-212862 is the identifier assigned to this vulnerability.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/webmin/webmin/commit/d3d33af3c0c3fd3a889c84e287a038b7a457d811 | Patch | |
| cna@vuldb.com | https://github.com/webmin/webmin/releases/tag/2.003 | Release Notes | |
| cna@vuldb.com | https://vuldb.com/?ctiid.212862 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.212862 | Permissions Required, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/webmin/webmin/commit/d3d33af3c0c3fd3a889c84e287a038b7a457d811 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/webmin/webmin/releases/tag/2.003 | Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.212862 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.212862 | Permissions Required, Third Party Advisory, VDB Entry |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:2.001:*:*:*:*:*:*:*",
"matchCriteriaId": "21C2886F-985F-41E4-9503-D775AFA80A40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in Webmin 2.001. Affected is an unknown function of the file xterm/index.cgi. The manipulation leads to basic cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.003 is able to address this issue. The patch is identified as d3d33af3c0c3fd3a889c84e287a038b7a457d811. It is recommended to upgrade the affected component. VDB-212862 is the identifier assigned to this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en Webmin 2.001 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del archivo xterm/index.cgi es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a Cross-Site Scripting (XSS). Es posible lanzar el ataque de forma remota. La actualizaci\u00f3n a la versi\u00f3n 2.003 puede solucionar este problema. El nombre del parche es d3d33af3c0c3fd3a889c84e287a038b7a457d811. Se recomienda actualizar el componente afectado. VDB-212862 es el identificador asignado a esta vulnerabilidad."
}
],
"id": "CVE-2022-3844",
"lastModified": "2024-11-21T07:20:21.160",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-11-02T20:15:11.023",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Patch"
],
"url": "https://github.com/webmin/webmin/commit/d3d33af3c0c3fd3a889c84e287a038b7a457d811"
},
{
"source": "cna@vuldb.com",
"tags": [
"Release Notes"
],
"url": "https://github.com/webmin/webmin/releases/tag/2.003"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.212862"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.212862"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/webmin/webmin/commit/d3d33af3c0c3fd3a889c84e287a038b7a457d811"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://github.com/webmin/webmin/releases/tag/2.003"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.212862"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.212862"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-80"
}
],
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-31 15:15
Modified
2024-11-21 08:13
Severity ?
Summary
An issue was discovered in Webmin 2.021. The download functionality allows an attacker to exploit a Cross-Site Scripting (XSS) vulnerability. By providing a crafted download path containing a malicious payload, an attacker can inject arbitrary code, which is then executed within the context of the victim's browser when the download link is accessed.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38305 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://webmin.com/tags/webmin-changelog/ | Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38305 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://webmin.com/tags/webmin-changelog/ | Release Notes |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:2.021:*:*:*:*:*:*:*",
"matchCriteriaId": "80238B58-DA47-4036-900B-61044249B404",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Webmin 2.021. The download functionality allows an attacker to exploit a Cross-Site Scripting (XSS) vulnerability. By providing a crafted download path containing a malicious payload, an attacker can inject arbitrary code, which is then executed within the context of the victim\u0027s browser when the download link is accessed."
}
],
"id": "CVE-2023-38305",
"lastModified": "2024-11-21T08:13:17.233",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-31T15:15:10.607",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38305"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://webmin.com/tags/webmin-changelog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38305"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://webmin.com/tags/webmin-changelog/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-25 06:15
Modified
2024-11-21 07:13
Severity ?
Summary
software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/167894/Webmin-1.996-Remote-Code-Execution.html | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://packetstormsecurity.com/files/168049/Webmin-Package-Updates-Command-Injection.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://gist.github.com/emirpolatt/cf19d6c0128fa3e25ebb47e09243919b | Exploit, Third Party Advisory | |
| cve@mitre.org | https://github.com/webmin/webmin/commit/13f7bf9621a82d93f1e9dbd838d1e22020221bde | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/webmin/webmin/compare/1.996...1.997 | Release Notes, Third Party Advisory | |
| cve@mitre.org | https://www.exploit-db.com/exploits/50998 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/167894/Webmin-1.996-Remote-Code-Execution.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/168049/Webmin-Package-Updates-Command-Injection.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://gist.github.com/emirpolatt/cf19d6c0128fa3e25ebb47e09243919b | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/webmin/webmin/commit/13f7bf9621a82d93f1e9dbd838d1e22020221bde | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/webmin/webmin/compare/1.996...1.997 | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/50998 | Third Party Advisory, VDB Entry |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD730C30-2C81-45E2-9270-4E2EEB6635B1",
"versionEndExcluding": "1.997",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command."
},
{
"lang": "es",
"value": "El archivo software/apt-lib.pl en Webmin versiones anteriores a 1.997, carece de escape HTML para un comando de la Interfaz de Usuario"
}
],
"id": "CVE-2022-36446",
"lastModified": "2024-11-21T07:13:01.783",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-25T06:15:07.900",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/167894/Webmin-1.996-Remote-Code-Execution.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/168049/Webmin-Package-Updates-Command-Injection.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gist.github.com/emirpolatt/cf19d6c0128fa3e25ebb47e09243919b"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/webmin/webmin/commit/13f7bf9621a82d93f1e9dbd838d1e22020221bde"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/webmin/webmin/compare/1.996...1.997"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/50998"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/167894/Webmin-1.996-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/168049/Webmin-Package-Updates-Command-Injection.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gist.github.com/emirpolatt/cf19d6c0128fa3e25ebb47e09243919b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/webmin/webmin/commit/13f7bf9621a82d93f1e9dbd838d1e22020221bde"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/webmin/webmin/compare/1.996...1.997"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/50998"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-116"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-10-12 16:15
Modified
2024-11-21 05:39
Severity ?
Summary
An Improper Data Validation Vulnerability exists in Webmin 1.941 and earlier affecting the Command Shell Endpoint. A user may enter HTML code into the Command field and submit it. Then, after visiting the Action Logs Menu and displaying logs, the HTML code will be rendered (however, JavaScript is not executed). Changes are kept across users.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.webmin.com/security.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.webmin.com/security.html | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "10FD4323-6E4B-4F7A-AB7B-D4F1A7635685",
"versionEndIncluding": "1.941",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Improper Data Validation Vulnerability exists in Webmin 1.941 and earlier affecting the Command Shell Endpoint. A user may enter HTML code into the Command field and submit it. Then, after visiting the Action Logs Menu and displaying logs, the HTML code will be rendered (however, JavaScript is not executed). Changes are kept across users."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de Comprobaci\u00f3n de Datos Inapropiada en Webmin versiones 1.941 y anteriores, afectando al Endpoint Command Shell.\u0026#xa0;Un usuario puede ingresar c\u00f3digo HTML en el campo Command y enviarlo.\u0026#xa0;Luego, despu\u00e9s de visitar el Men\u00fa Action Logs y mostrar los registros, el c\u00f3digo HTML ser\u00e1 renderizado (sin embargo, JavaScript no es ejecutado).\u0026#xa0;Los cambios se guardan entre los usuarios"
}
],
"id": "CVE-2020-8821",
"lastModified": "2024-11-21T05:39:30.393",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-12T16:15:12.590",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.webmin.com/security.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.webmin.com/security.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-08-30 22:15
Modified
2024-11-21 08:20
Severity ?
Summary
A Reflected Cross-site scripting (XSS) vulnerability in the file manager tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the replace in results field while replacing the results under the tools drop down.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/shindeanik/Usermin-2.000/blob/main/CVE-2023-41163 | Third Party Advisory | |
| cve@mitre.org | https://webmin.com/tags/webmin-changelog/ | Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/shindeanik/Usermin-2.000/blob/main/CVE-2023-41163 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://webmin.com/tags/webmin-changelog/ | Release Notes |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:2.000:*:*:*:*:*:*:*",
"matchCriteriaId": "32C6CF7F-1287-4AB2-B4C0-801AC1EC3CB5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Reflected Cross-site scripting (XSS) vulnerability in the file manager tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the replace in results field while replacing the results under the tools drop down."
}
],
"id": "CVE-2023-41163",
"lastModified": "2024-11-21T08:20:42.290",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-30T22:15:10.297",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/shindeanik/Usermin-2.000/blob/main/CVE-2023-41163"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://webmin.com/tags/webmin-changelog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/shindeanik/Usermin-2.000/blob/main/CVE-2023-41163"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://webmin.com/tags/webmin-changelog/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-26 18:15
Modified
2024-11-21 04:29
Severity ?
Summary
rpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execution via a crafted object name because unserialise_variable makes an eval call. NOTE: the Webmin_Servers_Index documentation states "RPC can be used to run any command or modify any file on a server, which is why access to it must not be granted to un-trusted Webmin users."
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://doxfer.webmin.com/Webmin/Webmin_Servers_Index | Vendor Advisory | |
| cve@mitre.org | https://github.com/webmin/webmin/blob/ab5e00e41ea1ecc1e24b8f8693f3495a0abb1aed/rpc.cgi#L26-L37 | Patch | |
| cve@mitre.org | https://github.com/webmin/webmin/commit/df8a43fb4bdc9c858874f72773bcba597ae9432c | Patch | |
| cve@mitre.org | https://www.calypt.com/blog/index.php/authenticated-rce-on-webmin/ | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://doxfer.webmin.com/Webmin/Webmin_Servers_Index | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/webmin/webmin/blob/ab5e00e41ea1ecc1e24b8f8693f3495a0abb1aed/rpc.cgi#L26-L37 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/webmin/webmin/commit/df8a43fb4bdc9c858874f72773bcba597ae9432c | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.calypt.com/blog/index.php/authenticated-rce-on-webmin/ | Exploit, Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0662557D-EC4E-4850-BC78-AA3A5B67CAE8",
"versionEndIncluding": "1.920",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "rpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execution via a crafted object name because unserialise_variable makes an eval call. NOTE: the Webmin_Servers_Index documentation states \"RPC can be used to run any command or modify any file on a server, which is why access to it must not be granted to un-trusted Webmin users.\""
},
{
"lang": "es",
"value": "rpc.cgi en Webmin hasta la version 1.920 permite la ejecuci\u00f3n remota de c\u00f3digo autenticada a trav\u00e9s de un nombre de objeto dise\u00f1ado porque unserialise_variable realiza una llamada de evaluaci\u00f3n. NOTA: la documentaci\u00f3n de Webmin_Servers_Index establece que \"RPC se puede usar para ejecutar cualquier comando o modificar cualquier archivo en un servidor, por lo que no se debe otorgar acceso a los usuarios de Webmin que no son de confianza\"."
}
],
"id": "CVE-2019-15642",
"lastModified": "2024-11-21T04:29:11.003",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-26T18:15:12.983",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://doxfer.webmin.com/Webmin/Webmin_Servers_Index"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/webmin/webmin/blob/ab5e00e41ea1ecc1e24b8f8693f3495a0abb1aed/rpc.cgi#L26-L37"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/webmin/webmin/commit/df8a43fb4bdc9c858874f72773bcba597ae9432c"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://www.calypt.com/blog/index.php/authenticated-rce-on-webmin/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://doxfer.webmin.com/Webmin/Webmin_Servers_Index"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/webmin/webmin/blob/ab5e00e41ea1ecc1e24b8f8693f3495a0abb1aed/rpc.cgi#L26-L37"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/webmin/webmin/commit/df8a43fb4bdc9c858874f72773bcba597ae9432c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://www.calypt.com/blog/index.php/authenticated-rce-on-webmin/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-13 22:15
Modified
2024-11-21 08:20
Severity ?
Summary
A Stored Cross-Site Scripting (XSS) vulnerability in the mail forwarding and replies tab in Webmin and Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the forward to field while creating a mail forwarding rule.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/shindeanik/Usermin-2.000/blob/main/CVE-2023-41155 | Third Party Advisory | |
| cve@mitre.org | https://webmin.com/tags/webmin-changelog/ | Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/shindeanik/Usermin-2.000/blob/main/CVE-2023-41155 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://webmin.com/tags/webmin-changelog/ | Release Notes |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:usermin:2.000:*:*:*:*:*:*:*",
"matchCriteriaId": "ED13897E-B6FB-4976-9037-2136FDFE1A50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:2.000:*:*:*:*:*:*:*",
"matchCriteriaId": "32C6CF7F-1287-4AB2-B4C0-801AC1EC3CB5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Stored Cross-Site Scripting (XSS) vulnerability in the mail forwarding and replies tab in Webmin and Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the forward to field while creating a mail forwarding rule."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Cross-Site Scripting (XSS) almacenado en la pesta\u00f1a de reenv\u00edo de correo y respuestas en Webmin y Usermin 2.000 permite a atacantes remotos inyectar scripts web o HTML de su elecci\u00f3n a trav\u00e9s del campo reenviar a mientras crean una regla de reenv\u00edo de correo."
}
],
"id": "CVE-2023-41155",
"lastModified": "2024-11-21T08:20:41.027",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-13T22:15:08.747",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/shindeanik/Usermin-2.000/blob/main/CVE-2023-41155"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://webmin.com/tags/webmin-changelog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/shindeanik/Usermin-2.000/blob/main/CVE-2023-41155"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://webmin.com/tags/webmin-changelog/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-11 06:15
Modified
2024-11-21 06:06
Severity ?
Summary
A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via the Upload and Download feature.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Mesh3l911/CVE-2021-32158 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Mesh3l911/CVE-2021-32158 | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:1.973:*:*:*:*:*:*:*",
"matchCriteriaId": "36AF9E26-A663-4BCE-AD76-CABD6DA36B66",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via the Upload and Download feature."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de tipo Cross-Site Scripting (XSS) en Webmin 1.973 por medio de la funcionalidad Upload and Download"
}
],
"id": "CVE-2021-32158",
"lastModified": "2024-11-21T06:06:53.000",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-11T06:15:08.340",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Mesh3l911/CVE-2021-32158"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Mesh3l911/CVE-2021-32158"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-05-31 20:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Webmin 1.540 and earlier allows local users to inject arbitrary web script or HTML via a chfn command that changes the real (aka Full Name) field, related to useradmin/index.cgi and useradmin/user-lib.pl.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://javierb.com.ar/2011/04/24/xss-webmin-1-540/ | Exploit | |
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/05/22/1 | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/05/24/7 | Exploit | |
| secalert@redhat.com | http://securityreason.com/securityalert/8264 | ||
| secalert@redhat.com | http://securitytracker.com/id?1025438 | Exploit | |
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2011:109 | ||
| secalert@redhat.com | http://www.securityfocus.com/archive/1/517658 | Exploit | |
| secalert@redhat.com | http://www.securityfocus.com/bid/47558 | ||
| secalert@redhat.com | http://www.youtube.com/watch?v=CUO7JLIGUf0 | Exploit | |
| secalert@redhat.com | https://github.com/webmin/webmin/commit/46e3d3ad195dcdc1af1795c96b6e0dc778fb6881 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://javierb.com.ar/2011/04/24/xss-webmin-1-540/ | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/05/22/1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/05/24/7 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/8264 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1025438 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2011:109 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/517658 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/47558 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.youtube.com/watch?v=CUO7JLIGUf0 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/webmin/webmin/commit/46e3d3ad195dcdc1af1795c96b6e0dc778fb6881 | Patch |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| webmin | webmin | * | |
| webmin | webmin | 0.75 | |
| webmin | webmin | 0.76 | |
| webmin | webmin | 0.77 | |
| webmin | webmin | 0.78 | |
| webmin | webmin | 0.79 | |
| webmin | webmin | 0.80 | |
| webmin | webmin | 0.81 | |
| webmin | webmin | 0.82 | |
| webmin | webmin | 0.83 | |
| webmin | webmin | 0.84 | |
| webmin | webmin | 0.85 | |
| webmin | webmin | 0.86 | |
| webmin | webmin | 0.87 | |
| webmin | webmin | 0.88 | |
| webmin | webmin | 0.91 | |
| webmin | webmin | 0.92 | |
| webmin | webmin | 0.93 | |
| webmin | webmin | 0.94 | |
| webmin | webmin | 0.950 | |
| webmin | webmin | 0.960 | |
| webmin | webmin | 0.970 | |
| webmin | webmin | 0.980 | |
| webmin | webmin | 0.990 | |
| webmin | webmin | 1.000 | |
| webmin | webmin | 1.010 | |
| webmin | webmin | 1.020 | |
| webmin | webmin | 1.030 | |
| webmin | webmin | 1.040 | |
| webmin | webmin | 1.050 | |
| webmin | webmin | 1.060 | |
| webmin | webmin | 1.070 | |
| webmin | webmin | 1.080 | |
| webmin | webmin | 1.090 | |
| webmin | webmin | 1.100 | |
| webmin | webmin | 1.110 | |
| webmin | webmin | 1.121 | |
| webmin | webmin | 1.130 | |
| webmin | webmin | 1.140 | |
| webmin | webmin | 1.150 | |
| webmin | webmin | 1.160 | |
| webmin | webmin | 1.170 | |
| webmin | webmin | 1.180 | |
| webmin | webmin | 1.190 | |
| webmin | webmin | 1.200 | |
| webmin | webmin | 1.210 | |
| webmin | webmin | 1.220 | |
| webmin | webmin | 1.230 | |
| webmin | webmin | 1.240 | |
| webmin | webmin | 1.250 | |
| webmin | webmin | 1.260 | |
| webmin | webmin | 1.270 | |
| webmin | webmin | 1.280 | |
| webmin | webmin | 1.290 | |
| webmin | webmin | 1.300 | |
| webmin | webmin | 1.310 | |
| webmin | webmin | 1.320 | |
| webmin | webmin | 1.330 | |
| webmin | webmin | 1.340 | |
| webmin | webmin | 1.350 | |
| webmin | webmin | 1.360 | |
| webmin | webmin | 1.370 | |
| webmin | webmin | 1.380 | |
| webmin | webmin | 1.390 | |
| webmin | webmin | 1.400 | |
| webmin | webmin | 1.410 | |
| webmin | webmin | 1.420 | |
| webmin | webmin | 1.430 | |
| webmin | webmin | 1.440 | |
| webmin | webmin | 1.441 | |
| webmin | webmin | 1.450 | |
| webmin | webmin | 1.460 | |
| webmin | webmin | 1.470 | |
| webmin | webmin | 1.480 | |
| webmin | webmin | 1.490 | |
| webmin | webmin | 1.500 | |
| webmin | webmin | 1.510 | |
| webmin | webmin | 1.520 | |
| webmin | webmin | 1.530 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "99196F59-548C-40FD-9EA7-6200901120E6",
"versionEndIncluding": "1.540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.75:*:*:*:*:*:*:*",
"matchCriteriaId": "180192C4-DDF9-4278-A213-24A91137D4FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.76:*:*:*:*:*:*:*",
"matchCriteriaId": "F05CF0BA-0606-42E5-A631-D302FF1D59F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.77:*:*:*:*:*:*:*",
"matchCriteriaId": "6A79B7B3-708A-42E4-B4EF-7746F6292DB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.78:*:*:*:*:*:*:*",
"matchCriteriaId": "E2F06BC0-0418-4A1C-BD4A-B7429A6CEA39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.79:*:*:*:*:*:*:*",
"matchCriteriaId": "1817FDA9-31F4-4D4A-A867-386D2F1CDB1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.80:*:*:*:*:*:*:*",
"matchCriteriaId": "23522A64-FD03-4C5B-9A8A-5E7CDDC65CEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.81:*:*:*:*:*:*:*",
"matchCriteriaId": "192B0ED0-5967-4169-A644-1DAB8D4BF981",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.82:*:*:*:*:*:*:*",
"matchCriteriaId": "E2B5EE2D-9105-4BD5-B298-34DFB332A728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.83:*:*:*:*:*:*:*",
"matchCriteriaId": "DFD94AA9-CABA-4FC8-8367-D5D9D8B4F623",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.84:*:*:*:*:*:*:*",
"matchCriteriaId": "35B136CA-47BF-46DE-885A-9E74EBDE5306",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.85:*:*:*:*:*:*:*",
"matchCriteriaId": "E9A3F522-6E6D-446C-8694-7AE91F19F1C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.86:*:*:*:*:*:*:*",
"matchCriteriaId": "B9B426CD-5105-4EDE-8ED5-991C6B712DF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.87:*:*:*:*:*:*:*",
"matchCriteriaId": "FE21BBCF-6F4B-4EEA-B80B-2AE46B6FB2ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.88:*:*:*:*:*:*:*",
"matchCriteriaId": "DBB86BC7-4A99-4C5B-9460-CDDA7C4E4041",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.91:*:*:*:*:*:*:*",
"matchCriteriaId": "0B0813F3-1886-481E-8822-4BD199C4934F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.92:*:*:*:*:*:*:*",
"matchCriteriaId": "6D25A7CA-ED9D-4562-8965-D4906D1BE5FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.93:*:*:*:*:*:*:*",
"matchCriteriaId": "C1F2D028-F2F9-4CE0-A24B-7DB44D488D4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.94:*:*:*:*:*:*:*",
"matchCriteriaId": "82EE7A9B-5688-4933-95B9-476873D44A65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.950:*:*:*:*:*:*:*",
"matchCriteriaId": "08068E84-9EE5-4742-B70A-567CD4199604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.960:*:*:*:*:*:*:*",
"matchCriteriaId": "5C6D5F6A-B34F-4134-959F-C31FC84EBCF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.970:*:*:*:*:*:*:*",
"matchCriteriaId": "DB4FEC51-DD03-418D-8E55-CEE696BE2D74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.980:*:*:*:*:*:*:*",
"matchCriteriaId": "4B9F8F43-F9EC-4BC0-BDF6-EC3EDF5A71F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.990:*:*:*:*:*:*:*",
"matchCriteriaId": "DB6865E9-F244-4019-AA4C-3DB1655A6AA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.000:*:*:*:*:*:*:*",
"matchCriteriaId": "17054066-DE7F-4BE7-A2DA-9426DE6B7D3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.010:*:*:*:*:*:*:*",
"matchCriteriaId": "8C04909C-17D9-46FF-BCCF-45F2531A1B6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.020:*:*:*:*:*:*:*",
"matchCriteriaId": "4B12A859-CFE1-46B7-B607-AF5BB6F5A081",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.030:*:*:*:*:*:*:*",
"matchCriteriaId": "860599C2-ED30-454A-8ABA-D62F6019D1E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.040:*:*:*:*:*:*:*",
"matchCriteriaId": "92F68614-84A3-4CB8-9481-9D3D089FF3E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.050:*:*:*:*:*:*:*",
"matchCriteriaId": "E1539E34-B384-4882-953E-896971C1E8AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.060:*:*:*:*:*:*:*",
"matchCriteriaId": "784B61DA-2890-4B4C-9D07-258A2C183132",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.070:*:*:*:*:*:*:*",
"matchCriteriaId": "8E91A2F5-2C56-4D5E-BBC7-F48BF458C264",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.080:*:*:*:*:*:*:*",
"matchCriteriaId": "6CE691D3-3A39-4B95-BD15-562D8A80BAE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.090:*:*:*:*:*:*:*",
"matchCriteriaId": "DE8E9AF8-6660-45F7-BF4A-B9C71CED7A68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.100:*:*:*:*:*:*:*",
"matchCriteriaId": "84063206-CEF4-4829-A74A-55C767923D5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.110:*:*:*:*:*:*:*",
"matchCriteriaId": "D885CB6A-06E9-416C-93D2-9C5A9931CF56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.121:*:*:*:*:*:*:*",
"matchCriteriaId": "97FE2F9D-C573-44BB-A542-8512FD27D130",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.130:*:*:*:*:*:*:*",
"matchCriteriaId": "8209350C-BD76-43E2-9E81-CECD03A214B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.140:*:*:*:*:*:*:*",
"matchCriteriaId": "86FB60E8-8A87-4838-8144-1FCFB8C382FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.150:*:*:*:*:*:*:*",
"matchCriteriaId": "A98A70E1-A1BD-45A6-A409-97B7FAA07E5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.160:*:*:*:*:*:*:*",
"matchCriteriaId": "09CB193D-3D6B-4680-8490-6FAA714C45A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.170:*:*:*:*:*:*:*",
"matchCriteriaId": "471E5FDB-0C34-4D3A-BACC-1EADE1ADCE83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.180:*:*:*:*:*:*:*",
"matchCriteriaId": "F97EC65B-0E6A-4F25-B7DC-1C1297173684",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.190:*:*:*:*:*:*:*",
"matchCriteriaId": "4390E10A-027E-423E-ABE3-86099074B4AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.200:*:*:*:*:*:*:*",
"matchCriteriaId": "B44FF660-7348-4F60-BE4D-1815C095C88A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.210:*:*:*:*:*:*:*",
"matchCriteriaId": "7350164E-520E-4BA0-8C51-19EE7D1E5FA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.220:*:*:*:*:*:*:*",
"matchCriteriaId": "7B2E5B42-C492-4F59-B250-C40095CF2582",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.230:*:*:*:*:*:*:*",
"matchCriteriaId": "D4155856-F5A3-4125-952E-82E93DDDE088",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.240:*:*:*:*:*:*:*",
"matchCriteriaId": "EB0BE82F-EC96-428E-871B-1332045EE9C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.250:*:*:*:*:*:*:*",
"matchCriteriaId": "B80E81F6-2A96-4014-8045-FC0C1B4CEB1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.260:*:*:*:*:*:*:*",
"matchCriteriaId": "D38FB71E-4663-48EC-8164-105AF85AEB51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.270:*:*:*:*:*:*:*",
"matchCriteriaId": "A95386F4-123A-407A-A735-F12FD9711BEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.280:*:*:*:*:*:*:*",
"matchCriteriaId": "030A8C8C-D60D-467D-80CE-B2B00572F05F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.290:*:*:*:*:*:*:*",
"matchCriteriaId": "1CE7F5BF-2B5D-44B4-8865-90E58771239C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.300:*:*:*:*:*:*:*",
"matchCriteriaId": "41462964-E5BA-4182-ABF4-54ECD5D97DAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.310:*:*:*:*:*:*:*",
"matchCriteriaId": "85AAE04F-4530-454A-AC2C-2581197EAD0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.320:*:*:*:*:*:*:*",
"matchCriteriaId": "2F2634CD-846C-4343-B50F-21AD7380212B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.330:*:*:*:*:*:*:*",
"matchCriteriaId": "60489FB9-5D98-4611-8FBE-7F6A901BBFA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.340:*:*:*:*:*:*:*",
"matchCriteriaId": "85A8F9EA-7A8D-4BA9-9732-DE93388800A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.350:*:*:*:*:*:*:*",
"matchCriteriaId": "4D4C622D-6ED7-4F11-A43B-FE00B088CEAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.360:*:*:*:*:*:*:*",
"matchCriteriaId": "080FCFDE-557E-4D35-8701-96AC28381ADF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.370:*:*:*:*:*:*:*",
"matchCriteriaId": "E948F223-D365-4D5B-9C2B-FB064F8DC00B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.380:*:*:*:*:*:*:*",
"matchCriteriaId": "DF07B559-9FEE-40FF-AA85-0018998F7E22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.390:*:*:*:*:*:*:*",
"matchCriteriaId": "2B767E9C-D321-4972-BF7A-B5E62956D6CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.400:*:*:*:*:*:*:*",
"matchCriteriaId": "F97A0281-1C70-4476-9441-400C83AB39E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.410:*:*:*:*:*:*:*",
"matchCriteriaId": "46563F83-035B-49AF-94B4-909CE53945D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.420:*:*:*:*:*:*:*",
"matchCriteriaId": "75736565-8B44-48C2-92AE-AF4B19A5C18D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.430:*:*:*:*:*:*:*",
"matchCriteriaId": "0A50E69D-EE5A-4DC7-A884-F6B10E677E4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.440:*:*:*:*:*:*:*",
"matchCriteriaId": "19FCDACE-0BB2-4891-94BE-5E8F1BB72386",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.441:*:*:*:*:*:*:*",
"matchCriteriaId": "4462604D-A3FE-4DA4-A401-59AA433686A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.450:*:*:*:*:*:*:*",
"matchCriteriaId": "6EE2A989-3136-4B0F-AA9C-4C002532FCB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.460:*:*:*:*:*:*:*",
"matchCriteriaId": "FF407748-7342-487E-86B9-038361C09B45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.470:*:*:*:*:*:*:*",
"matchCriteriaId": "C4F2FAD3-E922-4E17-95EC-E6D2F1BC9778",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.480:*:*:*:*:*:*:*",
"matchCriteriaId": "B0D66B84-678C-4568-8543-319A9C4D4116",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.490:*:*:*:*:*:*:*",
"matchCriteriaId": "0C548C2A-18F0-43F0-A98B-B730E33B0A87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.500:*:*:*:*:*:*:*",
"matchCriteriaId": "8CD4CB9A-2C24-4548-8204-D936927F8362",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.510:*:*:*:*:*:*:*",
"matchCriteriaId": "1582111F-8C80-41C9-84D5-8C2BAD1511C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.520:*:*:*:*:*:*:*",
"matchCriteriaId": "97A98749-3256-4027-8AF0-F9756AA96CA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.530:*:*:*:*:*:*:*",
"matchCriteriaId": "5A7B281C-00C6-405A-AC41-0C29E29AB412",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Webmin 1.540 and earlier allows local users to inject arbitrary web script or HTML via a chfn command that changes the real (aka Full Name) field, related to useradmin/index.cgi and useradmin/user-lib.pl."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Webmin 1.540 y versiones anteriores permite a usuarios remotos inyectar codigo de script web o c\u00f3digo HTML de su elecci\u00f3n a trav\u00e9s de un comando chfn que modifica el campo real (Full Name). Relacionado con useradmin/index.cgi y useradmin/user-lib.pl."
}
],
"id": "CVE-2011-1937",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-05-31T20:55:05.173",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://javierb.com.ar/2011/04/24/xss-webmin-1-540/"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/05/22/1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://openwall.com/lists/oss-security/2011/05/24/7"
},
{
"source": "secalert@redhat.com",
"url": "http://securityreason.com/securityalert/8264"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://securitytracker.com/id?1025438"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:109"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/archive/1/517658"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/47558"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.youtube.com/watch?v=CUO7JLIGUf0"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://github.com/webmin/webmin/commit/46e3d3ad195dcdc1af1795c96b6e0dc778fb6881"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://javierb.com.ar/2011/04/24/xss-webmin-1-540/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/05/22/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://openwall.com/lists/oss-security/2011/05/24/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/8264"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://securitytracker.com/id?1025438"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:109"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/archive/1/517658"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/47558"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.youtube.com/watch?v=CUO7JLIGUf0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/webmin/webmin/commit/46e3d3ad195dcdc1af1795c96b6e0dc778fb6881"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-11 06:15
Modified
2024-11-21 06:06
Severity ?
Summary
A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 through the File Manager feature.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Mesh3l911/CVE-2021-32161 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Mesh3l911/CVE-2021-32161 | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:1.973:*:*:*:*:*:*:*",
"matchCriteriaId": "36AF9E26-A663-4BCE-AD76-CABD6DA36B66",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 through the File Manager feature."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de tipo Cross-Site Scripting (XSS) en Webmin versi\u00f3n 1.973 mediante la funci\u00f3n File Manager"
}
],
"id": "CVE-2021-32161",
"lastModified": "2024-11-21T06:06:53.413",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-11T06:15:08.493",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Mesh3l911/CVE-2021-32161"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Mesh3l911/CVE-2021-32161"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-04-25 19:15
Modified
2024-11-21 06:06
Severity ?
Summary
Webmin 1.973 is affected by reflected Cross Site Scripting (XSS) to achieve Remote Command Execution through Webmin's running process feature.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/163559/Webmin-1.973-Cross-Site-Request-Forgery.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://github.com/Mesh3l911/CVE-2021-31761 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://github.com/electronicbots/CVE-2021-31761 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://github.com/webmin/webmin | Product, Third Party Advisory | |
| cve@mitre.org | https://youtu.be/23VvUMu-28c | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/163559/Webmin-1.973-Cross-Site-Request-Forgery.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Mesh3l911/CVE-2021-31761 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/electronicbots/CVE-2021-31761 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/webmin/webmin | Product, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://youtu.be/23VvUMu-28c | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:1.973:*:*:*:*:*:*:*",
"matchCriteriaId": "36AF9E26-A663-4BCE-AD76-CABD6DA36B66",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Webmin 1.973 is affected by reflected Cross Site Scripting (XSS) to achieve Remote Command Execution through Webmin\u0027s running process feature."
},
{
"lang": "es",
"value": "Webmin versi\u00f3n 1.973, esta afectado por una vulnerabilidad de tipo Cross Site Scripting (XSS) reflejado para lograr una ejecuci\u00f3n de comandos remota por medio de la funcionalidad Webmin\u0027s running process"
}
],
"id": "CVE-2021-31761",
"lastModified": "2024-11-21T06:06:11.657",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-25T19:15:08.207",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/163559/Webmin-1.973-Cross-Site-Request-Forgery.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Mesh3l911/CVE-2021-31761"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/electronicbots/CVE-2021-31761"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://github.com/webmin/webmin"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://youtu.be/23VvUMu-28c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/163559/Webmin-1.973-Cross-Site-Request-Forgery.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Mesh3l911/CVE-2021-31761"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/electronicbots/CVE-2021-31761"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://github.com/webmin/webmin"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://youtu.be/23VvUMu-28c"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-31 15:15
Modified
2024-11-21 08:13
Severity ?
Summary
An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the configuration settings of the system logs functionality. The vulnerability allows an attacker to store an XSS payload in the configuration settings of specific log files. This results in the execution of that payload whenever the affected log files are accessed.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38310 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://webmin.com/tags/webmin-changelog/ | Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38310 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://webmin.com/tags/webmin-changelog/ | Release Notes |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:2.021:*:*:*:*:*:*:*",
"matchCriteriaId": "80238B58-DA47-4036-900B-61044249B404",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the configuration settings of the system logs functionality. The vulnerability allows an attacker to store an XSS payload in the configuration settings of specific log files. This results in the execution of that payload whenever the affected log files are accessed."
}
],
"id": "CVE-2023-38310",
"lastModified": "2024-11-21T08:13:17.997",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-31T15:15:10.907",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38310"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://webmin.com/tags/webmin-changelog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38310"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://webmin.com/tags/webmin-changelog/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-04-28 16:59
Modified
2025-04-20 01:37
Severity ?
Summary
Multiple cross-site scripting vulnerabilities in Webmin versions prior to 1.830 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN34207650/index.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | http://www.securityfocus.com/bid/96227 | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | https://github.com/webmin/webmin/commit/475cc4fbdf51c865b291d252d81a58bad05de0c7 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN34207650/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/96227 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/webmin/webmin/commit/475cc4fbdf51c865b291d252d81a58bad05de0c7 | Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "137D2A3A-5ED0-4BE5-8E6B-73531C4100B8",
"versionEndIncluding": "1.820",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting vulnerabilities in Webmin versions prior to 1.830 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Varias vulnerabilidades de secuencias de comandos entre sitios en Webmin versiones anteriores a 1.830 permiten a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2017-2106",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-28T16:59:00.887",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvn.jp/en/jp/JVN34207650/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/96227"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/webmin/webmin/commit/475cc4fbdf51c865b291d252d81a58bad05de0c7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvn.jp/en/jp/JVN34207650/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/96227"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/webmin/webmin/commit/475cc4fbdf51c865b291d252d81a58bad05de0c7"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-31 15:15
Modified
2024-11-21 08:13
Severity ?
Summary
An issue was discovered in Webmin 2.021. A Cross-Site Scripting (XSS) vulnerability was discovered in the HTTP Tunnel functionality when handling third-party domain URLs. By providing a crafted URL from a third-party domain, an attacker can inject malicious code. leading to the execution of arbitrary JavaScript code within the context of the victim's browser.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38308 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://webmin.com/tags/webmin-changelog/ | Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38308 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://webmin.com/tags/webmin-changelog/ | Release Notes |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:2.021:*:*:*:*:*:*:*",
"matchCriteriaId": "80238B58-DA47-4036-900B-61044249B404",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Webmin 2.021. A Cross-Site Scripting (XSS) vulnerability was discovered in the HTTP Tunnel functionality when handling third-party domain URLs. By providing a crafted URL from a third-party domain, an attacker can inject malicious code. leading to the execution of arbitrary JavaScript code within the context of the victim\u0027s browser."
}
],
"id": "CVE-2023-38308",
"lastModified": "2024-11-21T08:13:17.693",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-31T15:15:10.787",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38308"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://webmin.com/tags/webmin-changelog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38308"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://webmin.com/tags/webmin-changelog/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-15 01:15
Modified
2024-11-21 08:20
Severity ?
Summary
An issue was discovered in Webmin 2.100. The File Manager functionality allows an attacker to exploit a Cross-Site Scripting (XSS) vulnerability. By providing a malicious payload, an attacker can inject arbitrary code, which is then executed within the context of the victim's browser when any file is searched/replaced.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://webmin.com | Product | |
| cve@mitre.org | https://github.com/Vi39/Webmin-2.100/blob/main/CVE-2023-40985 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://webmin.com | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Vi39/Webmin-2.100/blob/main/CVE-2023-40985 | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:2.100:*:*:*:*:*:*:*",
"matchCriteriaId": "C1B4BC89-37BB-4538-887D-DE2B0930BDED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Webmin 2.100. The File Manager functionality allows an attacker to exploit a Cross-Site Scripting (XSS) vulnerability. By providing a malicious payload, an attacker can inject arbitrary code, which is then executed within the context of the victim\u0027s browser when any file is searched/replaced."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Webmin 2.100. La funcionalidad del Administrador de Archivos permite a un atacante explotar una vulnerabilidad de Cross-Site Scripting (XSS). Al proporcionar un payload malicioso, un atacante puede inyectar c\u00f3digo arbitrario, que luego se ejecuta dentro del contexto del navegador de la v\u00edctima cuando se busca o reemplaza cualquier archivo."
}
],
"id": "CVE-2023-40985",
"lastModified": "2024-11-21T08:20:22.323",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-15T01:15:07.787",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "http://webmin.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Vi39/Webmin-2.100/blob/main/CVE-2023-40985"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "http://webmin.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Vi39/Webmin-2.100/blob/main/CVE-2023-40985"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-09-24 23:17
Modified
2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in Webmin before 1.370 on Windows allows remote authenticated users to execute arbitrary commands via a crafted URL.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://osvdb.org/40772 | ||
| cve@mitre.org | http://secunia.com/advisories/26885 | Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/25773 | ||
| cve@mitre.org | http://www.securitytracker.com/id?1018731 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2007/3243 | ||
| cve@mitre.org | http://www.webmin.com/security.html | Patch | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/36759 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/40772 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/26885 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/25773 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1018731 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/3243 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.webmin.com/security.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/36759 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C32C953-4C70-476D-B943-D8634A5B6703",
"versionEndIncluding": "1.360",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Webmin before 1.370 on Windows allows remote authenticated users to execute arbitrary commands via a crafted URL."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en Webmin versiones anteriores a 1.370 en Windows permite a usuarios remotos autenticados ejecutar comandos de su elecci\u00f3n mediante un URL manipulado."
}
],
"id": "CVE-2007-5066",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-09-24T23:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/40772"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26885"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/25773"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1018731"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/3243"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.webmin.com/security.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36759"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/40772"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26885"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/25773"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018731"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/3243"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.webmin.com/security.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36759"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-26 18:15
Modified
2024-11-21 04:29
Severity ?
Summary
xmlrpc.cgi in Webmin through 1.930 allows authenticated XXE attacks. By default, only root, admin, and sysadm can access xmlrpc.cgi.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.calypt.com/blog/index.php/authenticated-xxe-on-webmin/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.calypt.com/blog/index.php/authenticated-xxe-on-webmin/ | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D6E473E7-13BE-452A-A7DA-3C0BEC89866E",
"versionEndIncluding": "1.930",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "xmlrpc.cgi in Webmin through 1.930 allows authenticated XXE attacks. By default, only root, admin, and sysadm can access xmlrpc.cgi."
},
{
"lang": "es",
"value": "xmlrpc.cgi en Webmin a trav\u00e9s de 1.930 permite ataques XXE autenticados. De forma predeterminada, solo root, admin y sysadm pueden tener acceso a xmlrpc.cgi."
}
],
"id": "CVE-2019-15641",
"lastModified": "2024-11-21T04:29:10.867",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-26T18:15:12.920",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.calypt.com/blog/index.php/authenticated-xxe-on-webmin/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.calypt.com/blog/index.php/authenticated-xxe-on-webmin/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-07-20 11:12
Modified
2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Webmin before 1.690, when referrer checking is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2014-3924.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN02213197/index.html | Vendor Advisory | |
| vultures@jpcert.or.jp | http://jvndb.jvn.jp/jvndb/JVNDB-2014-000060 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN02213197/index.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvndb.jvn.jp/jvndb/JVNDB-2014-000060 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C7098876-1831-4013-AFDC-4B87AEBECEDA",
"versionEndIncluding": "1.680",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.600:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDBEEF5-0D51-4585-9AFF-E317E1E81C4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.610:*:*:*:*:*:*:*",
"matchCriteriaId": "79D5E434-C5D0-476C-991C-E82355AE32B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.620:*:*:*:*:*:*:*",
"matchCriteriaId": "523DF9D1-7E6D-458E-93AD-906AAE97E1CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.630:*:*:*:*:*:*:*",
"matchCriteriaId": "76BD5561-78F2-416F-BDE1-365D887FC061",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.640:*:*:*:*:*:*:*",
"matchCriteriaId": "E5D20433-B154-4CD2-BF7E-2B0F6E93E81C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.650:*:*:*:*:*:*:*",
"matchCriteriaId": "2403CB58-22C6-4B71-B007-4F2B8D942C5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.660:*:*:*:*:*:*:*",
"matchCriteriaId": "6321F048-D25F-4E4C-9994-7FA0D619418D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.670:*:*:*:*:*:*:*",
"matchCriteriaId": "AE07D5AE-0277-493F-8362-C09285A024E6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Webmin before 1.690, when referrer checking is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2014-3924."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en Webmin anterior a 1.690, cuando la comprobaci\u00f3n de referenciadores est\u00e1 deshabilitada, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores no especificados. NOTA: esto podr\u00eda solaparse con CVE-2014-3924."
}
],
"id": "CVE-2014-3886",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-07-20T11:12:50.527",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://jvn.jp/en/jp/JVN02213197/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000060"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://jvn.jp/en/jp/JVN02213197/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000060"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-09-22 10:03
Modified
2025-04-03 01:03
Severity ?
Summary
miniserv.pl in Webmin before 1.230 and Usermin before 1.160, when "full PAM conversations" is enabled, allows remote attackers to bypass authentication by spoofing session IDs via certain metacharacters (line feed or carriage return).
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://archives.neohapsis.com/archives/bugtraq/2005-09/0257.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://jvn.jp/jp/JVN%2340940493/index.html | ||
| cve@mitre.org | http://secunia.com/advisories/16858 | Patch, Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/17282 | ||
| cve@mitre.org | http://securityreason.com/securityalert/17 | ||
| cve@mitre.org | http://www.gentoo.org/security/en/glsa/glsa-200509-17.xml | ||
| cve@mitre.org | http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/83_e.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDKSA-2005:176 | ||
| cve@mitre.org | http://www.novell.com/linux/security/advisories/2005_24_sr.html | ||
| cve@mitre.org | http://www.osvdb.org/19575 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/14889 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2005/1791 | ||
| cve@mitre.org | http://www.webmin.com/changes-1.230.html | Patch | |
| cve@mitre.org | http://www.webmin.com/uchanges-1.160.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/bugtraq/2005-09/0257.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/jp/JVN%2340940493/index.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/16858 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/17282 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/17 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.gentoo.org/security/en/glsa/glsa-200509-17.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/83_e.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDKSA-2005:176 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.novell.com/linux/security/advisories/2005_24_sr.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/19575 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/14889 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2005/1791 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.webmin.com/changes-1.230.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.webmin.com/uchanges-1.160.html |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:usermin:usermin:1.150:*:*:*:*:*:*:*",
"matchCriteriaId": "B443FCF7-5949-4084-BA55-74F45A8ADB66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "E815171B-B054-450F-A9B3-2D522161DD02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "miniserv.pl in Webmin before 1.230 and Usermin before 1.160, when \"full PAM conversations\" is enabled, allows remote attackers to bypass authentication by spoofing session IDs via certain metacharacters (line feed or carriage return)."
}
],
"id": "CVE-2005-3042",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-09-22T10:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2005-09/0257.html"
},
{
"source": "cve@mitre.org",
"url": "http://jvn.jp/jp/JVN%2340940493/index.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/16858"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/17282"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/17"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-17.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/83_e.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:176"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2005_24_sr.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/19575"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/14889"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2005/1791"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.webmin.com/changes-1.230.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.webmin.com/uchanges-1.160.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2005-09/0257.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/jp/JVN%2340940493/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/16858"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17282"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-17.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/83_e.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:176"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2005_24_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/19575"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/14889"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/1791"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.webmin.com/changes-1.230.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.webmin.com/uchanges-1.160.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-06-28 22:05
Modified
2025-04-03 01:03
Severity ?
Summary
Directory traversal vulnerability in Webmin before 1.280, when run on Windows, allows remote attackers to read arbitrary files via \ (backslash) characters in the URL to certain directories under the web root, such as the image directory.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://jvn.jp/jp/JVN%2367974490/index.html | ||
| cve@mitre.org | http://secunia.com/advisories/20777 | Vendor Advisory | |
| cve@mitre.org | http://securityreason.com/securityalert/1161 | ||
| cve@mitre.org | http://securitytracker.com/id?1016375 | ||
| cve@mitre.org | http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/88_e.html | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/438149/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/18613 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2006/2493 | ||
| cve@mitre.org | http://www.webmin.com/changes.html | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/27366 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/jp/JVN%2367974490/index.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/20777 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/1161 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1016375 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/88_e.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/438149/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/18613 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2006/2493 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.webmin.com/changes.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/27366 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "72A55881-A6A1-47F7-BEE5-E27981B2FE36",
"versionEndIncluding": "1.2.70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "CD941A62-A41E-41CB-80C0-8B780AC39FB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "786287DD-2565-4931-BBA0-2CACD7671352",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.2.50:*:*:*:*:*:*:*",
"matchCriteriaId": "4784DC04-D2C5-46C6-831F-23D69B4B0513",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.2.60:*:*:*:*:*:*:*",
"matchCriteriaId": "9C219DAB-C13C-4232-8B98-2D7A9ED16E30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Webmin before 1.280, when run on Windows, allows remote attackers to read arbitrary files via \\ (backslash) characters in the URL to certain directories under the web root, such as the image directory."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en versiones de Webmin anteriores a la v1.280, cuando se ejecuta en Windows, permite a atacantes remotos leer ficheros arbitrarios a trav\u00e9s del car\u00e1cter \\ (barra invertida) en la URL a determinados directorios bajo la ra\u00edz Web, tales como el directorio de imagenes."
}
],
"evaluatorSolution": "Update to version 1.280.",
"id": "CVE-2006-3274",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-06-28T22:05:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://jvn.jp/jp/JVN%2367974490/index.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20777"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/1161"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1016375"
},
{
"source": "cve@mitre.org",
"url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/88_e.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/438149/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/18613"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/2493"
},
{
"source": "cve@mitre.org",
"url": "http://www.webmin.com/changes.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27366"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/jp/JVN%2367974490/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20777"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/1161"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016375"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/88_e.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/438149/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/18613"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/2493"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.webmin.com/changes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27366"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-12-30 17:15
Modified
2025-08-14 18:41
Severity ?
Summary
Webmin CGI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Webmin. Authentication is required to exploit this vulnerability.
The specific flaw exists within the handling of CGI requests. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22346.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:2.104:*:*:*:*:*:*:*",
"matchCriteriaId": "168F9572-2109-460B-B422-D0DCBF85A144",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Webmin CGI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Webmin. Authentication is required to exploit this vulnerability. \n\nThe specific flaw exists within the handling of CGI requests. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22346."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo mediante inyecci\u00f3n de comandos CGI en Webmin. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de Webmin. Se requiere autenticaci\u00f3n para explotar esta vulnerabilidad. La falla espec\u00edfica existe en la gesti\u00f3n de solicitudes CGI. El problema es el resultado de la falta de validaci\u00f3n adecuada de una cadena proporcionada por el usuario antes de usarla para ejecutar una llamada al sistema. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto de la ra\u00edz. Era ZDI-CAN-22346."
}
],
"id": "CVE-2024-12828",
"lastModified": "2025-08-14T18:41:57.413",
"metrics": {
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0,
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-12-30T17:15:07.717",
"references": [
{
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Patch"
],
"url": "https://github.com/webmin/authentic-theme/commit/61e5b10227b50407e3c6ac494ffbd4385d1b59df"
},
{
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1725/"
}
],
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "zdi-disclosures@trendmicro.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-12-30 17:29
Modified
2025-04-20 01:37
Severity ?
Summary
custom/run.cgi in Webmin before 1.870 allows remote authenticated administrators to conduct XSS attacks via the description field in the custom command functionality.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/102339 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://github.com/webmin/webmin/commit/a9c97eea6c268fb83d93a817d58bac75e0d2599e | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102339 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/webmin/webmin/commit/a9c97eea6c268fb83d93a817d58bac75e0d2599e | Issue Tracking, Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EC6BA8D6-7E87-4C91-97C3-094D30EF55F7",
"versionEndIncluding": "1.860",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "custom/run.cgi in Webmin before 1.870 allows remote authenticated administrators to conduct XSS attacks via the description field in the custom command functionality."
},
{
"lang": "es",
"value": "custom/run.cgi en Webmin en versiones anteriores a la 1.870 permite que los administradores autenticados remotos realicen ataques de Cross-Site Scripting (XSS) mediante el campo description en la funcionalidad de comando personalizado."
}
],
"id": "CVE-2017-17089",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-12-30T17:29:00.263",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102339"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/webmin/webmin/commit/a9c97eea6c268fb83d93a817d58bac75e0d2599e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102339"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/webmin/webmin/commit/a9c97eea6c268fb83d93a817d58bac75e0d2599e"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-31 15:15
Modified
2024-11-21 08:13
Severity ?
Summary
An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the Users and Groups functionality. The vulnerability occurs when an authenticated user adds a new user and inserts an XSS payload into the user's real name.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38307 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://webmin.com/tags/webmin-changelog/ | Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38307 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://webmin.com/tags/webmin-changelog/ | Release Notes |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:2.021:*:*:*:*:*:*:*",
"matchCriteriaId": "80238B58-DA47-4036-900B-61044249B404",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the Users and Groups functionality. The vulnerability occurs when an authenticated user adds a new user and inserts an XSS payload into the user\u0027s real name."
}
],
"id": "CVE-2023-38307",
"lastModified": "2024-11-21T08:13:17.540",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-31T15:15:10.723",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38307"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://webmin.com/tags/webmin-changelog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38307"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://webmin.com/tags/webmin-changelog/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-04-25 19:15
Modified
2024-11-21 06:06
Severity ?
Summary
Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to create a privileged user through Webmin's add users feature, and then get a reverse shell through Webmin's running process feature.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/163492/Webmin-1.973-Cross-Site-Request-Forgery.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://github.com/Mesh3l911/CVE-2021-31762 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://github.com/electronicbots/CVE-2021-31762 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://github.com/webmin/webmin | Product, Third Party Advisory | |
| cve@mitre.org | https://youtu.be/qCvEXwyaF5U | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/163492/Webmin-1.973-Cross-Site-Request-Forgery.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Mesh3l911/CVE-2021-31762 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/electronicbots/CVE-2021-31762 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/webmin/webmin | Product, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://youtu.be/qCvEXwyaF5U | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:1.973:*:*:*:*:*:*:*",
"matchCriteriaId": "36AF9E26-A663-4BCE-AD76-CABD6DA36B66",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to create a privileged user through Webmin\u0027s add users feature, and then get a reverse shell through Webmin\u0027s running process feature."
},
{
"lang": "es",
"value": "Webmin versi\u00f3n 1.973, esta afectado por una vulnerabilidad de tipo Cross Site Request Forgery (CSRF) para crear un usuario privilegiado mediante la funcionalidad Webmin\u0027s add users, y luego obtener un shell inverso mediante la funcionalidad Webmin\u0027s running process"
}
],
"id": "CVE-2021-31762",
"lastModified": "2024-11-21T06:06:11.810",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-25T19:15:08.240",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/163492/Webmin-1.973-Cross-Site-Request-Forgery.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Mesh3l911/CVE-2021-31762"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/electronicbots/CVE-2021-31762"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://github.com/webmin/webmin"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://youtu.be/qCvEXwyaF5U"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/163492/Webmin-1.973-Cross-Site-Request-Forgery.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Mesh3l911/CVE-2021-31762"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/electronicbots/CVE-2021-31762"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://github.com/webmin/webmin"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://youtu.be/qCvEXwyaF5U"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
The web interface for Webmin 0.92 does not properly quote or filter script code in files that are displayed to the interface, which allows local users to execute script and possibly steal cookies by inserting the script into certain files or fields, such as a real user name entry in the passwd file.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://online.securityfocus.com/archive/1/263181 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/4329 | Exploit, Patch | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/8596 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://online.securityfocus.com/archive/1/263181 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/4329 | Exploit, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/8596 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| webmin | webmin | 0.1 | |
| webmin | webmin | 0.2 | |
| webmin | webmin | 0.3 | |
| webmin | webmin | 0.4 | |
| webmin | webmin | 0.5 | |
| webmin | webmin | 0.6 | |
| webmin | webmin | 0.7 | |
| webmin | webmin | 0.21 | |
| webmin | webmin | 0.22 | |
| webmin | webmin | 0.31 | |
| webmin | webmin | 0.41 | |
| webmin | webmin | 0.42 | |
| webmin | webmin | 0.51 | |
| webmin | webmin | 0.76 | |
| webmin | webmin | 0.77 | |
| webmin | webmin | 0.78 | |
| webmin | webmin | 0.79 | |
| webmin | webmin | 0.80 | |
| webmin | webmin | 0.83 | |
| webmin | webmin | 0.84 | |
| webmin | webmin | 0.85 | |
| webmin | webmin | 0.88 | |
| webmin | webmin | 0.91 | |
| webmin | webmin | 0.92 | |
| webmin | webmin | 0.92.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "30E3CF12-D0B7-4C7F-96C8-36A3FAFA8EDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C808C470-F0A1-4338-A988-3968EABE78E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C16685C0-94E9-4AE6-8221-1D32112808F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EDACA626-1687-4192-A2E8-C74823B715A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A9641C23-B30A-4CB2-A348-BD708F68F90A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0852A462-22ED-422D-A454-0A6E026D9AD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "97FEF73D-767D-4BF2-AA12-67268719A404",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "84B5A02C-96AB-46FD-A958-86AC0DFD1F2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "BB1B8073-C512-4ACA-8E3F-92D46D63FBCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.31:*:*:*:*:*:*:*",
"matchCriteriaId": "B368FAD0-39A7-4115-9327-1D32BECF2F7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.41:*:*:*:*:*:*:*",
"matchCriteriaId": "2B3D7B7A-0426-4176-A759-E96024DC492D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.42:*:*:*:*:*:*:*",
"matchCriteriaId": "1E3EFDEE-A99B-4D0E-B6A7-E7C285A5DFBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.51:*:*:*:*:*:*:*",
"matchCriteriaId": "50C3D4D4-246A-4287-AA42-CFDD0C1AE22A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.76:*:*:*:*:*:*:*",
"matchCriteriaId": "F05CF0BA-0606-42E5-A631-D302FF1D59F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.77:*:*:*:*:*:*:*",
"matchCriteriaId": "6A79B7B3-708A-42E4-B4EF-7746F6292DB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.78:*:*:*:*:*:*:*",
"matchCriteriaId": "E2F06BC0-0418-4A1C-BD4A-B7429A6CEA39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.79:*:*:*:*:*:*:*",
"matchCriteriaId": "1817FDA9-31F4-4D4A-A867-386D2F1CDB1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.80:*:*:*:*:*:*:*",
"matchCriteriaId": "23522A64-FD03-4C5B-9A8A-5E7CDDC65CEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.83:*:*:*:*:*:*:*",
"matchCriteriaId": "DFD94AA9-CABA-4FC8-8367-D5D9D8B4F623",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.84:*:*:*:*:*:*:*",
"matchCriteriaId": "35B136CA-47BF-46DE-885A-9E74EBDE5306",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.85:*:*:*:*:*:*:*",
"matchCriteriaId": "E9A3F522-6E6D-446C-8694-7AE91F19F1C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.88:*:*:*:*:*:*:*",
"matchCriteriaId": "DBB86BC7-4A99-4C5B-9460-CDDA7C4E4041",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.91:*:*:*:*:*:*:*",
"matchCriteriaId": "0B0813F3-1886-481E-8822-4BD199C4934F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.92:*:*:*:*:*:*:*",
"matchCriteriaId": "6D25A7CA-ED9D-4562-8965-D4906D1BE5FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.92.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5C38C77-246F-41A9-A3D5-99C2DDA1DAE1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The web interface for Webmin 0.92 does not properly quote or filter script code in files that are displayed to the interface, which allows local users to execute script and possibly steal cookies by inserting the script into certain files or fields, such as a real user name entry in the passwd file."
}
],
"id": "CVE-2002-1673",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://online.securityfocus.com/archive/1/263181"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/4329"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8596"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://online.securityfocus.com/archive/1/263181"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/4329"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8596"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-05-28 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Webmin 0.84 and earlier does not properly clear the HTTP_AUTHORIZATION environment variable when the web server is restarted, which makes authentication information available to all CGI programs and allows local users to gain privileges.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://archives.neohapsis.com/archives/bugtraq/2001-05/0262.html | Vendor Advisory | |
| cve@mitre.org | http://www.calderasystems.com/support/security/advisories/CSSA-2001-019.1.txt | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-059.php3 | Patch | |
| cve@mitre.org | http://www.securityfocus.com/bid/2795 | Exploit, Patch, Vendor Advisory | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/6627 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/bugtraq/2001-05/0262.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.calderasystems.com/support/security/advisories/CSSA-2001-019.1.txt | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-059.php3 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/2795 | Exploit, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/6627 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A9641C23-B30A-4CB2-A348-BD708F68F90A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0852A462-22ED-422D-A454-0A6E026D9AD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "97FEF73D-767D-4BF2-AA12-67268719A404",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.80:*:*:*:*:*:*:*",
"matchCriteriaId": "23522A64-FD03-4C5B-9A8A-5E7CDDC65CEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.83:*:*:*:*:*:*:*",
"matchCriteriaId": "DFD94AA9-CABA-4FC8-8367-D5D9D8B4F623",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.84:*:*:*:*:*:*:*",
"matchCriteriaId": "35B136CA-47BF-46DE-885A-9E74EBDE5306",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Webmin 0.84 and earlier does not properly clear the HTTP_AUTHORIZATION environment variable when the web server is restarted, which makes authentication information available to all CGI programs and allows local users to gain privileges."
}
],
"id": "CVE-2001-1074",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-05-28T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-05/0262.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2001-019.1.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-059.php3"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/2795"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6627"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-05/0262.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2001-019.1.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-059.php3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/2795"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6627"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Webmin 0.21 through 1.0 uses the same built-in SSL key for all installations, which allows remote attackers to eavesdrop or highjack the SSL session.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02%3A06.asc | ||
| cve@mitre.org | http://www.iss.net/security_center/static/10381.php | Patch | |
| cve@mitre.org | http://www.securityfocus.com/bid/5936 | Patch | |
| cve@mitre.org | http://www.webmin.com/changes.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02%3A06.asc | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.iss.net/security_center/static/10381.php | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/5936 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.webmin.com/changes.html |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| webmin | webmin | 0.21 | |
| webmin | webmin | 0.22 | |
| webmin | webmin | 0.31 | |
| webmin | webmin | 0.41 | |
| webmin | webmin | 0.42 | |
| webmin | webmin | 0.51 | |
| webmin | webmin | 0.76 | |
| webmin | webmin | 0.77 | |
| webmin | webmin | 0.78 | |
| webmin | webmin | 0.79 | |
| webmin | webmin | 0.80 | |
| webmin | webmin | 0.85 | |
| webmin | webmin | 0.88 | |
| webmin | webmin | 0.91 | |
| webmin | webmin | 0.92 | |
| webmin | webmin | 0.93 | |
| webmin | webmin | 0.94 | |
| webmin | webmin | 0.95 | |
| webmin | webmin | 0.96 | |
| webmin | webmin | 0.97 | |
| webmin | webmin | 0.98 | |
| webmin | webmin | 0.99 | |
| webmin | webmin | 1.0.00 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "84B5A02C-96AB-46FD-A958-86AC0DFD1F2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "BB1B8073-C512-4ACA-8E3F-92D46D63FBCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.31:*:*:*:*:*:*:*",
"matchCriteriaId": "B368FAD0-39A7-4115-9327-1D32BECF2F7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.41:*:*:*:*:*:*:*",
"matchCriteriaId": "2B3D7B7A-0426-4176-A759-E96024DC492D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.42:*:*:*:*:*:*:*",
"matchCriteriaId": "1E3EFDEE-A99B-4D0E-B6A7-E7C285A5DFBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.51:*:*:*:*:*:*:*",
"matchCriteriaId": "50C3D4D4-246A-4287-AA42-CFDD0C1AE22A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.76:*:*:*:*:*:*:*",
"matchCriteriaId": "F05CF0BA-0606-42E5-A631-D302FF1D59F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.77:*:*:*:*:*:*:*",
"matchCriteriaId": "6A79B7B3-708A-42E4-B4EF-7746F6292DB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.78:*:*:*:*:*:*:*",
"matchCriteriaId": "E2F06BC0-0418-4A1C-BD4A-B7429A6CEA39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.79:*:*:*:*:*:*:*",
"matchCriteriaId": "1817FDA9-31F4-4D4A-A867-386D2F1CDB1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.80:*:*:*:*:*:*:*",
"matchCriteriaId": "23522A64-FD03-4C5B-9A8A-5E7CDDC65CEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.85:*:*:*:*:*:*:*",
"matchCriteriaId": "E9A3F522-6E6D-446C-8694-7AE91F19F1C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.88:*:*:*:*:*:*:*",
"matchCriteriaId": "DBB86BC7-4A99-4C5B-9460-CDDA7C4E4041",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.91:*:*:*:*:*:*:*",
"matchCriteriaId": "0B0813F3-1886-481E-8822-4BD199C4934F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.92:*:*:*:*:*:*:*",
"matchCriteriaId": "6D25A7CA-ED9D-4562-8965-D4906D1BE5FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.93:*:*:*:*:*:*:*",
"matchCriteriaId": "C1F2D028-F2F9-4CE0-A24B-7DB44D488D4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.94:*:*:*:*:*:*:*",
"matchCriteriaId": "82EE7A9B-5688-4933-95B9-476873D44A65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.95:*:*:*:*:*:*:*",
"matchCriteriaId": "30A57D7A-B989-4D82-B667-029A245AA6D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.96:*:*:*:*:*:*:*",
"matchCriteriaId": "C664186B-DD40-490B-B2DE-4279B00102F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.97:*:*:*:*:*:*:*",
"matchCriteriaId": "88E1D6C5-20FE-4514-B618-312BB19E5F6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.98:*:*:*:*:*:*:*",
"matchCriteriaId": "B5017EA5-7188-4293-9FDF-5D23DCB40B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.99:*:*:*:*:*:*:*",
"matchCriteriaId": "FF6C5F07-330D-46C5-8A8B-8DF734F4640F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.00:*:*:*:*:*:*:*",
"matchCriteriaId": "2B4A574A-5B2A-4769-B932-E1736564160A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Webmin 0.21 through 1.0 uses the same built-in SSL key for all installations, which allows remote attackers to eavesdrop or highjack the SSL session."
}
],
"id": "CVE-2002-1947",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02%3A06.asc"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.iss.net/security_center/static/10381.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/5936"
},
{
"source": "cve@mitre.org",
"url": "http://www.webmin.com/changes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02%3A06.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.iss.net/security_center/static/10381.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/5936"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.webmin.com/changes.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-03-02 12:15
Modified
2024-11-21 06:39
Severity ?
Summary
Improper Access Control to Remote Code Execution in GitHub repository webmin/webmin prior to 1.990.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | http://packetstormsecurity.com/files/166240/Webmin-1.984-Remote-Code-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
| security@huntr.dev | http://packetstormsecurity.com/files/169700/Webmin-1.984-File-Manager-Remote-Code-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
| security@huntr.dev | https://github.com/webmin/webmin/commit/39ea464f0c40b325decd6a5bfb7833fa4a142e38 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/d0049a96-de90-4b1a-9111-94de1044f295 | Exploit, Issue Tracking, Third Party Advisory | |
| security@huntr.dev | https://notes.netbytesec.com/2022/03/webmin-broken-access-control-to-post-auth-rce.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/166240/Webmin-1.984-Remote-Code-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/169700/Webmin-1.984-File-Manager-Remote-Code-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/webmin/webmin/commit/39ea464f0c40b325decd6a5bfb7833fa4a142e38 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/d0049a96-de90-4b1a-9111-94de1044f295 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://notes.netbytesec.com/2022/03/webmin-broken-access-control-to-post-auth-rce.html | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CCBB705F-B54E-4537-A487-7BA0B97FC389",
"versionEndExcluding": "1.990",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Access Control to Remote Code Execution in GitHub repository webmin/webmin prior to 1.990."
},
{
"lang": "es",
"value": "Un Control de Acceso Inapropiado para una Ejecuci\u00f3n de C\u00f3digo Remota en el repositorio de GitHub webmin/webmin versiones anteriores a 1.990"
}
],
"id": "CVE-2022-0824",
"lastModified": "2024-11-21T06:39:28.280",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.5,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-02T12:15:07.777",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/166240/Webmin-1.984-Remote-Code-Execution.html"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/169700/Webmin-1.984-File-Manager-Remote-Code-Execution.html"
},
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/webmin/webmin/commit/39ea464f0c40b325decd6a5bfb7833fa4a142e38"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/d0049a96-de90-4b1a-9111-94de1044f295"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://notes.netbytesec.com/2022/03/webmin-broken-access-control-to-post-auth-rce.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/166240/Webmin-1.984-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/169700/Webmin-1.984-File-Manager-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/webmin/webmin/commit/39ea464f0c40b325decd6a5bfb7833fa4a142e38"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/d0049a96-de90-4b1a-9111-94de1044f295"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://notes.netbytesec.com/2022/03/webmin-broken-access-control-to-post-auth-rce.html"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "security@huntr.dev",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-01-25 21:15
Modified
2025-05-30 15:15
Severity ?
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
4.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Summary
Cross Site Scripting vulnerability (XSS) in webmin v.2.105 and earlier allows a remote attacker to execute arbitrary code via a crafted payload to the "Execute cron job as" tab Input field.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Acklee/webadmin_xss/blob/main/xss.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Acklee/webadmin_xss/blob/main/xss.md | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31EF125F-925E-4A9B-B100-2A9840924559",
"versionEndIncluding": "2.105",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability (XSS) in webmin v.2.105 and earlier allows a remote attacker to execute arbitrary code via a crafted payload to the \"Execute cron job as\" tab Input field."
},
{
"lang": "es",
"value": "Vulnerabilidad de cross site scripting (XSS) en webmin v.2.105 y versiones anteriores permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de un payload manipulado en el campo de entrada de la pesta\u00f1a \"Execute cron job as\"."
}
],
"id": "CVE-2023-52046",
"lastModified": "2025-05-30T15:15:27.030",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-01-25T21:15:08.730",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Acklee/webadmin_xss/blob/main/xss.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Acklee/webadmin_xss/blob/main/xss.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-15 03:15
Modified
2024-11-21 08:20
Severity ?
Summary
A stored cross-site scripting (XSS) vulnerability in Webmin v2.100 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cloned module name parameter.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://webmin.com | Product | |
| cve@mitre.org | https://github.com/Vi39/Webmin-2.100/blob/main/CVE-2023-40982 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://webmin.com | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Vi39/Webmin-2.100/blob/main/CVE-2023-40982 | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:2.100:*:*:*:*:*:*:*",
"matchCriteriaId": "C1B4BC89-37BB-4538-887D-DE2B0930BDED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting (XSS) vulnerability in Webmin v2.100 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cloned module name parameter."
},
{
"lang": "es",
"value": "Una vulnerabilidad cross-site scripting (XSS) almacenadas en Webmin v2.100 permite a los atacantes ejecutar scripts web o HTML arbitrarias a trav\u00e9s de payload elaborado inyectado en el m\u00f3dulo clonado en el par\u00e1metro nombre."
}
],
"id": "CVE-2023-40982",
"lastModified": "2024-11-21T08:20:21.847",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-15T03:15:09.047",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "http://webmin.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Vi39/Webmin-2.100/blob/main/CVE-2023-40982"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "http://webmin.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Vi39/Webmin-2.100/blob/main/CVE-2023-40982"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-31 15:15
Modified
2024-11-21 08:13
Severity ?
Summary
An issue was discovered in Webmin 2.021. One can exploit a stored Cross-Site Scripting (XSS) attack to achieve Remote Command Execution (RCE) through the Users and Group's real name parameter.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38303 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://webmin.com/tags/webmin-changelog/ | Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38303 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://webmin.com/tags/webmin-changelog/ | Release Notes |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:2.021:*:*:*:*:*:*:*",
"matchCriteriaId": "80238B58-DA47-4036-900B-61044249B404",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Webmin 2.021. One can exploit a stored Cross-Site Scripting (XSS) attack to achieve Remote Command Execution (RCE) through the Users and Group\u0027s real name parameter."
}
],
"id": "CVE-2023-38303",
"lastModified": "2024-11-21T08:13:16.927",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-31T15:15:10.487",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38303"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://webmin.com/tags/webmin-changelog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38303"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://webmin.com/tags/webmin-changelog/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-12-17 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Directory traversal vulnerability in edit_action.cgi of Webmin Directory 0.91 allows attackers to gain privileges via a '..' (dot dot) in the argument.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://marc.info/?l=webmin-l&m=100865390306103&w=2 | ||
| cve@mitre.org | http://www.iss.net/security_center/static/7711.php | Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/archive/1/245980 | Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/3698 | Exploit, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=webmin-l&m=100865390306103&w=2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.iss.net/security_center/static/7711.php | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/245980 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/3698 | Exploit, Patch, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:0.91:*:*:*:*:*:*:*",
"matchCriteriaId": "0B0813F3-1886-481E-8822-4BD199C4934F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in edit_action.cgi of Webmin Directory 0.91 allows attackers to gain privileges via a \u0027..\u0027 (dot dot) in the argument."
},
{
"lang": "es",
"value": "Una vulnerabilidad de atravesamiento de directorios en edit_action.cgi de Webmin Directory 0.91 permite a atacantes remotos, la obtenci\u00f3n de privilegios mediante el uso de \u0027..\u0027 (punto punto) en el argumento."
}
],
"id": "CVE-2001-1196",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-12-17T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=webmin-l\u0026m=100865390306103\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/7711.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/245980"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/3698"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=webmin-l\u0026m=100865390306103\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/7711.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/245980"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/3698"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-21 14:15
Modified
2024-11-21 08:23
Severity ?
Summary
There is a stored cross-site scripting (XSS) vulnerability in Webmin 2.002 and below via the Cluster Cron Job tab Input field, which allows attackers to run malicious scripts by injecting a specially crafted payload.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/TishaManandhar/Webmin_xss_POC/blob/main/XSS | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/TishaManandhar/Webmin_xss_POC/blob/main/XSS | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A6202E4-6FD5-4056-A956-30B585DC5FE1",
"versionEndIncluding": "2.002",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is a stored cross-site scripting (XSS) vulnerability in Webmin 2.002 and below via the Cluster Cron Job tab Input field, which allows attackers to run malicious scripts by injecting a specially crafted payload."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Scripting (XSS) almacenado en Webmin 2.002 y versiones anteriores a trav\u00e9s del archivo Cluster Cron Job tab Input, que permite a los atacantes ejecutar scripts maliciosos inyectando un payload manipulado."
}
],
"id": "CVE-2023-43309",
"lastModified": "2024-11-21T08:23:58.503",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-21T14:15:10.750",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/TishaManandhar/Webmin_xss_POC/blob/main/XSS"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/TishaManandhar/Webmin_xss_POC/blob/main/XSS"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
1999-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Webmin before 0.5 does not restrict the number of invalid passwords that are entered for a valid username, which could allow remote attackers to gain privileges via brute force password cracking.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/archive/1/9138 | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/98 | ||
| cve@mitre.org | http://www.webmin.com/webmin/changes.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/9138 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/98 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.webmin.com/webmin/changes.html | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "30E3CF12-D0B7-4C7F-96C8-36A3FAFA8EDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C808C470-F0A1-4338-A988-3968EABE78E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C16685C0-94E9-4AE6-8221-1D32112808F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EDACA626-1687-4192-A2E8-C74823B715A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "84B5A02C-96AB-46FD-A958-86AC0DFD1F2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "BB1B8073-C512-4ACA-8E3F-92D46D63FBCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.31:*:*:*:*:*:*:*",
"matchCriteriaId": "B368FAD0-39A7-4115-9327-1D32BECF2F7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.41:*:*:*:*:*:*:*",
"matchCriteriaId": "2B3D7B7A-0426-4176-A759-E96024DC492D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.42:*:*:*:*:*:*:*",
"matchCriteriaId": "1E3EFDEE-A99B-4D0E-B6A7-E7C285A5DFBC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Webmin before 0.5 does not restrict the number of invalid passwords that are entered for a valid username, which could allow remote attackers to gain privileges via brute force password cracking."
}
],
"id": "CVE-1999-1074",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "1999-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/9138"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/98"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.webmin.com/webmin/changes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/9138"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/98"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.webmin.com/webmin/changes.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-04-25 19:15
Modified
2024-11-21 06:06
Severity ?
Summary
Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to achieve Remote Command Execution (RCE) through Webmin's running process feature.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Mesh3l911/CVE-2021-31760 | Third Party Advisory | |
| cve@mitre.org | https://github.com/electronicbots/CVE-2021-31760 | Third Party Advisory | |
| cve@mitre.org | https://github.com/webmin/webmin | Third Party Advisory | |
| cve@mitre.org | https://youtu.be/D45FN8QrzDo | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Mesh3l911/CVE-2021-31760 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/electronicbots/CVE-2021-31760 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/webmin/webmin | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://youtu.be/D45FN8QrzDo | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:1.973:*:*:*:*:*:*:*",
"matchCriteriaId": "36AF9E26-A663-4BCE-AD76-CABD6DA36B66",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to achieve Remote Command Execution (RCE) through Webmin\u0027s running process feature."
},
{
"lang": "es",
"value": "Webmin versi\u00f3n 1.973, esta afectado por una vulnerabilidad de tipo Cross Site Request Forgery (CSRF) para lograr una Ejecuci\u00f3n de Comandos Remota (RCE) por medio de la funcionalidad Webmin\u0027s running process"
}
],
"id": "CVE-2021-31760",
"lastModified": "2024-11-21T06:06:11.507",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-25T19:15:08.173",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/Mesh3l911/CVE-2021-31760"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/electronicbots/CVE-2021-31760"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/webmin/webmin"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://youtu.be/D45FN8QrzDo"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/Mesh3l911/CVE-2021-31760"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/electronicbots/CVE-2021-31760"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/webmin/webmin"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://youtu.be/D45FN8QrzDo"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-04 02:29
Modified
2025-04-20 01:37
Severity ?
Summary
Multiple Cross-site scripting (XSS) vulnerabilities in Webmin before 1.850 allow remote attackers to inject arbitrary web script or HTML via the sec parameter to view_man.cgi, the referers parameter to change_referers.cgi, or the name parameter to save_user.cgi. NOTE: these issues were not fixed in 1.840.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://seclists.org/bugtraq/2017/Jul/3 | Exploit, Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/99373 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id/1038814 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.webmin.com/changes.html | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://github.com/webmin/webmin/commit/a330e913ee099cb9c586ce1b9267647fc566c1ab | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/webmin/webmin/commit/c2d4a90639afb2403979aa91ba75cb332ae16d1b | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/bugtraq/2017/Jul/3 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/99373 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1038814 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.webmin.com/changes.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/webmin/webmin/commit/a330e913ee099cb9c586ce1b9267647fc566c1ab | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/webmin/webmin/commit/c2d4a90639afb2403979aa91ba75cb332ae16d1b | Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84CBDEDB-2FA2-47C2-BC5C-8AAFBC2ECAB7",
"versionEndIncluding": "1.840",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple Cross-site scripting (XSS) vulnerabilities in Webmin before 1.850 allow remote attackers to inject arbitrary web script or HTML via the sec parameter to view_man.cgi, the referers parameter to change_referers.cgi, or the name parameter to save_user.cgi. NOTE: these issues were not fixed in 1.840."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de tipo cross-site-scripting (XSS) en Webmin anterior a la versi\u00f3n 1.850, permiten a los atacantes remotos inyectar script web o HTML arbitrario por medio del par\u00e1metro sec en el archivo view_man.cgi, el par\u00e1metro referers en el archivo change_referers.cgi, o el par\u00e1metro name en el archivo save_user.cgi. NOTA: estos problemas no fueron corregidos en la versi\u00f3n 1.840."
}
],
"id": "CVE-2017-9313",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-04T02:29:00.283",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://seclists.org/bugtraq/2017/Jul/3"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99373"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038814"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://www.webmin.com/changes.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/webmin/webmin/commit/a330e913ee099cb9c586ce1b9267647fc566c1ab"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/webmin/webmin/commit/c2d4a90639afb2403979aa91ba75cb332ae16d1b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://seclists.org/bugtraq/2017/Jul/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99373"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038814"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://www.webmin.com/changes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/webmin/webmin/commit/a330e913ee099cb9c586ce1b9267647fc566c1ab"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/webmin/webmin/commit/c2d4a90639afb2403979aa91ba75cb332ae16d1b"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-15 01:15
Modified
2024-11-21 08:20
Severity ?
Summary
A stored cross-site scripting (XSS) vulnerability in the Usermin Configuration function of Webmin v2.100 allows attackers to execute arbitrary web sripts or HTML via a crafted payload injected into the Custom field.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://webmin.com | Product | |
| cve@mitre.org | https://github.com/Vi39/Webmin-2.100/blob/main/CVE-2023-40986 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://webmin.com | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Vi39/Webmin-2.100/blob/main/CVE-2023-40986 | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:2.100:*:*:*:*:*:*:*",
"matchCriteriaId": "C1B4BC89-37BB-4538-887D-DE2B0930BDED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting (XSS) vulnerability in the Usermin Configuration function of Webmin v2.100 allows attackers to execute arbitrary web sripts or HTML via a crafted payload injected into the Custom field."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Cross-Site Scripting (XSS) almacenado en la funci\u00f3n de Usermin Configuration de Webmin v2.100 permite a los atacantes ejecutar scripts web o HTML arbitrarios a trav\u00e9s de un payload manipulado inyectado en el campo Custom."
}
],
"id": "CVE-2023-40986",
"lastModified": "2024-11-21T08:20:22.477",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-15T01:15:07.910",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "http://webmin.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Vi39/Webmin-2.100/blob/main/CVE-2023-40986"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "http://webmin.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Vi39/Webmin-2.100/blob/main/CVE-2023-40986"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-31 15:15
Modified
2024-11-21 08:13
Severity ?
Summary
An issue was discovered in Webmin 2.021. A Cross-site Scripting (XSS) Bypass vulnerability was discovered in the file upload functionality. Normally, the application restricts the upload of certain file types such as .svg, .php, etc., and displays an error message if a prohibited file type is detected. However, by following certain steps, an attacker can bypass these restrictions and inject malicious code.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38306 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://webmin.com/tags/webmin-changelog/ | Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38306 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://webmin.com/tags/webmin-changelog/ | Release Notes |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:2.021:*:*:*:*:*:*:*",
"matchCriteriaId": "80238B58-DA47-4036-900B-61044249B404",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Webmin 2.021. A Cross-site Scripting (XSS) Bypass vulnerability was discovered in the file upload functionality. Normally, the application restricts the upload of certain file types such as .svg, .php, etc., and displays an error message if a prohibited file type is detected. However, by following certain steps, an attacker can bypass these restrictions and inject malicious code."
}
],
"id": "CVE-2023-38306",
"lastModified": "2024-11-21T08:13:17.380",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-31T15:15:10.663",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38306"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://webmin.com/tags/webmin-changelog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38306"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://webmin.com/tags/webmin-changelog/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-08-06 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Unknown vulnerability in Webmin 1.140 allows remote attackers to bypass access control rules and gain read access to configuration information for a module.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000848 | ||
| cve@mitre.org | http://marc.info/?l=bugtraq&m=108697184602191&w=2 | ||
| cve@mitre.org | http://www.debian.org/security/2004/dsa-526 | ||
| cve@mitre.org | http://www.gentoo.org/security/en/glsa/glsa-200406-12.xml | ||
| cve@mitre.org | http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/74_e.html | ||
| cve@mitre.org | http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:074 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/10474 | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/10522 | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.webmin.com/changes-1.150.html | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/16333 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000848 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=108697184602191&w=2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2004/dsa-526 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.gentoo.org/security/en/glsa/glsa-200406-12.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/74_e.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:074 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/10474 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/10522 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.webmin.com/changes-1.150.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/16333 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.40:*:*:*:*:*:*:*",
"matchCriteriaId": "AD33CE40-DFC9-4BDC-BF4F-9E0B268B8503",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unknown vulnerability in Webmin 1.140 allows remote attackers to bypass access control rules and gain read access to configuration information for a module."
},
{
"lang": "es",
"value": "Vulnerabilidad desconocidad en Webmin 1.140 permite a atacantes remotos saltarse reglas de control de acceso y conseguir acceso de lectura a informaci\u00f3n de configuraci\u00f3n de un m\u00f3dulo."
}
],
"id": "CVE-2004-0582",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-08-06T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000848"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108697184602191\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2004/dsa-526"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200406-12.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/74_e.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:074"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10474"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10522"
},
{
"source": "cve@mitre.org",
"url": "http://www.webmin.com/changes-1.150.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16333"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000848"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108697184602191\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2004/dsa-526"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200406-12.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/74_e.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:074"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10474"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10522"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.webmin.com/changes-1.150.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16333"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-12-21 20:15
Modified
2024-11-21 05:27
Severity ?
Summary
Arbitrary command execution can occur in Webmin through 1.962. Any user authorized for the Package Updates module can execute arbitrary commands with root privileges via vectors involving %0A and %0C. NOTE: this issue exists because of an incomplete fix for CVE-2019-12840.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/160676/Webmin-1.962-Remote-Command-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://www.exploit-db.com/exploits/49318 | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://www.pentest.com.tr/exploits/Webmin-1962-PU-Escape-Bypass-Remote-Command-Execution.html | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.webmin.com/download.html | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/160676/Webmin-1.962-Remote-Command-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/49318 | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.pentest.com.tr/exploits/Webmin-1962-PU-Escape-Bypass-Remote-Command-Execution.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.webmin.com/download.html | Product |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C8B8FAE-EA82-4465-9186-6ECE6C031521",
"versionEndIncluding": "1.962",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Arbitrary command execution can occur in Webmin through 1.962. Any user authorized for the Package Updates module can execute arbitrary commands with root privileges via vectors involving %0A and %0C. NOTE: this issue exists because of an incomplete fix for CVE-2019-12840."
},
{
"lang": "es",
"value": "Una ejecuci\u00f3n de comandos arbitraria puede ocurrir en Webmin versiones hasta 1.962.\u0026#xa0;Cualquier usuario autorizado para el m\u00f3dulo Package Updates puede ejecutar comandos arbitrarios con privilegios root por medio de vectores que involucran %0A y %0C.\u0026#xa0;NOTA: este problema se presenta debido a una correcci\u00f3n incompleta para el CVE-2019-12840"
}
],
"id": "CVE-2020-35606",
"lastModified": "2024-11-21T05:27:41.330",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-21T20:15:12.617",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/160676/Webmin-1.962-Remote-Command-Execution.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/49318"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.pentest.com.tr/exploits/Webmin-1962-PU-Escape-Bypass-Remote-Command-Execution.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.webmin.com/download.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/160676/Webmin-1.962-Remote-Command-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/49318"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.pentest.com.tr/exploits/Webmin-1962-PU-Escape-Bypass-Remote-Command-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.webmin.com/download.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
The web mail functionality in Usermin 1.x and Webmin 1.x allows remote attackers to execute arbitrary commands via shell metacharacters in an e-mail message.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://secunia.com/advisories/12488/ | Patch | |
| cve@mitre.org | http://www.gentoo.org/security/en/glsa/glsa-200409-15.xml | Patch | |
| cve@mitre.org | http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/77_e.html | ||
| cve@mitre.org | http://www.securityfocus.com/bid/11122 | Exploit, Patch | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/17293 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/12488/ | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.gentoo.org/security/en/glsa/glsa-200409-15.xml | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/77_e.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/11122 | Exploit, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/17293 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| usermin | usermin | 1.000 | |
| usermin | usermin | 1.010 | |
| usermin | usermin | 1.020 | |
| usermin | usermin | 1.030 | |
| usermin | usermin | 1.040 | |
| usermin | usermin | 1.051 | |
| usermin | usermin | 1.060 | |
| usermin | usermin | 1.070 | |
| usermin | usermin | 1.080 | |
| webmin | webmin | 1.0.00 | |
| webmin | webmin | 1.0.20 | |
| webmin | webmin | 1.0.50 | |
| webmin | webmin | 1.0.60 | |
| webmin | webmin | 1.0.70 | |
| webmin | webmin | 1.0.80 | |
| webmin | webmin | 1.0.90 | |
| webmin | webmin | 1.1.00 | |
| webmin | webmin | 1.1.10 | |
| webmin | webmin | 1.1.21 | |
| webmin | webmin | 1.1.30 | |
| webmin | webmin | 1.1.40 | |
| webmin | webmin | 1.1.50 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:usermin:usermin:1.000:*:*:*:*:*:*:*",
"matchCriteriaId": "C70274C3-7CA0-49A2-B63C-7DAF492CCD0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.010:*:*:*:*:*:*:*",
"matchCriteriaId": "A7C4A319-0EA6-47E0-831A-27530DCF714E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.020:*:*:*:*:*:*:*",
"matchCriteriaId": "D1009D90-9851-441B-A2E2-FA5B676E8182",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.030:*:*:*:*:*:*:*",
"matchCriteriaId": "934A3D3F-CF10-478C-9206-DB468BCA4702",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.040:*:*:*:*:*:*:*",
"matchCriteriaId": "77B42570-F094-4C25-B246-6439D3FF4B30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.051:*:*:*:*:*:*:*",
"matchCriteriaId": "69A30BB5-2C3F-4C39-8CDC-CC0CC280384C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.060:*:*:*:*:*:*:*",
"matchCriteriaId": "753BF8DE-D225-4301-A6A6-50CD60B34234",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.070:*:*:*:*:*:*:*",
"matchCriteriaId": "FC37A972-11D7-4C85-A8DC-5EDE808629F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.080:*:*:*:*:*:*:*",
"matchCriteriaId": "EA7131C0-4FE1-4D69-9B21-8A9BFADE2A2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.00:*:*:*:*:*:*:*",
"matchCriteriaId": "2B4A574A-5B2A-4769-B932-E1736564160A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "D9425C1F-5E6A-489A-9A8B-9156E79FEAA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.50:*:*:*:*:*:*:*",
"matchCriteriaId": "C968FBE9-191A-40B1-9A69-BF24511E40B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.60:*:*:*:*:*:*:*",
"matchCriteriaId": "D89047FD-39F0-4614-B1EC-D13BAF57405E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.70:*:*:*:*:*:*:*",
"matchCriteriaId": "6CDF2120-F341-4C2E-88C1-A6C76626BFF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.80:*:*:*:*:*:*:*",
"matchCriteriaId": "01DFC15C-3513-4E94-B46D-94FEA0D627FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.90:*:*:*:*:*:*:*",
"matchCriteriaId": "F4E068D3-F6B5-4102-B9FA-949E2FAA33D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.00:*:*:*:*:*:*:*",
"matchCriteriaId": "7E6BD551-EC6A-4C77-B9E7-B9CF3DC21021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "01B0FE2D-02BC-4081-B172-64A74389C5F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "1615ACA2-32CC-48B7-AB5A-0BB0FDA7F190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.30:*:*:*:*:*:*:*",
"matchCriteriaId": "F5ABAE43-0EEF-44D5-AB36-44DA54290122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.40:*:*:*:*:*:*:*",
"matchCriteriaId": "AD33CE40-DFC9-4BDC-BF4F-9E0B268B8503",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.50:*:*:*:*:*:*:*",
"matchCriteriaId": "8608F5A2-B6FA-43C6-9862-43DBAF01EB1C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The web mail functionality in Usermin 1.x and Webmin 1.x allows remote attackers to execute arbitrary commands via shell metacharacters in an e-mail message."
}
],
"id": "CVE-2004-1468",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/12488/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-15.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/77_e.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/11122"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17293"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/12488/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-15.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/77_e.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/11122"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17293"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-03-21 16:00
Modified
2024-11-21 03:57
Severity ?
Summary
Webmin 1.890 has XSS via /config.cgi?webmin, the /shell/index.cgi history parameter, /shell/index.cgi?stripped=1, or the /webminlog/search.cgi uall or mall parameter.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/151144/Webmin-1.890-Cross-Site-Scripting.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.webmin.com/index.html | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/151144/Webmin-1.890-Cross-Site-Scripting.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.webmin.com/index.html | Product |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:1.890:*:*:*:*:*:*:*",
"matchCriteriaId": "EF2C06D5-4D9A-47A2-8540-0FBE5503770A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Webmin 1.890 has XSS via /config.cgi?webmin, the /shell/index.cgi history parameter, /shell/index.cgi?stripped=1, or the /webminlog/search.cgi uall or mall parameter."
},
{
"lang": "es",
"value": "Webmin 1.890 tiene Cross-Site Scripting (XSS) mediante /config.cgi?webmin, el par\u00e1metro history en /shell/index.cgi, /shell/index.cgi?stripped=1 o los par\u00e1metros uall o mall en /webminlog/search.cgi."
}
],
"id": "CVE-2018-19191",
"lastModified": "2024-11-21T03:57:30.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-21T16:00:30.327",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/151144/Webmin-1.890-Cross-Site-Scripting.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "http://www.webmin.com/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/151144/Webmin-1.890-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "http://www.webmin.com/index.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
run.cgi in Webmin 0.80 and 0.88 creates temporary files with world-writable permissions, which allows local users to execute arbitrary commands.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://archives.neohapsis.com/archives/vulnwatch/2001-q4/0015.html | Vendor Advisory | |
| cve@mitre.org | http://www.securiteam.com/unixfocus/6R00M0K2UC.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/vulnwatch/2001-q4/0015.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securiteam.com/unixfocus/6R00M0K2UC.html | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:0.80:*:*:*:*:*:*:*",
"matchCriteriaId": "23522A64-FD03-4C5B-9A8A-5E7CDDC65CEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.88:*:*:*:*:*:*:*",
"matchCriteriaId": "DBB86BC7-4A99-4C5B-9460-CDDA7C4E4041",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "run.cgi in Webmin 0.80 and 0.88 creates temporary files with world-writable permissions, which allows local users to execute arbitrary commands."
}
],
"id": "CVE-2001-1530",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2001-q4/0015.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securiteam.com/unixfocus/6R00M0K2UC.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2001-q4/0015.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securiteam.com/unixfocus/6R00M0K2UC.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-16 14:06
Modified
2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in view.cgi in Webmin before 1.680 allows remote attackers to inject arbitrary web script or HTML via the search parameter.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cret@cert.org | http://seclists.org/fulldisclosure/2014/Mar/274 | Exploit | |
| cret@cert.org | http://www-01.ibm.com/support/docview.wss?uid=swg21679713 | ||
| cret@cert.org | http://www.kb.cert.org/vuls/id/381692 | US Government Resource | |
| cret@cert.org | http://www.securityfocus.com/bid/66248 | Exploit | |
| cret@cert.org | http://www.webmin.com/changes.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2014/Mar/274 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www-01.ibm.com/support/docview.wss?uid=swg21679713 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/381692 | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/66248 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.webmin.com/changes.html |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B0BF214-8325-44C1-88F1-722E50F04A72",
"versionEndIncluding": "1.670",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.600:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDBEEF5-0D51-4585-9AFF-E317E1E81C4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.610:*:*:*:*:*:*:*",
"matchCriteriaId": "79D5E434-C5D0-476C-991C-E82355AE32B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.620:*:*:*:*:*:*:*",
"matchCriteriaId": "523DF9D1-7E6D-458E-93AD-906AAE97E1CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.630:*:*:*:*:*:*:*",
"matchCriteriaId": "76BD5561-78F2-416F-BDE1-365D887FC061",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.640:*:*:*:*:*:*:*",
"matchCriteriaId": "E5D20433-B154-4CD2-BF7E-2B0F6E93E81C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.650:*:*:*:*:*:*:*",
"matchCriteriaId": "2403CB58-22C6-4B71-B007-4F2B8D942C5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.660:*:*:*:*:*:*:*",
"matchCriteriaId": "6321F048-D25F-4E4C-9994-7FA0D619418D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in view.cgi in Webmin before 1.680 allows remote attackers to inject arbitrary web script or HTML via the search parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en view.cgi en Webmin anterior a 1.680 permite a atacantes remotos inyectar script Web o HTML arbitrarios a trav\u00e9s del par\u00e1metro search."
}
],
"id": "CVE-2014-0339",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-03-16T14:06:45.147",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2014/Mar/274"
},
{
"source": "cret@cert.org",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21679713"
},
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/381692"
},
{
"source": "cret@cert.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/66248"
},
{
"source": "cret@cert.org",
"url": "http://www.webmin.com/changes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2014/Mar/274"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21679713"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/381692"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/66248"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.webmin.com/changes.html"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
The RPC module in Webmin 0.21 through 0.99, when installed without root or admin privileges, allows remote attackers to read and write to arbitrary files and execute arbitrary commands via remote_foreign_require and remote_foreign_call requests.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2002-08/0403.html | ||
| cve@mitre.org | http://www.iss.net/security_center/static/9983.php | ||
| cve@mitre.org | http://www.securiteam.com/unixfocus/5CP0R1P80G.html | ||
| cve@mitre.org | http://www.securityfocus.com/bid/5591 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2002-08/0403.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.iss.net/security_center/static/9983.php | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securiteam.com/unixfocus/5CP0R1P80G.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/5591 | Exploit |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| webmin | webmin | 0.21 | |
| webmin | webmin | 0.22 | |
| webmin | webmin | 0.31 | |
| webmin | webmin | 0.41 | |
| webmin | webmin | 0.42 | |
| webmin | webmin | 0.51 | |
| webmin | webmin | 0.76 | |
| webmin | webmin | 0.77 | |
| webmin | webmin | 0.78 | |
| webmin | webmin | 0.79 | |
| webmin | webmin | 0.80 | |
| webmin | webmin | 0.85 | |
| webmin | webmin | 0.88 | |
| webmin | webmin | 0.91 | |
| webmin | webmin | 0.92 | |
| webmin | webmin | 0.93 | |
| webmin | webmin | 0.94 | |
| webmin | webmin | 0.950 | |
| webmin | webmin | 0.960 | |
| webmin | webmin | 0.970 | |
| webmin | webmin | 0.980 | |
| webmin | webmin | 0.990 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "84B5A02C-96AB-46FD-A958-86AC0DFD1F2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "BB1B8073-C512-4ACA-8E3F-92D46D63FBCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.31:*:*:*:*:*:*:*",
"matchCriteriaId": "B368FAD0-39A7-4115-9327-1D32BECF2F7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.41:*:*:*:*:*:*:*",
"matchCriteriaId": "2B3D7B7A-0426-4176-A759-E96024DC492D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.42:*:*:*:*:*:*:*",
"matchCriteriaId": "1E3EFDEE-A99B-4D0E-B6A7-E7C285A5DFBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.51:*:*:*:*:*:*:*",
"matchCriteriaId": "50C3D4D4-246A-4287-AA42-CFDD0C1AE22A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.76:*:*:*:*:*:*:*",
"matchCriteriaId": "F05CF0BA-0606-42E5-A631-D302FF1D59F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.77:*:*:*:*:*:*:*",
"matchCriteriaId": "6A79B7B3-708A-42E4-B4EF-7746F6292DB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.78:*:*:*:*:*:*:*",
"matchCriteriaId": "E2F06BC0-0418-4A1C-BD4A-B7429A6CEA39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.79:*:*:*:*:*:*:*",
"matchCriteriaId": "1817FDA9-31F4-4D4A-A867-386D2F1CDB1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.80:*:*:*:*:*:*:*",
"matchCriteriaId": "23522A64-FD03-4C5B-9A8A-5E7CDDC65CEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.85:*:*:*:*:*:*:*",
"matchCriteriaId": "E9A3F522-6E6D-446C-8694-7AE91F19F1C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.88:*:*:*:*:*:*:*",
"matchCriteriaId": "DBB86BC7-4A99-4C5B-9460-CDDA7C4E4041",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.91:*:*:*:*:*:*:*",
"matchCriteriaId": "0B0813F3-1886-481E-8822-4BD199C4934F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.92:*:*:*:*:*:*:*",
"matchCriteriaId": "6D25A7CA-ED9D-4562-8965-D4906D1BE5FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.93:*:*:*:*:*:*:*",
"matchCriteriaId": "C1F2D028-F2F9-4CE0-A24B-7DB44D488D4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.94:*:*:*:*:*:*:*",
"matchCriteriaId": "82EE7A9B-5688-4933-95B9-476873D44A65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.950:*:*:*:*:*:*:*",
"matchCriteriaId": "08068E84-9EE5-4742-B70A-567CD4199604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.960:*:*:*:*:*:*:*",
"matchCriteriaId": "5C6D5F6A-B34F-4134-959F-C31FC84EBCF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.970:*:*:*:*:*:*:*",
"matchCriteriaId": "DB4FEC51-DD03-418D-8E55-CEE696BE2D74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.980:*:*:*:*:*:*:*",
"matchCriteriaId": "4B9F8F43-F9EC-4BC0-BDF6-EC3EDF5A71F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.990:*:*:*:*:*:*:*",
"matchCriteriaId": "DB6865E9-F244-4019-AA4C-3DB1655A6AA0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The RPC module in Webmin 0.21 through 0.99, when installed without root or admin privileges, allows remote attackers to read and write to arbitrary files and execute arbitrary commands via remote_foreign_require and remote_foreign_call requests."
}
],
"id": "CVE-2002-2360",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2002-08/0403.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/9983.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.securiteam.com/unixfocus/5CP0R1P80G.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/5591"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2002-08/0403.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/9983.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securiteam.com/unixfocus/5CP0R1P80G.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/5591"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-05-15 03:15
Modified
2024-11-21 07:03
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Webmin through 1.991, when the Authentic theme is used, allows remote code execution when a user has been manually created (i.e., not created in Virtualmin or Cloudmin). This occurs because settings-editor_write.cgi does not properly restrict the file parameter.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/esp0xdeadbeef/rce_webmin | Exploit, Third Party Advisory | |
| cve@mitre.org | https://github.com/esp0xdeadbeef/rce_webmin/blob/main/exploit.py | Exploit, Third Party Advisory | |
| cve@mitre.org | https://github.com/webmin/authentic-theme/releases | Release Notes, Third Party Advisory | |
| cve@mitre.org | https://github.com/webmin/webmin/commit/6a2334bf8b27d55c7edf0b2825cd14f3f8a69d4d | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/webmin/webmin/issues/1635 | Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://github.com/webmin/webmin/releases | Release Notes, Third Party Advisory | |
| cve@mitre.org | https://webmin.com/changes.html | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://www.twitch.tv/videos/1483029790 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/esp0xdeadbeef/rce_webmin | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/esp0xdeadbeef/rce_webmin/blob/main/exploit.py | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/webmin/authentic-theme/releases | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/webmin/webmin/commit/6a2334bf8b27d55c7edf0b2825cd14f3f8a69d4d | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/webmin/webmin/issues/1635 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/webmin/webmin/releases | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://webmin.com/changes.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.twitch.tv/videos/1483029790 | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E7E66E77-42F1-435A-A63C-00C63E08F2AF",
"versionEndIncluding": "1.991",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Webmin through 1.991, when the Authentic theme is used, allows remote code execution when a user has been manually created (i.e., not created in Virtualmin or Cloudmin). This occurs because settings-editor_write.cgi does not properly restrict the file parameter."
},
{
"lang": "es",
"value": "Webmin versiones hasta 1.991, cuando es usado el tema Authentic, permite una ejecuci\u00f3n de c\u00f3digo remota cuando un usuario ha sido creado manualmente (es decir, no ha sido creado en Virtualmin o Cloudmin). Esto ocurre porque settings-editor_write.cgi no restringe apropiadamente el par\u00e1metro de archivo"
}
],
"id": "CVE-2022-30708",
"lastModified": "2024-11-21T07:03:13.387",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-15T03:15:07.060",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/esp0xdeadbeef/rce_webmin"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/esp0xdeadbeef/rce_webmin/blob/main/exploit.py"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/webmin/authentic-theme/releases"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/webmin/webmin/commit/6a2334bf8b27d55c7edf0b2825cd14f3f8a69d4d"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/webmin/webmin/issues/1635"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/webmin/webmin/releases"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://webmin.com/changes.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.twitch.tv/videos/1483029790"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/esp0xdeadbeef/rce_webmin"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/esp0xdeadbeef/rce_webmin/blob/main/exploit.py"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/webmin/authentic-theme/releases"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/webmin/webmin/commit/6a2334bf8b27d55c7edf0b2825cd14f3f8a69d4d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/webmin/webmin/issues/1635"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/webmin/webmin/releases"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://webmin.com/changes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.twitch.tv/videos/1483029790"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-09-04 23:15
Modified
2024-09-05 21:35
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Webmin before 2.202 and Virtualmin before 7.20.2 allow a network traffic loop via spoofed UDP packets on port 10000.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://cispa.de/en/loop-dos | Technical Description | |
| cve@mitre.org | https://webmin.com | Product | |
| cve@mitre.org | https://www.openwall.com/lists/oss-security/2024/09/04/1 | Mailing List |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| virtualmin | virtualmin | * | |
| webmin | webmin | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:virtualmin:virtualmin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A24DE54E-A013-48BE-BCEE-2BA5B787935F",
"versionEndExcluding": "7.20.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "514CA70F-98FB-4640-A7CD-EFB0EF9D9C7A",
"versionEndExcluding": "2.202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Webmin before 2.202 and Virtualmin before 7.20.2 allow a network traffic loop via spoofed UDP packets on port 10000."
},
{
"lang": "es",
"value": "Webmin anterior a 2.202 y Virtualmin anterior a 7.20.2 permiten un bucle de tr\u00e1fico de red a trav\u00e9s de paquetes UDP falsificados en el puerto 10000."
}
],
"id": "CVE-2024-45692",
"lastModified": "2024-09-05T21:35:14.337",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-09-04T23:15:12.887",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Technical Description"
],
"url": "https://cispa.de/en/loop-dos"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://webmin.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://www.openwall.com/lists/oss-security/2024/09/04/1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-835"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-835"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-08-12 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Cross-site scripting vulnerability in the authentication page for (1) Webmin 0.96 and (2) Usermin 0.90 allows remote attackers to insert script into an error page and possibly steal cookies.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://archives.neohapsis.com/archives/bugtraq/2002-05/0040.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.iss.net/security_center/static/9036.php | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/4694 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/bugtraq/2002-05/0040.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.iss.net/security_center/static/9036.php | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/4694 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:usermin:usermin:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CD343610-8BE2-4916-AF30-66B21330D84C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0D54B4D9-5218-41F9-A701-F960199EE520",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B352FF6B-989C-4540-B434-9452851F745C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.91:*:*:*:*:*:*:*",
"matchCriteriaId": "0B0813F3-1886-481E-8822-4BD199C4934F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.92:*:*:*:*:*:*:*",
"matchCriteriaId": "6D25A7CA-ED9D-4562-8965-D4906D1BE5FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.92.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5C38C77-246F-41A9-A3D5-99C2DDA1DAE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.93:*:*:*:*:*:*:*",
"matchCriteriaId": "C1F2D028-F2F9-4CE0-A24B-7DB44D488D4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.94:*:*:*:*:*:*:*",
"matchCriteriaId": "82EE7A9B-5688-4933-95B9-476873D44A65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.95:*:*:*:*:*:*:*",
"matchCriteriaId": "30A57D7A-B989-4D82-B667-029A245AA6D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.96:*:*:*:*:*:*:*",
"matchCriteriaId": "C664186B-DD40-490B-B2DE-4279B00102F2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in the authentication page for (1) Webmin 0.96 and (2) Usermin 0.90 allows remote attackers to insert script into an error page and possibly steal cookies."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados en la p\u00e1gina de autenticaci\u00f3n de:\r\n\r\n Webmin 0.96\r\n Usermin 0.90\r\n\r\nque permite a atacantes remotos la inserci\u00f3n de c\u00f3digo en una p\u00e1gina de error y posiblemente el robo de cookies."
}
],
"id": "CVE-2002-0756",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-08-12T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-05/0040.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/9036.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/4694"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-05/0040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/9036.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/4694"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-19 22:29
Modified
2025-04-20 01:37
Severity ?
Summary
CSRF exists in Webmin 1.850. By sending a GET request to at/create_job.cgi containing dir=/&cmd= in the URI, an attacker to execute arbitrary commands.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.webmin.com/changes.html | Release Notes, Vendor Advisory | |
| cve@mitre.org | http://www.webmin.com/security.html | Vendor Advisory | |
| cve@mitre.org | https://blogs.securiteam.com/index.php/archives/3430 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://github.com/webmin/webmin/commit/0c58892732ee7610a7abba5507614366d382c9c9 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.webmin.com/changes.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.webmin.com/security.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blogs.securiteam.com/index.php/archives/3430 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/webmin/webmin/commit/0c58892732ee7610a7abba5507614366d382c9c9 | Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A946EA8C-A37B-497C-96F0-68F5AD312139",
"versionEndIncluding": "1.850",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CSRF exists in Webmin 1.850. By sending a GET request to at/create_job.cgi containing dir=/\u0026cmd= in the URI, an attacker to execute arbitrary commands."
},
{
"lang": "es",
"value": "Existe CSRF en Webmin 1.850. Enviando una petici\u00f3n GET a at/create_job.cgi que contenga dir=/cmd= en la URI, un atacante puede ejecutar comandos arbitrarios."
}
],
"id": "CVE-2017-15645",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-19T22:29:00.277",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://www.webmin.com/changes.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.webmin.com/security.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blogs.securiteam.com/index.php/archives/3430"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/webmin/webmin/commit/0c58892732ee7610a7abba5507614366d382c9c9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://www.webmin.com/changes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.webmin.com/security.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blogs.securiteam.com/index.php/archives/3430"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/webmin/webmin/commit/0c58892732ee7610a7abba5507614366d382c9c9"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-05-30 14:55
Modified
2025-04-12 10:46
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Webmin before 1.690 and Usermin before 1.600 allow remote attackers to inject arbitrary web script or HTML via vectors related to popup windows.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://secunia.com/advisories/58917 | ||
| cve@mitre.org | http://secunia.com/advisories/58919 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/67647 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/67649 | ||
| cve@mitre.org | http://www.securitytracker.com/id/1030296 | ||
| cve@mitre.org | http://www.securitytracker.com/id/1030297 | ||
| cve@mitre.org | http://www.webmin.com/changes.html | Vendor Advisory | |
| cve@mitre.org | http://www.webmin.com/uchanges.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/58917 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/58919 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/67647 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/67649 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1030296 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1030297 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.webmin.com/changes.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.webmin.com/uchanges.html | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:userwin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0F24BAA2-855C-47B7-8660-94320F4F9351",
"versionEndIncluding": "1.590",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C7098876-1831-4013-AFDC-4B87AEBECEDA",
"versionEndIncluding": "1.680",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Webmin before 1.690 and Usermin before 1.600 allow remote attackers to inject arbitrary web script or HTML via vectors related to popup windows."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en Webmin anterior a 1.690 y Usermin anterior a 1.600 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores relacionados con ventanas emergentes."
}
],
"id": "CVE-2014-3924",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-05-30T14:55:09.910",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/58917"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/58919"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/67647"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/67649"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1030296"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1030297"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.webmin.com/changes.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.webmin.com/uchanges.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/58917"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/58919"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/67647"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/67649"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1030296"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1030297"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.webmin.com/changes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.webmin.com/uchanges.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-03-03 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
miniserv.pl in (1) Webmin before 1.070 and (2) Usermin before 1.000 does not properly handle metacharacters such as line feeds and carriage returns (CRLF) in Base-64 encoded strings during Basic authentication, which allows remote attackers to spoof a session ID and gain root privileges.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | ftp://patches.sgi.com/support/free/security/advisories/20030602-01-I | ||
| cve@mitre.org | http://archives.neohapsis.com/archives/hp/2003-q1/0063.html | ||
| cve@mitre.org | http://archives.neohapsis.com/archives/linux/engarde/2003-q1/0008.html | ||
| cve@mitre.org | http://marc.info/?l=bugtraq&m=104610245624895&w=2 | ||
| cve@mitre.org | http://marc.info/?l=bugtraq&m=104610300325629&w=2 | ||
| cve@mitre.org | http://marc.info/?l=bugtraq&m=104610336226274&w=2 | ||
| cve@mitre.org | http://marc.info/?l=webmin-announce&m=104587858408101&w=2 | ||
| cve@mitre.org | http://secunia.com/advisories/8115 | ||
| cve@mitre.org | http://secunia.com/advisories/8163 | ||
| cve@mitre.org | http://www.ciac.org/ciac/bulletins/n-058.shtml | ||
| cve@mitre.org | http://www.debian.org/security/2003/dsa-319 | ||
| cve@mitre.org | http://www.iss.net/security_center/static/11390.php | Vendor Advisory | |
| cve@mitre.org | http://www.lac.co.jp/security/english/snsadv_e/62_e.html | ||
| cve@mitre.org | http://www.linuxsecurity.com/advisories/gentoo_advisory-2886.html | ||
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDKSA-2003:025 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/6915 | ||
| cve@mitre.org | http://www.securitytracker.com/id?1006160 | ||
| af854a3a-2127-422b-91ae-364da2661108 | ftp://patches.sgi.com/support/free/security/advisories/20030602-01-I | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/hp/2003-q1/0063.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/linux/engarde/2003-q1/0008.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=104610245624895&w=2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=104610300325629&w=2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=104610336226274&w=2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=webmin-announce&m=104587858408101&w=2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/8115 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/8163 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ciac.org/ciac/bulletins/n-058.shtml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2003/dsa-319 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.iss.net/security_center/static/11390.php | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.lac.co.jp/security/english/snsadv_e/62_e.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.linuxsecurity.com/advisories/gentoo_advisory-2886.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDKSA-2003:025 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/6915 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1006160 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| engardelinux | guardian_digital_webtool | 1.2 | |
| usermin | usermin | 0.4 | |
| usermin | usermin | 0.5 | |
| usermin | usermin | 0.6 | |
| usermin | usermin | 0.7 | |
| usermin | usermin | 0.8 | |
| usermin | usermin | 0.9 | |
| usermin | usermin | 0.91 | |
| usermin | usermin | 0.92 | |
| usermin | usermin | 0.93 | |
| usermin | usermin | 0.94 | |
| usermin | usermin | 0.95 | |
| usermin | usermin | 0.96 | |
| usermin | usermin | 0.97 | |
| usermin | usermin | 0.98 | |
| usermin | usermin | 0.99 | |
| webmin | webmin | 1.0.50 | |
| webmin | webmin | 1.0.60 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:engardelinux:guardian_digital_webtool:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "91EB3988-0BFD-4BE8-A170-A99A32222540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1AD41B8B-72C0-411F-83E7-A82E1642FA26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "65A99166-28DF-4651-985F-922DBB06687E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0F9EACC7-1464-4476-9AA1-50DD902A3489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CD343610-8BE2-4916-AF30-66B21330D84C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0D54B4D9-5218-41F9-A701-F960199EE520",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B352FF6B-989C-4540-B434-9452851F745C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.91:*:*:*:*:*:*:*",
"matchCriteriaId": "F83F9841-49C7-410A-891F-365BBA043D2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.92:*:*:*:*:*:*:*",
"matchCriteriaId": "711485C5-F16A-4481-AEE3-E2AF1BAA09DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.93:*:*:*:*:*:*:*",
"matchCriteriaId": "FD5B9395-DCEA-4615-825E-1C4B42F25E2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.94:*:*:*:*:*:*:*",
"matchCriteriaId": "0B7162DD-DFE1-478D-B87C-28C393E20941",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.95:*:*:*:*:*:*:*",
"matchCriteriaId": "A01D1150-FCDE-47F5-BFE6-F06A294D7B29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.96:*:*:*:*:*:*:*",
"matchCriteriaId": "2D673B88-A9D9-4D22-9531-7F06791BC551",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.97:*:*:*:*:*:*:*",
"matchCriteriaId": "538021A3-2A6E-446F-B14D-4DCC7A470E55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.98:*:*:*:*:*:*:*",
"matchCriteriaId": "BB1A2A26-1187-46BE-8EFC-F3C325679245",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.99:*:*:*:*:*:*:*",
"matchCriteriaId": "6E70B0A6-31C9-4D78-B4B9-E75B45B6368C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.50:*:*:*:*:*:*:*",
"matchCriteriaId": "C968FBE9-191A-40B1-9A69-BF24511E40B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.60:*:*:*:*:*:*:*",
"matchCriteriaId": "D89047FD-39F0-4614-B1EC-D13BAF57405E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "miniserv.pl in (1) Webmin before 1.070 and (2) Usermin before 1.000 does not properly handle metacharacters such as line feeds and carriage returns (CRLF) in Base-64 encoded strings during Basic authentication, which allows remote attackers to spoof a session ID and gain root privileges."
},
{
"lang": "es",
"value": "miniserv.pl en Webmin anterior a 1.070 y Usermin antes de 1.000 no maneja adecuadamente metacaract\u00e9res como avance de l\u00ednea y retorno de carro (CRLF) en cadenas codificadas en Base-64 durante la autenticaci\u00f3n b\u00e1sica, lo que permite a atacantes remotos suplantar un ID de sesi\u00f3n y ganar privilegios de root."
}
],
"id": "CVE-2003-0101",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-03-03T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20030602-01-I"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/hp/2003-q1/0063.html"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/linux/engarde/2003-q1/0008.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=104610245624895\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=104610300325629\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=104610336226274\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=webmin-announce\u0026m=104587858408101\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/8115"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/8163"
},
{
"source": "cve@mitre.org",
"url": "http://www.ciac.org/ciac/bulletins/n-058.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2003/dsa-319"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/11390.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.lac.co.jp/security/english/snsadv_e/62_e.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.linuxsecurity.com/advisories/gentoo_advisory-2886.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:025"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/6915"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1006160"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20030602-01-I"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/hp/2003-q1/0063.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/linux/engarde/2003-q1/0008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=104610245624895\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=104610300325629\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=104610336226274\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=webmin-announce\u0026m=104587858408101\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/8115"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/8163"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ciac.org/ciac/bulletins/n-058.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2003/dsa-319"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/11390.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.lac.co.jp/security/english/snsadv_e/62_e.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.linuxsecurity.com/advisories/gentoo_advisory-2886.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:025"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/6915"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1006160"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-15 01:15
Modified
2024-11-21 08:20
Severity ?
Summary
A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Replace in Results file.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://webmin.com | Product | |
| cve@mitre.org | https://github.com/Vi39/Webmin-2.100/blob/main/CVE-2023-40984 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://webmin.com | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Vi39/Webmin-2.100/blob/main/CVE-2023-40984 | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:2.100:*:*:*:*:*:*:*",
"matchCriteriaId": "C1B4BC89-37BB-4538-887D-DE2B0930BDED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Replace in Results file."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Cross-Site Scripting (XSS) reflejada en la funci\u00f3n Administrador de Archivos de Webmin v2.100 permite a los atacantes ejecutar un script malicioso mediante la inyecci\u00f3n de un payload manipulado en el fichero Reemplazar en Resultados."
}
],
"id": "CVE-2023-40984",
"lastModified": "2024-11-21T08:20:22.170",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-15T01:15:07.653",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "http://webmin.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Vi39/Webmin-2.100/blob/main/CVE-2023-40984"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "http://webmin.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Vi39/Webmin-2.100/blob/main/CVE-2023-40984"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-19 22:29
Modified
2025-04-20 01:37
Severity ?
Summary
SSRF exists in Webmin 1.850 via the PATH_INFO to tunnel/link.cgi, as demonstrated by a GET request for tunnel/link.cgi/http://INTRANET-IP:8000.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.webmin.com/changes.html | Release Notes, Vendor Advisory | |
| cve@mitre.org | http://www.webmin.com/security.html | Vendor Advisory | |
| cve@mitre.org | https://blogs.securiteam.com/index.php/archives/3430 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://github.com/webmin/webmin/commit/0c58892732ee7610a7abba5507614366d382c9c9 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.webmin.com/changes.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.webmin.com/security.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blogs.securiteam.com/index.php/archives/3430 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/webmin/webmin/commit/0c58892732ee7610a7abba5507614366d382c9c9 | Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A946EA8C-A37B-497C-96F0-68F5AD312139",
"versionEndIncluding": "1.850",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SSRF exists in Webmin 1.850 via the PATH_INFO to tunnel/link.cgi, as demonstrated by a GET request for tunnel/link.cgi/http://INTRANET-IP:8000."
},
{
"lang": "es",
"value": "Existe SSRF en Webmin 1.850 mediante PATH_INFO a tunnel/link.cgi, como se ha demostrado por una petici\u00f3n GET para tunnel/link.cgi/http://INTRANET-IP:8000."
}
],
"id": "CVE-2017-15644",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-19T22:29:00.230",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://www.webmin.com/changes.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.webmin.com/security.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blogs.securiteam.com/index.php/archives/3430"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/webmin/webmin/commit/0c58892732ee7610a7abba5507614366d382c9c9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://www.webmin.com/changes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.webmin.com/security.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blogs.securiteam.com/index.php/archives/3430"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/webmin/webmin/commit/0c58892732ee7610a7abba5507614366d382c9c9"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-09-05 23:04
Modified
2025-04-03 01:03
Severity ?
Summary
Webmin before 1.296 and Usermin before 1.226 do not properly handle a URL with a null ("%00") character, which allows remote attackers to conduct cross-site scripting (XSS), read CGI program source code, list directories, and possibly execute programs.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://jvn.jp/jp/JVN%2399776858/index.html | Patch | |
| cve@mitre.org | http://secunia.com/advisories/21690 | Patch, Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/22087 | ||
| cve@mitre.org | http://secunia.com/advisories/22114 | ||
| cve@mitre.org | http://secunia.com/advisories/22556 | ||
| cve@mitre.org | http://securitytracker.com/id?1016776 | ||
| cve@mitre.org | http://securitytracker.com/id?1016777 | ||
| cve@mitre.org | http://webmin.com/security.html | Patch | |
| cve@mitre.org | http://www.debian.org/security/2006/dsa-1199 | ||
| cve@mitre.org | http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/89_e.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDKSA-2006:170 | ||
| cve@mitre.org | http://www.osvdb.org/28337 | ||
| cve@mitre.org | http://www.osvdb.org/28338 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/19820 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2006/3424 | Vendor Advisory | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/28699 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/jp/JVN%2399776858/index.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/21690 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/22087 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/22114 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/22556 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1016776 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1016777 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://webmin.com/security.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2006/dsa-1199 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/89_e.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDKSA-2006:170 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/28337 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/28338 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/19820 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2006/3424 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/28699 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| usermin | usermin | * | |
| usermin | usermin | 0.4 | |
| usermin | usermin | 0.5 | |
| usermin | usermin | 0.6 | |
| usermin | usermin | 0.7 | |
| usermin | usermin | 0.8 | |
| usermin | usermin | 0.9 | |
| usermin | usermin | 0.91 | |
| usermin | usermin | 0.92 | |
| usermin | usermin | 0.93 | |
| usermin | usermin | 0.94 | |
| usermin | usermin | 0.95 | |
| usermin | usermin | 0.96 | |
| usermin | usermin | 0.97 | |
| usermin | usermin | 0.98 | |
| usermin | usermin | 0.99 | |
| usermin | usermin | 1.000 | |
| usermin | usermin | 1.010 | |
| usermin | usermin | 1.020 | |
| usermin | usermin | 1.030 | |
| usermin | usermin | 1.040 | |
| usermin | usermin | 1.051 | |
| usermin | usermin | 1.060 | |
| usermin | usermin | 1.070 | |
| usermin | usermin | 1.080 | |
| usermin | usermin | 1.090 | |
| usermin | usermin | 1.100 | |
| usermin | usermin | 1.110 | |
| usermin | usermin | 1.120 | |
| usermin | usermin | 1.130 | |
| usermin | usermin | 1.140 | |
| usermin | usermin | 1.150 | |
| usermin | usermin | 1.210 | |
| webmin | webmin | * | |
| webmin | webmin | 0.1 | |
| webmin | webmin | 0.2 | |
| webmin | webmin | 0.3 | |
| webmin | webmin | 0.4 | |
| webmin | webmin | 0.5 | |
| webmin | webmin | 0.6 | |
| webmin | webmin | 0.7 | |
| webmin | webmin | 0.21 | |
| webmin | webmin | 0.22 | |
| webmin | webmin | 0.31 | |
| webmin | webmin | 0.41 | |
| webmin | webmin | 0.42 | |
| webmin | webmin | 0.51 | |
| webmin | webmin | 0.76 | |
| webmin | webmin | 0.77 | |
| webmin | webmin | 0.78 | |
| webmin | webmin | 0.79 | |
| webmin | webmin | 0.80 | |
| webmin | webmin | 0.83 | |
| webmin | webmin | 0.84 | |
| webmin | webmin | 0.85 | |
| webmin | webmin | 0.88 | |
| webmin | webmin | 0.90 | |
| webmin | webmin | 0.91 | |
| webmin | webmin | 0.92 | |
| webmin | webmin | 0.92.1 | |
| webmin | webmin | 0.93 | |
| webmin | webmin | 0.94 | |
| webmin | webmin | 0.95 | |
| webmin | webmin | 0.96 | |
| webmin | webmin | 0.97 | |
| webmin | webmin | 0.98 | |
| webmin | webmin | 0.99 | |
| webmin | webmin | 1.0.00 | |
| webmin | webmin | 1.0.10 | |
| webmin | webmin | 1.0.20 | |
| webmin | webmin | 1.0.30 | |
| webmin | webmin | 1.0.40 | |
| webmin | webmin | 1.0.50 | |
| webmin | webmin | 1.0.51 | |
| webmin | webmin | 1.0.60 | |
| webmin | webmin | 1.0.70 | |
| webmin | webmin | 1.0.80 | |
| webmin | webmin | 1.0.90 | |
| webmin | webmin | 1.1.00 | |
| webmin | webmin | 1.1.10 | |
| webmin | webmin | 1.1.20 | |
| webmin | webmin | 1.1.21 | |
| webmin | webmin | 1.1.30 | |
| webmin | webmin | 1.1.40 | |
| webmin | webmin | 1.1.50 | |
| webmin | webmin | 1.2.20 | |
| webmin | webmin | 1.2.30 | |
| webmin | webmin | 1.2.40 | |
| webmin | webmin | 1.2.50 | |
| webmin | webmin | 1.2.60 | |
| webmin | webmin | 1.2.70 | |
| webmin | webmin | 1.2.80 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:usermin:usermin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "876EE957-11A6-4B93-9EE5-820FD954324F",
"versionEndIncluding": "1.220",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1AD41B8B-72C0-411F-83E7-A82E1642FA26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "65A99166-28DF-4651-985F-922DBB06687E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0F9EACC7-1464-4476-9AA1-50DD902A3489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CD343610-8BE2-4916-AF30-66B21330D84C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0D54B4D9-5218-41F9-A701-F960199EE520",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B352FF6B-989C-4540-B434-9452851F745C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.91:*:*:*:*:*:*:*",
"matchCriteriaId": "F83F9841-49C7-410A-891F-365BBA043D2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.92:*:*:*:*:*:*:*",
"matchCriteriaId": "711485C5-F16A-4481-AEE3-E2AF1BAA09DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.93:*:*:*:*:*:*:*",
"matchCriteriaId": "FD5B9395-DCEA-4615-825E-1C4B42F25E2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.94:*:*:*:*:*:*:*",
"matchCriteriaId": "0B7162DD-DFE1-478D-B87C-28C393E20941",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.95:*:*:*:*:*:*:*",
"matchCriteriaId": "A01D1150-FCDE-47F5-BFE6-F06A294D7B29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.96:*:*:*:*:*:*:*",
"matchCriteriaId": "2D673B88-A9D9-4D22-9531-7F06791BC551",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.97:*:*:*:*:*:*:*",
"matchCriteriaId": "538021A3-2A6E-446F-B14D-4DCC7A470E55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.98:*:*:*:*:*:*:*",
"matchCriteriaId": "BB1A2A26-1187-46BE-8EFC-F3C325679245",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.99:*:*:*:*:*:*:*",
"matchCriteriaId": "6E70B0A6-31C9-4D78-B4B9-E75B45B6368C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.000:*:*:*:*:*:*:*",
"matchCriteriaId": "C70274C3-7CA0-49A2-B63C-7DAF492CCD0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.010:*:*:*:*:*:*:*",
"matchCriteriaId": "A7C4A319-0EA6-47E0-831A-27530DCF714E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.020:*:*:*:*:*:*:*",
"matchCriteriaId": "D1009D90-9851-441B-A2E2-FA5B676E8182",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.030:*:*:*:*:*:*:*",
"matchCriteriaId": "934A3D3F-CF10-478C-9206-DB468BCA4702",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.040:*:*:*:*:*:*:*",
"matchCriteriaId": "77B42570-F094-4C25-B246-6439D3FF4B30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.051:*:*:*:*:*:*:*",
"matchCriteriaId": "69A30BB5-2C3F-4C39-8CDC-CC0CC280384C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.060:*:*:*:*:*:*:*",
"matchCriteriaId": "753BF8DE-D225-4301-A6A6-50CD60B34234",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.070:*:*:*:*:*:*:*",
"matchCriteriaId": "FC37A972-11D7-4C85-A8DC-5EDE808629F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.080:*:*:*:*:*:*:*",
"matchCriteriaId": "EA7131C0-4FE1-4D69-9B21-8A9BFADE2A2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.090:*:*:*:*:*:*:*",
"matchCriteriaId": "6499BF74-CA64-4192-A45F-0D8B30C1FF37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.100:*:*:*:*:*:*:*",
"matchCriteriaId": "C0E9BC53-C2EC-43B8-9B5D-40675CF4C335",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.110:*:*:*:*:*:*:*",
"matchCriteriaId": "4702AEBE-E774-4015-974C-761901D50697",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.120:*:*:*:*:*:*:*",
"matchCriteriaId": "9AC9875A-3D23-4E4B-9A18-F8F86A62E5DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.130:*:*:*:*:*:*:*",
"matchCriteriaId": "8AED1941-33C5-4C29-BC85-F43B0BE3920B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.140:*:*:*:*:*:*:*",
"matchCriteriaId": "D05ED34F-0D69-4A4F-B59B-15437E991075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.150:*:*:*:*:*:*:*",
"matchCriteriaId": "B443FCF7-5949-4084-BA55-74F45A8ADB66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.210:*:*:*:*:*:*:*",
"matchCriteriaId": "D42C312D-82DE-48A5-9FDE-00D547A57416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "63F9D04D-D42B-47E1-B63A-BD7C943EB03D",
"versionEndIncluding": "1.2.90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "30E3CF12-D0B7-4C7F-96C8-36A3FAFA8EDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C808C470-F0A1-4338-A988-3968EABE78E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C16685C0-94E9-4AE6-8221-1D32112808F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EDACA626-1687-4192-A2E8-C74823B715A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A9641C23-B30A-4CB2-A348-BD708F68F90A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0852A462-22ED-422D-A454-0A6E026D9AD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "97FEF73D-767D-4BF2-AA12-67268719A404",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "84B5A02C-96AB-46FD-A958-86AC0DFD1F2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "BB1B8073-C512-4ACA-8E3F-92D46D63FBCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.31:*:*:*:*:*:*:*",
"matchCriteriaId": "B368FAD0-39A7-4115-9327-1D32BECF2F7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.41:*:*:*:*:*:*:*",
"matchCriteriaId": "2B3D7B7A-0426-4176-A759-E96024DC492D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.42:*:*:*:*:*:*:*",
"matchCriteriaId": "1E3EFDEE-A99B-4D0E-B6A7-E7C285A5DFBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.51:*:*:*:*:*:*:*",
"matchCriteriaId": "50C3D4D4-246A-4287-AA42-CFDD0C1AE22A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.76:*:*:*:*:*:*:*",
"matchCriteriaId": "F05CF0BA-0606-42E5-A631-D302FF1D59F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.77:*:*:*:*:*:*:*",
"matchCriteriaId": "6A79B7B3-708A-42E4-B4EF-7746F6292DB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.78:*:*:*:*:*:*:*",
"matchCriteriaId": "E2F06BC0-0418-4A1C-BD4A-B7429A6CEA39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.79:*:*:*:*:*:*:*",
"matchCriteriaId": "1817FDA9-31F4-4D4A-A867-386D2F1CDB1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.80:*:*:*:*:*:*:*",
"matchCriteriaId": "23522A64-FD03-4C5B-9A8A-5E7CDDC65CEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.83:*:*:*:*:*:*:*",
"matchCriteriaId": "DFD94AA9-CABA-4FC8-8367-D5D9D8B4F623",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.84:*:*:*:*:*:*:*",
"matchCriteriaId": "35B136CA-47BF-46DE-885A-9E74EBDE5306",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.85:*:*:*:*:*:*:*",
"matchCriteriaId": "E9A3F522-6E6D-446C-8694-7AE91F19F1C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.88:*:*:*:*:*:*:*",
"matchCriteriaId": "DBB86BC7-4A99-4C5B-9460-CDDA7C4E4041",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.90:*:*:*:*:*:*:*",
"matchCriteriaId": "957C7CA1-DD36-409C-B7E5-01B719B4695E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.91:*:*:*:*:*:*:*",
"matchCriteriaId": "0B0813F3-1886-481E-8822-4BD199C4934F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.92:*:*:*:*:*:*:*",
"matchCriteriaId": "6D25A7CA-ED9D-4562-8965-D4906D1BE5FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.92.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5C38C77-246F-41A9-A3D5-99C2DDA1DAE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.93:*:*:*:*:*:*:*",
"matchCriteriaId": "C1F2D028-F2F9-4CE0-A24B-7DB44D488D4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.94:*:*:*:*:*:*:*",
"matchCriteriaId": "82EE7A9B-5688-4933-95B9-476873D44A65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.95:*:*:*:*:*:*:*",
"matchCriteriaId": "30A57D7A-B989-4D82-B667-029A245AA6D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.96:*:*:*:*:*:*:*",
"matchCriteriaId": "C664186B-DD40-490B-B2DE-4279B00102F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.97:*:*:*:*:*:*:*",
"matchCriteriaId": "88E1D6C5-20FE-4514-B618-312BB19E5F6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.98:*:*:*:*:*:*:*",
"matchCriteriaId": "B5017EA5-7188-4293-9FDF-5D23DCB40B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.99:*:*:*:*:*:*:*",
"matchCriteriaId": "FF6C5F07-330D-46C5-8A8B-8DF734F4640F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.00:*:*:*:*:*:*:*",
"matchCriteriaId": "2B4A574A-5B2A-4769-B932-E1736564160A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C644D728-1DD4-48E0-9E42-35E836006F41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "D9425C1F-5E6A-489A-9A8B-9156E79FEAA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.30:*:*:*:*:*:*:*",
"matchCriteriaId": "8B8347DA-13F8-40E9-B9EA-2703C049AFA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.40:*:*:*:*:*:*:*",
"matchCriteriaId": "BD9C3443-526E-4D68-9C7E-F3432BECE6C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.50:*:*:*:*:*:*:*",
"matchCriteriaId": "C968FBE9-191A-40B1-9A69-BF24511E40B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.51:*:*:*:*:*:*:*",
"matchCriteriaId": "FC77E1B6-E368-4ECD-8459-69C718CE5409",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.60:*:*:*:*:*:*:*",
"matchCriteriaId": "D89047FD-39F0-4614-B1EC-D13BAF57405E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.70:*:*:*:*:*:*:*",
"matchCriteriaId": "6CDF2120-F341-4C2E-88C1-A6C76626BFF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.80:*:*:*:*:*:*:*",
"matchCriteriaId": "01DFC15C-3513-4E94-B46D-94FEA0D627FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.90:*:*:*:*:*:*:*",
"matchCriteriaId": "F4E068D3-F6B5-4102-B9FA-949E2FAA33D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.00:*:*:*:*:*:*:*",
"matchCriteriaId": "7E6BD551-EC6A-4C77-B9E7-B9CF3DC21021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "01B0FE2D-02BC-4081-B172-64A74389C5F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "43433ECE-8225-43EE-9F5E-FBB170B60CFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "1615ACA2-32CC-48B7-AB5A-0BB0FDA7F190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.30:*:*:*:*:*:*:*",
"matchCriteriaId": "F5ABAE43-0EEF-44D5-AB36-44DA54290122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.40:*:*:*:*:*:*:*",
"matchCriteriaId": "AD33CE40-DFC9-4BDC-BF4F-9E0B268B8503",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.50:*:*:*:*:*:*:*",
"matchCriteriaId": "8608F5A2-B6FA-43C6-9862-43DBAF01EB1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "E815171B-B054-450F-A9B3-2D522161DD02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "CD941A62-A41E-41CB-80C0-8B780AC39FB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "786287DD-2565-4931-BBA0-2CACD7671352",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.2.50:*:*:*:*:*:*:*",
"matchCriteriaId": "4784DC04-D2C5-46C6-831F-23D69B4B0513",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.2.60:*:*:*:*:*:*:*",
"matchCriteriaId": "9C219DAB-C13C-4232-8B98-2D7A9ED16E30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.2.70:*:*:*:*:*:*:*",
"matchCriteriaId": "F88507A8-6143-4FB7-8027-EFB0C981ED8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.2.80:*:*:*:*:*:*:*",
"matchCriteriaId": "E35C0772-8265-415F-A390-530640DB9599",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Webmin before 1.296 and Usermin before 1.226 do not properly handle a URL with a null (\"%00\") character, which allows remote attackers to conduct cross-site scripting (XSS), read CGI program source code, list directories, and possibly execute programs."
},
{
"lang": "es",
"value": "Webmin anterior a 1.296 y Usermin anterior a 1.226 no dirigidas adecuadamente una URL con un caracter nulo (\"%00\"), lo cual permite a un atacante remoto dirigir una secuencia de comandos de sitios cruzados (XSS), leer el c\u00f3digo fuente del programa CGI, lista de directorios, y posiblemente ejecutar programas."
}
],
"evaluatorSolution": "This vulnerability is addressed in the following product releases:\r\nWebmin, Webmin, 1.296\r\nUsermin, Usermin, 1.226",
"id": "CVE-2006-4542",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-09-05T23:04:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://jvn.jp/jp/JVN%2399776858/index.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21690"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/22087"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/22114"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/22556"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1016776"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1016777"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://webmin.com/security.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2006/dsa-1199"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/89_e.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:170"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/28337"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/28338"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/19820"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/3424"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28699"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://jvn.jp/jp/JVN%2399776858/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21690"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22087"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22114"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22556"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016776"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016777"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://webmin.com/security.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2006/dsa-1199"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/89_e.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:170"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/28337"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/28338"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/19820"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/3424"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28699"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Webmin 0.92, when installed from an RPM, creates /var/webmin with insecure permissions (world readable), which could allow local users to read the root user's cookie-based authentication credentials and possibly hijack the root user's session using the credentials.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://online.securityfocus.com/archive/1/263181 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/4328 | Patch | |
| cve@mitre.org | http://www.webmin.com/changes.html | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/8595 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://online.securityfocus.com/archive/1/263181 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/4328 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.webmin.com/changes.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/8595 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:0.92:*:*:*:*:*:*:*",
"matchCriteriaId": "6D25A7CA-ED9D-4562-8965-D4906D1BE5FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.92.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5C38C77-246F-41A9-A3D5-99C2DDA1DAE1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Webmin 0.92, when installed from an RPM, creates /var/webmin with insecure permissions (world readable), which could allow local users to read the root user\u0027s cookie-based authentication credentials and possibly hijack the root user\u0027s session using the credentials."
}
],
"id": "CVE-2002-1672",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://online.securityfocus.com/archive/1/263181"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/4328"
},
{
"source": "cve@mitre.org",
"url": "http://www.webmin.com/changes.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8595"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://online.securityfocus.com/archive/1/263181"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/4328"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.webmin.com/changes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8595"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-31 15:15
Modified
2024-11-21 08:13
Severity ?
Summary
An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the System Logs Viewer functionality. The vulnerability allows an attacker to store a malicious payload in the configuration field, triggering the execution of the payload when saving the configuration or when accessing the System Logs Viewer page.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38311 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://webmin.com/tags/webmin-changelog/ | Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38311 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://webmin.com/tags/webmin-changelog/ | Release Notes |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:2.021:*:*:*:*:*:*:*",
"matchCriteriaId": "80238B58-DA47-4036-900B-61044249B404",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the System Logs Viewer functionality. The vulnerability allows an attacker to store a malicious payload in the configuration field, triggering the execution of the payload when saving the configuration or when accessing the System Logs Viewer page."
}
],
"id": "CVE-2023-38311",
"lastModified": "2024-11-21T08:13:18.150",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-31T15:15:10.963",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38311"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://webmin.com/tags/webmin-changelog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38311"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://webmin.com/tags/webmin-changelog/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-01-05 19:00
Modified
2025-04-09 00:30
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Webmin before 1.500 and Usermin before 1.430 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://secunia.com/advisories/37648 | Vendor Advisory | |
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDVSA-2010:036 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/37259 | Patch | |
| cve@mitre.org | http://www.vupen.com/english/advisories/2009/3457 | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.webmin.com/security.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37648 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2010:036 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/37259 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/3457 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.webmin.com/security.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| webmin | usermin | * | |
| webmin | usermin | 0.4 | |
| webmin | usermin | 0.5 | |
| webmin | usermin | 0.6 | |
| webmin | usermin | 0.7 | |
| webmin | usermin | 0.8 | |
| webmin | usermin | 0.9 | |
| webmin | usermin | 0.91 | |
| webmin | usermin | 0.92 | |
| webmin | usermin | 0.93 | |
| webmin | usermin | 0.94 | |
| webmin | usermin | 0.95 | |
| webmin | usermin | 0.96 | |
| webmin | usermin | 0.97 | |
| webmin | usermin | 0.98 | |
| webmin | usermin | 0.99 | |
| webmin | usermin | 1.000 | |
| webmin | usermin | 1.3 | |
| webmin | usermin | 1.010 | |
| webmin | usermin | 1.020 | |
| webmin | usermin | 1.030 | |
| webmin | usermin | 1.040 | |
| webmin | usermin | 1.051 | |
| webmin | usermin | 1.060 | |
| webmin | usermin | 1.070 | |
| webmin | usermin | 1.080 | |
| webmin | usermin | 1.090 | |
| webmin | usermin | 1.100 | |
| webmin | usermin | 1.110 | |
| webmin | usermin | 1.120 | |
| webmin | usermin | 1.130 | |
| webmin | usermin | 1.140 | |
| webmin | usermin | 1.150 | |
| webmin | usermin | 1.210 | |
| webmin | usermin | 1.220 | |
| webmin | usermin | 1.230 | |
| webmin | usermin | 1.240 | |
| webmin | usermin | 1.250 | |
| webmin | usermin | 1.260 | |
| webmin | usermin | 1.270 | |
| webmin | usermin | 1.280 | |
| webmin | webmin | * | |
| webmin | webmin | 0.1 | |
| webmin | webmin | 0.2 | |
| webmin | webmin | 0.3 | |
| webmin | webmin | 0.4 | |
| webmin | webmin | 0.5 | |
| webmin | webmin | 0.6 | |
| webmin | webmin | 0.7 | |
| webmin | webmin | 0.21 | |
| webmin | webmin | 0.22 | |
| webmin | webmin | 0.31 | |
| webmin | webmin | 0.41 | |
| webmin | webmin | 0.42 | |
| webmin | webmin | 0.51 | |
| webmin | webmin | 0.76 | |
| webmin | webmin | 0.77 | |
| webmin | webmin | 0.78 | |
| webmin | webmin | 0.79 | |
| webmin | webmin | 0.80 | |
| webmin | webmin | 0.83 | |
| webmin | webmin | 0.84 | |
| webmin | webmin | 0.85 | |
| webmin | webmin | 0.88 | |
| webmin | webmin | 0.90 | |
| webmin | webmin | 0.91 | |
| webmin | webmin | 0.92 | |
| webmin | webmin | 0.92.1 | |
| webmin | webmin | 0.93 | |
| webmin | webmin | 0.94 | |
| webmin | webmin | 0.95 | |
| webmin | webmin | 0.96 | |
| webmin | webmin | 0.97 | |
| webmin | webmin | 0.98 | |
| webmin | webmin | 0.99 | |
| webmin | webmin | 0.950 | |
| webmin | webmin | 0.960 | |
| webmin | webmin | 0.970 | |
| webmin | webmin | 0.980 | |
| webmin | webmin | 0.990 | |
| webmin | webmin | 1.0.10 | |
| webmin | webmin | 1.0.20 | |
| webmin | webmin | 1.0.30 | |
| webmin | webmin | 1.0.40 | |
| webmin | webmin | 1.0.50 | |
| webmin | webmin | 1.0.51 | |
| webmin | webmin | 1.0.60 | |
| webmin | webmin | 1.0.70 | |
| webmin | webmin | 1.0.80 | |
| webmin | webmin | 1.0.90 | |
| webmin | webmin | 1.1.00 | |
| webmin | webmin | 1.1.10 | |
| webmin | webmin | 1.1.20 | |
| webmin | webmin | 1.1.21 | |
| webmin | webmin | 1.1.30 | |
| webmin | webmin | 1.1.40 | |
| webmin | webmin | 1.1.50 | |
| webmin | webmin | 1.1.60 | |
| webmin | webmin | 1.2.20 | |
| webmin | webmin | 1.2.30 | |
| webmin | webmin | 1.2.40 | |
| webmin | webmin | 1.2.50 | |
| webmin | webmin | 1.2.60 | |
| webmin | webmin | 1.2.70 | |
| webmin | webmin | 1.2.80 | |
| webmin | webmin | 1.2.90 | |
| webmin | webmin | 1.3.20 | |
| webmin | webmin | 1.3.30 | |
| webmin | webmin | 1.335 | |
| webmin | webmin | 1.336 | |
| webmin | webmin | 1.337 | |
| webmin | webmin | 1.340 | |
| webmin | webmin | 1.343 | |
| webmin | webmin | 1.360 | |
| webmin | webmin | 1.370 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:usermin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F3175C6B-A8BC-478B-A86B-D67DF656777C",
"versionEndIncluding": "1.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:usermin:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3046F962-BD9C-4E67-B2A8-9664440317A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:usermin:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A83F4A87-03D8-461B-B64A-81E171C88119",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:usermin:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E777B661-B6A5-4033-85BA-4B17A7FDF905",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:usermin:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "866EC157-2F84-4382-B081-AB7BF9D5B649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:usermin:0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E4DB1944-7DD9-480E-9479-69DC284F8A1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:usermin:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "842A041C-7252-49BF-AF8C-57CD61D875C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:usermin:0.91:*:*:*:*:*:*:*",
"matchCriteriaId": "BACD9446-5C6C-486F-AA95-C89435BD24B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:usermin:0.92:*:*:*:*:*:*:*",
"matchCriteriaId": "DBF2E55D-D1A5-4CB0-99AB-3FBAA16E79B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:usermin:0.93:*:*:*:*:*:*:*",
"matchCriteriaId": "D1EA5D74-C150-479E-8A8B-4E1251A04895",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:usermin:0.94:*:*:*:*:*:*:*",
"matchCriteriaId": "5783CE2F-D0AD-4871-BD4E-31DE40887F56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:usermin:0.95:*:*:*:*:*:*:*",
"matchCriteriaId": "94611B8F-EFD0-47DD-8F96-37A74FFA7E00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:usermin:0.96:*:*:*:*:*:*:*",
"matchCriteriaId": "A8AB5C49-4D3E-4A71-82CC-6866D7113671",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:usermin:0.97:*:*:*:*:*:*:*",
"matchCriteriaId": "A9F3973E-03E5-416F-9B88-61CDB51B9E3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:usermin:0.98:*:*:*:*:*:*:*",
"matchCriteriaId": "560E8A6D-93B8-4252-ACE2-7BA9AE97A97F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:usermin:0.99:*:*:*:*:*:*:*",
"matchCriteriaId": "3A282895-E367-4445-84B9-07BF204B5100",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:usermin:1.000:*:*:*:*:*:*:*",
"matchCriteriaId": "973363CE-6A66-4BAF-8C11-D9B4911BF9A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:usermin:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "74E28AB1-D60A-4CFC-9133-552B7AA12D8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:usermin:1.010:*:*:*:*:*:*:*",
"matchCriteriaId": "20B5FDD4-AD31-4985-97E2-179C0F6A6525",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:usermin:1.020:*:*:*:*:*:*:*",
"matchCriteriaId": "0C3551D4-9B28-4A29-9C30-D91C5D81F195",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:usermin:1.030:*:*:*:*:*:*:*",
"matchCriteriaId": "8EEF1E3D-F633-4594-8E65-6AB0B941E95A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:usermin:1.040:*:*:*:*:*:*:*",
"matchCriteriaId": "D32B0E0C-B72B-4F3D-ABAC-BBA5A6E242ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:usermin:1.051:*:*:*:*:*:*:*",
"matchCriteriaId": "70AC0911-928C-4087-9EA8-BF0CB25BDD56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:usermin:1.060:*:*:*:*:*:*:*",
"matchCriteriaId": "35B34A95-A9D1-454D-AE3A-A68AE11A60AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:usermin:1.070:*:*:*:*:*:*:*",
"matchCriteriaId": "EDE9ABF8-331F-4268-8D2A-692BEC8F98DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:usermin:1.080:*:*:*:*:*:*:*",
"matchCriteriaId": "8BD93C56-DE08-4CAC-A345-7C40C2CB0598",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:usermin:1.090:*:*:*:*:*:*:*",
"matchCriteriaId": "F540CEF3-C21D-48E5-84AD-81CF7C62A948",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:usermin:1.100:*:*:*:*:*:*:*",
"matchCriteriaId": "E554657F-DF48-41F9-A2F6-4C311C2AC99A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:usermin:1.110:*:*:*:*:*:*:*",
"matchCriteriaId": "CA039A97-F28A-4216-B909-79EEBD8A6FC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:usermin:1.120:*:*:*:*:*:*:*",
"matchCriteriaId": "75B0C24B-7A62-4157-8CA8-5FA800F67C33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:usermin:1.130:*:*:*:*:*:*:*",
"matchCriteriaId": "F3652F8E-A163-4337-BAE0-210757FC421D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:usermin:1.140:*:*:*:*:*:*:*",
"matchCriteriaId": "87E84FE0-ACF0-43D9-ACC2-D662D5488B8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:usermin:1.150:*:*:*:*:*:*:*",
"matchCriteriaId": "83419D0A-7C03-4F3E-9A95-25BA299D5961",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:usermin:1.210:*:*:*:*:*:*:*",
"matchCriteriaId": "72D4AAAF-A284-4FD9-B011-C822ED2DBAC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:usermin:1.220:*:*:*:*:*:*:*",
"matchCriteriaId": "490DBC72-DADD-491E-AC18-4D4C178ABECD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:usermin:1.230:*:*:*:*:*:*:*",
"matchCriteriaId": "A455B1DC-03F9-4338-9BD5-9184434F7AA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:usermin:1.240:*:*:*:*:*:*:*",
"matchCriteriaId": "36C87163-EBC2-47DC-9865-9455CF066DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:usermin:1.250:*:*:*:*:*:*:*",
"matchCriteriaId": "EDBED527-4698-44DC-8DFE-E107702C2D9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:usermin:1.260:*:*:*:*:*:*:*",
"matchCriteriaId": "15CFE78E-22EB-47B1-9BD3-0A093645304A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:usermin:1.270:*:*:*:*:*:*:*",
"matchCriteriaId": "D8CAB5C2-2F68-46F6-BF7D-12AEEB03BF66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:usermin:1.280:*:*:*:*:*:*:*",
"matchCriteriaId": "A5E20E3B-AC6A-4059-9C49-9AF4FADDFF30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E7664DA2-5AC8-4A10-A7E9-4EA9AF5ABAEF",
"versionEndIncluding": "1.390",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "30E3CF12-D0B7-4C7F-96C8-36A3FAFA8EDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C808C470-F0A1-4338-A988-3968EABE78E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C16685C0-94E9-4AE6-8221-1D32112808F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EDACA626-1687-4192-A2E8-C74823B715A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A9641C23-B30A-4CB2-A348-BD708F68F90A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0852A462-22ED-422D-A454-0A6E026D9AD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "97FEF73D-767D-4BF2-AA12-67268719A404",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "84B5A02C-96AB-46FD-A958-86AC0DFD1F2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "BB1B8073-C512-4ACA-8E3F-92D46D63FBCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.31:*:*:*:*:*:*:*",
"matchCriteriaId": "B368FAD0-39A7-4115-9327-1D32BECF2F7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.41:*:*:*:*:*:*:*",
"matchCriteriaId": "2B3D7B7A-0426-4176-A759-E96024DC492D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.42:*:*:*:*:*:*:*",
"matchCriteriaId": "1E3EFDEE-A99B-4D0E-B6A7-E7C285A5DFBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.51:*:*:*:*:*:*:*",
"matchCriteriaId": "50C3D4D4-246A-4287-AA42-CFDD0C1AE22A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.76:*:*:*:*:*:*:*",
"matchCriteriaId": "F05CF0BA-0606-42E5-A631-D302FF1D59F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.77:*:*:*:*:*:*:*",
"matchCriteriaId": "6A79B7B3-708A-42E4-B4EF-7746F6292DB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.78:*:*:*:*:*:*:*",
"matchCriteriaId": "E2F06BC0-0418-4A1C-BD4A-B7429A6CEA39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.79:*:*:*:*:*:*:*",
"matchCriteriaId": "1817FDA9-31F4-4D4A-A867-386D2F1CDB1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.80:*:*:*:*:*:*:*",
"matchCriteriaId": "23522A64-FD03-4C5B-9A8A-5E7CDDC65CEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.83:*:*:*:*:*:*:*",
"matchCriteriaId": "DFD94AA9-CABA-4FC8-8367-D5D9D8B4F623",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.84:*:*:*:*:*:*:*",
"matchCriteriaId": "35B136CA-47BF-46DE-885A-9E74EBDE5306",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.85:*:*:*:*:*:*:*",
"matchCriteriaId": "E9A3F522-6E6D-446C-8694-7AE91F19F1C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.88:*:*:*:*:*:*:*",
"matchCriteriaId": "DBB86BC7-4A99-4C5B-9460-CDDA7C4E4041",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.90:*:*:*:*:*:*:*",
"matchCriteriaId": "957C7CA1-DD36-409C-B7E5-01B719B4695E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.91:*:*:*:*:*:*:*",
"matchCriteriaId": "0B0813F3-1886-481E-8822-4BD199C4934F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.92:*:*:*:*:*:*:*",
"matchCriteriaId": "6D25A7CA-ED9D-4562-8965-D4906D1BE5FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.92.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5C38C77-246F-41A9-A3D5-99C2DDA1DAE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.93:*:*:*:*:*:*:*",
"matchCriteriaId": "C1F2D028-F2F9-4CE0-A24B-7DB44D488D4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.94:*:*:*:*:*:*:*",
"matchCriteriaId": "82EE7A9B-5688-4933-95B9-476873D44A65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.95:*:*:*:*:*:*:*",
"matchCriteriaId": "30A57D7A-B989-4D82-B667-029A245AA6D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.96:*:*:*:*:*:*:*",
"matchCriteriaId": "C664186B-DD40-490B-B2DE-4279B00102F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.97:*:*:*:*:*:*:*",
"matchCriteriaId": "88E1D6C5-20FE-4514-B618-312BB19E5F6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.98:*:*:*:*:*:*:*",
"matchCriteriaId": "B5017EA5-7188-4293-9FDF-5D23DCB40B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.99:*:*:*:*:*:*:*",
"matchCriteriaId": "FF6C5F07-330D-46C5-8A8B-8DF734F4640F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.950:*:*:*:*:*:*:*",
"matchCriteriaId": "08068E84-9EE5-4742-B70A-567CD4199604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.960:*:*:*:*:*:*:*",
"matchCriteriaId": "5C6D5F6A-B34F-4134-959F-C31FC84EBCF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.970:*:*:*:*:*:*:*",
"matchCriteriaId": "DB4FEC51-DD03-418D-8E55-CEE696BE2D74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.980:*:*:*:*:*:*:*",
"matchCriteriaId": "4B9F8F43-F9EC-4BC0-BDF6-EC3EDF5A71F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.990:*:*:*:*:*:*:*",
"matchCriteriaId": "DB6865E9-F244-4019-AA4C-3DB1655A6AA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C644D728-1DD4-48E0-9E42-35E836006F41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "D9425C1F-5E6A-489A-9A8B-9156E79FEAA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.30:*:*:*:*:*:*:*",
"matchCriteriaId": "8B8347DA-13F8-40E9-B9EA-2703C049AFA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.40:*:*:*:*:*:*:*",
"matchCriteriaId": "BD9C3443-526E-4D68-9C7E-F3432BECE6C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.50:*:*:*:*:*:*:*",
"matchCriteriaId": "C968FBE9-191A-40B1-9A69-BF24511E40B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.51:*:*:*:*:*:*:*",
"matchCriteriaId": "FC77E1B6-E368-4ECD-8459-69C718CE5409",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.60:*:*:*:*:*:*:*",
"matchCriteriaId": "D89047FD-39F0-4614-B1EC-D13BAF57405E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.70:*:*:*:*:*:*:*",
"matchCriteriaId": "6CDF2120-F341-4C2E-88C1-A6C76626BFF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.80:*:*:*:*:*:*:*",
"matchCriteriaId": "01DFC15C-3513-4E94-B46D-94FEA0D627FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.90:*:*:*:*:*:*:*",
"matchCriteriaId": "F4E068D3-F6B5-4102-B9FA-949E2FAA33D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.00:*:*:*:*:*:*:*",
"matchCriteriaId": "7E6BD551-EC6A-4C77-B9E7-B9CF3DC21021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "01B0FE2D-02BC-4081-B172-64A74389C5F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "43433ECE-8225-43EE-9F5E-FBB170B60CFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "1615ACA2-32CC-48B7-AB5A-0BB0FDA7F190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.30:*:*:*:*:*:*:*",
"matchCriteriaId": "F5ABAE43-0EEF-44D5-AB36-44DA54290122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.40:*:*:*:*:*:*:*",
"matchCriteriaId": "AD33CE40-DFC9-4BDC-BF4F-9E0B268B8503",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.50:*:*:*:*:*:*:*",
"matchCriteriaId": "8608F5A2-B6FA-43C6-9862-43DBAF01EB1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.60:*:*:*:*:*:*:*",
"matchCriteriaId": "53663534-8617-47D7-B4B7-A6C0D6168E86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "E815171B-B054-450F-A9B3-2D522161DD02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "CD941A62-A41E-41CB-80C0-8B780AC39FB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "786287DD-2565-4931-BBA0-2CACD7671352",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.2.50:*:*:*:*:*:*:*",
"matchCriteriaId": "4784DC04-D2C5-46C6-831F-23D69B4B0513",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.2.60:*:*:*:*:*:*:*",
"matchCriteriaId": "9C219DAB-C13C-4232-8B98-2D7A9ED16E30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.2.70:*:*:*:*:*:*:*",
"matchCriteriaId": "F88507A8-6143-4FB7-8027-EFB0C981ED8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.2.80:*:*:*:*:*:*:*",
"matchCriteriaId": "E35C0772-8265-415F-A390-530640DB9599",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.2.90:*:*:*:*:*:*:*",
"matchCriteriaId": "BFA35DAA-1DC2-41D2-ADC7-F922FA658CAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.3.20:*:*:*:*:*:*:*",
"matchCriteriaId": "4C02919F-4201-4D1E-8395-04C6A7193077",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.3.30:*:*:*:*:*:*:*",
"matchCriteriaId": "727B060B-7600-4AD4-B66E-1A559B6EDA2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.335:*:*:*:*:*:*:*",
"matchCriteriaId": "7E3FF2E4-F2EF-43E7-911A-7744C4206216",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.336:*:*:*:*:*:*:*",
"matchCriteriaId": "09557B9C-3813-4466-995C-9FE3DC86B284",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.337:*:*:*:*:*:*:*",
"matchCriteriaId": "215FE3BC-30AB-40DD-A9F9-13E8F1F25CC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.340:*:*:*:*:*:*:*",
"matchCriteriaId": "85A8F9EA-7A8D-4BA9-9732-DE93388800A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.343:*:*:*:*:*:*:*",
"matchCriteriaId": "4272E132-D632-4E88-BB68-BBA15FA68546",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.360:*:*:*:*:*:*:*",
"matchCriteriaId": "080FCFDE-557E-4D35-8701-96AC28381ADF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.370:*:*:*:*:*:*:*",
"matchCriteriaId": "E948F223-D365-4D5B-9C2B-FB064F8DC00B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Webmin before 1.500 and Usermin before 1.430 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Webmin anterior a 1.500 y Usermin anterior a 1.430, permite a atacantes remotos inyectar secuencias de comandos Web o HTML de su elecci\u00f3n a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2009-4568",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-01-05T19:00:00.340",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37648"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:036"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/37259"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3457"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.webmin.com/security.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37648"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:036"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/37259"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3457"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.webmin.com/security.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-06-15 20:29
Modified
2024-11-21 04:23
Severity ?
Summary
In Webmin through 1.910, any user authorized to the "Package Updates" module can execute arbitrary commands with root privileges via the data parameter to update.cgi.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/153372/Webmin-1.910-Remote-Command-Execution.html | ||
| cve@mitre.org | http://www.securityfocus.com/bid/108790 | ||
| cve@mitre.org | https://pentest.com.tr/exploits/Webmin-1910-Package-Updates-Remote-Command-Execution.html | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.exploit-db.com/exploits/46984 | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/153372/Webmin-1.910-Remote-Command-Execution.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/108790 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://pentest.com.tr/exploits/Webmin-1910-Package-Updates-Remote-Command-Execution.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/46984 | Exploit, Third Party Advisory, VDB Entry |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CBDB6D9F-DA56-4C11-83F8-179943001437",
"versionEndIncluding": "1.910",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Webmin through 1.910, any user authorized to the \"Package Updates\" module can execute arbitrary commands with root privileges via the data parameter to update.cgi."
},
{
"lang": "es",
"value": "En Webmin hasta la versi\u00f3n 1.910, cualquier usuario autorizado al m\u00f3dulo \u201cPackage Updates\u201d puede ejecutar un comando arbitrario con privilegios root a trav\u00e9s de el par\u00e1metro data para update.cgi."
}
],
"id": "CVE-2019-12840",
"lastModified": "2024-11-21T04:23:41.737",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-15T20:29:00.287",
"references": [
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/153372/Webmin-1.910-Remote-Command-Execution.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/108790"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://pentest.com.tr/exploits/Webmin-1910-Package-Updates-Remote-Command-Execution.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/46984"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/153372/Webmin-1.910-Remote-Command-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/108790"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://pentest.com.tr/exploits/Webmin-1910-Package-Updates-Remote-Command-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/46984"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Unknown vulnerability in (1) Webmin and (2) Usermin before 1.200 causes Webmin to change permissions and ownership of configuration files, with unknown impact.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://securitytracker.com/id?1013723 | Patch | |
| cve@mitre.org | http://www.webmin.com/changes.html | ||
| cve@mitre.org | http://www.webmin.com/uchanges.html | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/20607 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1013723 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.webmin.com/changes.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.webmin.com/uchanges.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/20607 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| usermin | usermin | 0.4 | |
| usermin | usermin | 0.5 | |
| usermin | usermin | 0.6 | |
| usermin | usermin | 0.7 | |
| usermin | usermin | 0.8 | |
| usermin | usermin | 0.9 | |
| usermin | usermin | 0.91 | |
| usermin | usermin | 0.92 | |
| usermin | usermin | 0.93 | |
| usermin | usermin | 0.94 | |
| usermin | usermin | 0.95 | |
| usermin | usermin | 0.96 | |
| usermin | usermin | 0.97 | |
| usermin | usermin | 0.98 | |
| usermin | usermin | 0.99 | |
| usermin | usermin | 1.000 | |
| usermin | usermin | 1.010 | |
| usermin | usermin | 1.020 | |
| usermin | usermin | 1.030 | |
| usermin | usermin | 1.040 | |
| usermin | usermin | 1.051 | |
| usermin | usermin | 1.060 | |
| usermin | usermin | 1.070 | |
| usermin | usermin | 1.080 | |
| usermin | usermin | 1.090 | |
| usermin | usermin | 1.100 | |
| usermin | usermin | 1.110 | |
| usermin | usermin | 1.120 | |
| usermin | usermin | 1.130 | |
| usermin | usermin | 1.140 | |
| webmin | webmin | 0.4 | |
| webmin | webmin | 0.5 | |
| webmin | webmin | 0.6 | |
| webmin | webmin | 0.7 | |
| webmin | webmin | 0.80 | |
| webmin | webmin | 0.90 | |
| webmin | webmin | 0.91 | |
| webmin | webmin | 0.92 | |
| webmin | webmin | 0.93 | |
| webmin | webmin | 0.94 | |
| webmin | webmin | 0.95 | |
| webmin | webmin | 0.96 | |
| webmin | webmin | 0.97 | |
| webmin | webmin | 0.98 | |
| webmin | webmin | 0.99 | |
| webmin | webmin | 1.0.00 | |
| webmin | webmin | 1.0.10 | |
| webmin | webmin | 1.0.20 | |
| webmin | webmin | 1.0.30 | |
| webmin | webmin | 1.0.40 | |
| webmin | webmin | 1.0.51 | |
| webmin | webmin | 1.0.60 | |
| webmin | webmin | 1.0.70 | |
| webmin | webmin | 1.0.80 | |
| webmin | webmin | 1.0.90 | |
| webmin | webmin | 1.1.00 | |
| webmin | webmin | 1.1.10 | |
| webmin | webmin | 1.1.20 | |
| webmin | webmin | 1.1.30 | |
| webmin | webmin | 1.1.40 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:usermin:usermin:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1AD41B8B-72C0-411F-83E7-A82E1642FA26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "65A99166-28DF-4651-985F-922DBB06687E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0F9EACC7-1464-4476-9AA1-50DD902A3489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CD343610-8BE2-4916-AF30-66B21330D84C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0D54B4D9-5218-41F9-A701-F960199EE520",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B352FF6B-989C-4540-B434-9452851F745C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.91:*:*:*:*:*:*:*",
"matchCriteriaId": "F83F9841-49C7-410A-891F-365BBA043D2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.92:*:*:*:*:*:*:*",
"matchCriteriaId": "711485C5-F16A-4481-AEE3-E2AF1BAA09DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.93:*:*:*:*:*:*:*",
"matchCriteriaId": "FD5B9395-DCEA-4615-825E-1C4B42F25E2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.94:*:*:*:*:*:*:*",
"matchCriteriaId": "0B7162DD-DFE1-478D-B87C-28C393E20941",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.95:*:*:*:*:*:*:*",
"matchCriteriaId": "A01D1150-FCDE-47F5-BFE6-F06A294D7B29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.96:*:*:*:*:*:*:*",
"matchCriteriaId": "2D673B88-A9D9-4D22-9531-7F06791BC551",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.97:*:*:*:*:*:*:*",
"matchCriteriaId": "538021A3-2A6E-446F-B14D-4DCC7A470E55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.98:*:*:*:*:*:*:*",
"matchCriteriaId": "BB1A2A26-1187-46BE-8EFC-F3C325679245",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.99:*:*:*:*:*:*:*",
"matchCriteriaId": "6E70B0A6-31C9-4D78-B4B9-E75B45B6368C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.000:*:*:*:*:*:*:*",
"matchCriteriaId": "C70274C3-7CA0-49A2-B63C-7DAF492CCD0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.010:*:*:*:*:*:*:*",
"matchCriteriaId": "A7C4A319-0EA6-47E0-831A-27530DCF714E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.020:*:*:*:*:*:*:*",
"matchCriteriaId": "D1009D90-9851-441B-A2E2-FA5B676E8182",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.030:*:*:*:*:*:*:*",
"matchCriteriaId": "934A3D3F-CF10-478C-9206-DB468BCA4702",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.040:*:*:*:*:*:*:*",
"matchCriteriaId": "77B42570-F094-4C25-B246-6439D3FF4B30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.051:*:*:*:*:*:*:*",
"matchCriteriaId": "69A30BB5-2C3F-4C39-8CDC-CC0CC280384C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.060:*:*:*:*:*:*:*",
"matchCriteriaId": "753BF8DE-D225-4301-A6A6-50CD60B34234",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.070:*:*:*:*:*:*:*",
"matchCriteriaId": "FC37A972-11D7-4C85-A8DC-5EDE808629F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.080:*:*:*:*:*:*:*",
"matchCriteriaId": "EA7131C0-4FE1-4D69-9B21-8A9BFADE2A2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.090:*:*:*:*:*:*:*",
"matchCriteriaId": "6499BF74-CA64-4192-A45F-0D8B30C1FF37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.100:*:*:*:*:*:*:*",
"matchCriteriaId": "C0E9BC53-C2EC-43B8-9B5D-40675CF4C335",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.110:*:*:*:*:*:*:*",
"matchCriteriaId": "4702AEBE-E774-4015-974C-761901D50697",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.120:*:*:*:*:*:*:*",
"matchCriteriaId": "9AC9875A-3D23-4E4B-9A18-F8F86A62E5DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.130:*:*:*:*:*:*:*",
"matchCriteriaId": "8AED1941-33C5-4C29-BC85-F43B0BE3920B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.140:*:*:*:*:*:*:*",
"matchCriteriaId": "D05ED34F-0D69-4A4F-B59B-15437E991075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EDACA626-1687-4192-A2E8-C74823B715A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A9641C23-B30A-4CB2-A348-BD708F68F90A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0852A462-22ED-422D-A454-0A6E026D9AD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "97FEF73D-767D-4BF2-AA12-67268719A404",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.80:*:*:*:*:*:*:*",
"matchCriteriaId": "23522A64-FD03-4C5B-9A8A-5E7CDDC65CEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.90:*:*:*:*:*:*:*",
"matchCriteriaId": "957C7CA1-DD36-409C-B7E5-01B719B4695E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.91:*:*:*:*:*:*:*",
"matchCriteriaId": "0B0813F3-1886-481E-8822-4BD199C4934F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.92:*:*:*:*:*:*:*",
"matchCriteriaId": "6D25A7CA-ED9D-4562-8965-D4906D1BE5FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.93:*:*:*:*:*:*:*",
"matchCriteriaId": "C1F2D028-F2F9-4CE0-A24B-7DB44D488D4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.94:*:*:*:*:*:*:*",
"matchCriteriaId": "82EE7A9B-5688-4933-95B9-476873D44A65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.95:*:*:*:*:*:*:*",
"matchCriteriaId": "30A57D7A-B989-4D82-B667-029A245AA6D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.96:*:*:*:*:*:*:*",
"matchCriteriaId": "C664186B-DD40-490B-B2DE-4279B00102F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.97:*:*:*:*:*:*:*",
"matchCriteriaId": "88E1D6C5-20FE-4514-B618-312BB19E5F6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.98:*:*:*:*:*:*:*",
"matchCriteriaId": "B5017EA5-7188-4293-9FDF-5D23DCB40B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.99:*:*:*:*:*:*:*",
"matchCriteriaId": "FF6C5F07-330D-46C5-8A8B-8DF734F4640F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.00:*:*:*:*:*:*:*",
"matchCriteriaId": "2B4A574A-5B2A-4769-B932-E1736564160A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C644D728-1DD4-48E0-9E42-35E836006F41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "D9425C1F-5E6A-489A-9A8B-9156E79FEAA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.30:*:*:*:*:*:*:*",
"matchCriteriaId": "8B8347DA-13F8-40E9-B9EA-2703C049AFA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.40:*:*:*:*:*:*:*",
"matchCriteriaId": "BD9C3443-526E-4D68-9C7E-F3432BECE6C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.51:*:*:*:*:*:*:*",
"matchCriteriaId": "FC77E1B6-E368-4ECD-8459-69C718CE5409",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.60:*:*:*:*:*:*:*",
"matchCriteriaId": "D89047FD-39F0-4614-B1EC-D13BAF57405E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.70:*:*:*:*:*:*:*",
"matchCriteriaId": "6CDF2120-F341-4C2E-88C1-A6C76626BFF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.80:*:*:*:*:*:*:*",
"matchCriteriaId": "01DFC15C-3513-4E94-B46D-94FEA0D627FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.90:*:*:*:*:*:*:*",
"matchCriteriaId": "F4E068D3-F6B5-4102-B9FA-949E2FAA33D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.00:*:*:*:*:*:*:*",
"matchCriteriaId": "7E6BD551-EC6A-4C77-B9E7-B9CF3DC21021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "01B0FE2D-02BC-4081-B172-64A74389C5F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "43433ECE-8225-43EE-9F5E-FBB170B60CFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.30:*:*:*:*:*:*:*",
"matchCriteriaId": "F5ABAE43-0EEF-44D5-AB36-44DA54290122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.40:*:*:*:*:*:*:*",
"matchCriteriaId": "AD33CE40-DFC9-4BDC-BF4F-9E0B268B8503",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unknown vulnerability in (1) Webmin and (2) Usermin before 1.200 causes Webmin to change permissions and ownership of configuration files, with unknown impact."
}
],
"id": "CVE-2005-1177",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-02T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1013723"
},
{
"source": "cve@mitre.org",
"url": "http://www.webmin.com/changes.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.webmin.com/uchanges.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20607"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1013723"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.webmin.com/changes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.webmin.com/uchanges.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20607"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-10-20 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
The maketemp.pl script in Usermin 1.070 and 1.080 allows local users to overwrite arbitrary files at install time via a symlink attack on the /tmp/.usermin directory.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://secunia.com/advisories/12488/ | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.gentoo.org/security/en/glsa/glsa-200409-15.xml | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/11153 | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.webmin.com/uchanges-1.089.html | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/17299 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/12488/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.gentoo.org/security/en/glsa/glsa-200409-15.xml | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/11153 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.webmin.com/uchanges-1.089.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/17299 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| usermin | usermin | 1.000 | |
| usermin | usermin | 1.010 | |
| usermin | usermin | 1.020 | |
| usermin | usermin | 1.030 | |
| usermin | usermin | 1.040 | |
| usermin | usermin | 1.051 | |
| usermin | usermin | 1.060 | |
| usermin | usermin | 1.070 | |
| usermin | usermin | 1.080 | |
| webmin | webmin | 1.0.00 | |
| webmin | webmin | 1.0.20 | |
| webmin | webmin | 1.0.50 | |
| webmin | webmin | 1.0.60 | |
| webmin | webmin | 1.0.70 | |
| webmin | webmin | 1.0.80 | |
| webmin | webmin | 1.0.90 | |
| webmin | webmin | 1.1.00 | |
| webmin | webmin | 1.1.10 | |
| webmin | webmin | 1.1.21 | |
| webmin | webmin | 1.1.30 | |
| webmin | webmin | 1.1.40 | |
| webmin | webmin | 1.1.50 | |
| mandrakesoft | mandrake_linux | 9.2 | |
| mandrakesoft | mandrake_linux | 9.2 | |
| mandrakesoft | mandrake_linux | 10.0 | |
| mandrakesoft | mandrake_linux | 10.0 | |
| mandrakesoft | mandrake_linux_corporate_server | 2.1 | |
| mandrakesoft | mandrake_linux_corporate_server | 2.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:usermin:usermin:1.000:*:*:*:*:*:*:*",
"matchCriteriaId": "C70274C3-7CA0-49A2-B63C-7DAF492CCD0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.010:*:*:*:*:*:*:*",
"matchCriteriaId": "A7C4A319-0EA6-47E0-831A-27530DCF714E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.020:*:*:*:*:*:*:*",
"matchCriteriaId": "D1009D90-9851-441B-A2E2-FA5B676E8182",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.030:*:*:*:*:*:*:*",
"matchCriteriaId": "934A3D3F-CF10-478C-9206-DB468BCA4702",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.040:*:*:*:*:*:*:*",
"matchCriteriaId": "77B42570-F094-4C25-B246-6439D3FF4B30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.051:*:*:*:*:*:*:*",
"matchCriteriaId": "69A30BB5-2C3F-4C39-8CDC-CC0CC280384C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.060:*:*:*:*:*:*:*",
"matchCriteriaId": "753BF8DE-D225-4301-A6A6-50CD60B34234",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.070:*:*:*:*:*:*:*",
"matchCriteriaId": "FC37A972-11D7-4C85-A8DC-5EDE808629F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.080:*:*:*:*:*:*:*",
"matchCriteriaId": "EA7131C0-4FE1-4D69-9B21-8A9BFADE2A2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.00:*:*:*:*:*:*:*",
"matchCriteriaId": "2B4A574A-5B2A-4769-B932-E1736564160A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "D9425C1F-5E6A-489A-9A8B-9156E79FEAA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.50:*:*:*:*:*:*:*",
"matchCriteriaId": "C968FBE9-191A-40B1-9A69-BF24511E40B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.60:*:*:*:*:*:*:*",
"matchCriteriaId": "D89047FD-39F0-4614-B1EC-D13BAF57405E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.70:*:*:*:*:*:*:*",
"matchCriteriaId": "6CDF2120-F341-4C2E-88C1-A6C76626BFF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.80:*:*:*:*:*:*:*",
"matchCriteriaId": "01DFC15C-3513-4E94-B46D-94FEA0D627FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.90:*:*:*:*:*:*:*",
"matchCriteriaId": "F4E068D3-F6B5-4102-B9FA-949E2FAA33D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.00:*:*:*:*:*:*:*",
"matchCriteriaId": "7E6BD551-EC6A-4C77-B9E7-B9CF3DC21021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "01B0FE2D-02BC-4081-B172-64A74389C5F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "1615ACA2-32CC-48B7-AB5A-0BB0FDA7F190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.30:*:*:*:*:*:*:*",
"matchCriteriaId": "F5ABAE43-0EEF-44D5-AB36-44DA54290122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.40:*:*:*:*:*:*:*",
"matchCriteriaId": "AD33CE40-DFC9-4BDC-BF4F-9E0B268B8503",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.50:*:*:*:*:*:*:*",
"matchCriteriaId": "8608F5A2-B6FA-43C6-9862-43DBAF01EB1C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4177C378-7729-46AB-B49B-C6DAED3200E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:9.2:*:amd64:*:*:*:*:*",
"matchCriteriaId": "2164D10D-D1A4-418A-A9C8-CA8FAB1E90A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A06E5CD0-8BEC-4F4C-9E11-1FEE0563946C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:amd64:*:*:*:*:*",
"matchCriteriaId": "A3BDD466-84C9-4CFC-A3A8-7AC0F752FB53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E0F0D201-B1DC-4024-AF77-A284673618F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:x86_64:*:*:*:*:*",
"matchCriteriaId": "052E3862-BFB7-42E7-889D-8590AFA8EF37",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The maketemp.pl script in Usermin 1.070 and 1.080 allows local users to overwrite arbitrary files at install time via a symlink attack on the /tmp/.usermin directory."
},
{
"lang": "es",
"value": "El script maketemp.pl en Usermin 1.070 y 1.080 permite a usuarios locales sobreescribir ficheros de su elecci\u00f3n durante la instalaci\u00f3n mediante un ataque de enlaces simb\u00f3licos en el directorio /tmp/.usermin"
}
],
"id": "CVE-2004-0559",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-10-20T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12488/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-15.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/11153"
},
{
"source": "cve@mitre.org",
"url": "http://www.webmin.com/uchanges-1.089.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17299"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12488/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-15.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/11153"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.webmin.com/uchanges-1.089.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17299"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-08-12 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
(1) Webmin 0.96 and (2) Usermin 0.90 with password timeouts enabled allow local and possibly remote attackers to bypass authentication and gain privileges via certain control characters in the authentication information, which can force Webmin or Usermin to accept arbitrary username/session ID combinations.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://online.securityfocus.com/archive/1/271466 | Exploit, Patch, Vendor Advisory | |
| cve@mitre.org | http://www.iss.net/security_center/static/9037.php | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-033.php | Patch | |
| cve@mitre.org | http://www.securityfocus.com/bid/4700 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://online.securityfocus.com/archive/1/271466 | Exploit, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.iss.net/security_center/static/9037.php | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-033.php | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/4700 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:usermin:usermin:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CD343610-8BE2-4916-AF30-66B21330D84C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0D54B4D9-5218-41F9-A701-F960199EE520",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B352FF6B-989C-4540-B434-9452851F745C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.91:*:*:*:*:*:*:*",
"matchCriteriaId": "0B0813F3-1886-481E-8822-4BD199C4934F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.92:*:*:*:*:*:*:*",
"matchCriteriaId": "6D25A7CA-ED9D-4562-8965-D4906D1BE5FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.92.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5C38C77-246F-41A9-A3D5-99C2DDA1DAE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.93:*:*:*:*:*:*:*",
"matchCriteriaId": "C1F2D028-F2F9-4CE0-A24B-7DB44D488D4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.94:*:*:*:*:*:*:*",
"matchCriteriaId": "82EE7A9B-5688-4933-95B9-476873D44A65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.95:*:*:*:*:*:*:*",
"matchCriteriaId": "30A57D7A-B989-4D82-B667-029A245AA6D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.96:*:*:*:*:*:*:*",
"matchCriteriaId": "C664186B-DD40-490B-B2DE-4279B00102F2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "(1) Webmin 0.96 and (2) Usermin 0.90 with password timeouts enabled allow local and possibly remote attackers to bypass authentication and gain privileges via certain control characters in the authentication information, which can force Webmin or Usermin to accept arbitrary username/session ID combinations."
},
{
"lang": "es",
"value": "Webmin 0.96 y Usermin 0.90 con tiempo de espera para contrase\u00f1as habilitado, permite a atacantes locales y posiblemente a remotos, evitar la autenticaci\u00f3n y obtener privilegios mediante ciertos caracteres de control en la informaci\u00f3n de autenticaci\u00f3n, que podr\u00eda forzar a Webmin o Usermin a aceptar combinaciones arbitrarias de usuario/sesi\u00f3n (username/session ID)."
}
],
"id": "CVE-2002-0757",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-08-12T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://online.securityfocus.com/archive/1/271466"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/9037.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-033.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/4700"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://online.securityfocus.com/archive/1/271466"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/9037.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-033.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/4700"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-02-10 20:59
Modified
2025-04-12 10:46
Severity ?
Summary
The Read Mail module in Webmin 1.720 allows local users to read arbitrary files via a symlink attack on an unspecified file.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://secunia.com/advisories/62157 | ||
| cve@mitre.org | http://www.webmin.com/changes.html | Vendor Advisory | |
| cve@mitre.org | http://www.webmin.com/security.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/62157 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.webmin.com/changes.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.webmin.com/security.html | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26FF850C-FCA7-48C3-9C10-A33F79EC9B3D",
"versionEndIncluding": "1.720",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Read Mail module in Webmin 1.720 allows local users to read arbitrary files via a symlink attack on an unspecified file."
},
{
"lang": "es",
"value": "El m\u00f3dulo Read Mail en Webmin 1.720 permite a usuarios locales leer ficheros arbitrarios a trav\u00e9s de un ataque de enlace simb\u00f3lico sobre un fichero no especificado."
}
],
"id": "CVE-2015-1377",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-02-10T20:59:03.217",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/62157"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.webmin.com/changes.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.webmin.com/security.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/62157"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.webmin.com/changes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.webmin.com/security.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-03-07 05:29
Modified
2024-11-21 04:51
Severity ?
Summary
Webmin 1.900 allows remote attackers to execute arbitrary code by leveraging the "Java file manager" and "Upload and Download" privileges to upload a crafted .cgi file via the /updown/upload.cgi URI.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.rapid7.com/db/modules/exploit/unix/webapp/webmin_upload_exec | Third Party Advisory | |
| cve@mitre.org | https://pentest.com.tr/exploits/Webmin-1900-Remote-Command-Execution.html | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.exploit-db.com/exploits/46201 | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.rapid7.com/db/modules/exploit/unix/webapp/webmin_upload_exec | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pentest.com.tr/exploits/Webmin-1900-Remote-Command-Execution.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/46201 | Exploit, Third Party Advisory, VDB Entry |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:1.900:*:*:*:*:*:*:*",
"matchCriteriaId": "5CFDA9D0-AACA-4E88-9C05-B1E6195AF408",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Webmin 1.900 allows remote attackers to execute arbitrary code by leveraging the \"Java file manager\" and \"Upload and Download\" privileges to upload a crafted .cgi file via the /updown/upload.cgi URI."
},
{
"lang": "es",
"value": "Webmin 1.900 permite a los atacantes remotos ejecutar c\u00f3digo arbitrario, aprovechando los privilegios \"Java file manager\" y \"Upload and Download\" para subir un archivo .cgi manipulado mediante el URI /updown/upload.cgi."
}
],
"id": "CVE-2019-9624",
"lastModified": "2024-11-21T04:51:59.507",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-07T05:29:01.410",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.rapid7.com/db/modules/exploit/unix/webapp/webmin_upload_exec"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://pentest.com.tr/exploits/Webmin-1900-Remote-Command-Execution.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/46201"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.rapid7.com/db/modules/exploit/unix/webapp/webmin_upload_exec"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://pentest.com.tr/exploits/Webmin-1900-Remote-Command-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/46201"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-10-12 16:15
Modified
2024-11-21 05:00
Severity ?
Summary
XSS exists in Webmin 1.941 and earlier affecting the Save function of the Read User Email Module / mailboxes Endpoint when attempting to save HTML emails. This module parses any output without sanitizing SCRIPT elements, as opposed to the View function, which sanitizes the input correctly. A malicious user can send any JavaScript payload into the message body and execute it if the user decides to save that email.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.webmin.com/security.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.webmin.com/security.html | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "10FD4323-6E4B-4F7A-AB7B-D4F1A7635685",
"versionEndIncluding": "1.941",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XSS exists in Webmin 1.941 and earlier affecting the Save function of the Read User Email Module / mailboxes Endpoint when attempting to save HTML emails. This module parses any output without sanitizing SCRIPT elements, as opposed to the View function, which sanitizes the input correctly. A malicious user can send any JavaScript payload into the message body and execute it if the user decides to save that email."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de tipo XSS en Webmin versiones 1.941 y anteriores, afectando a la funci\u00f3n Save del Endpoint Read User Email Module / mailboxes cuando se intenta guardar correos electr\u00f3nicos HTML.\u0026#xa0;Este m\u00f3dulo analiza cualquier salida sin sanear los elementos SCRIPT, a diferencia de la funci\u00f3n View, que sanea la entrada correctamente.\u0026#xa0;Un usuario malicioso puede enviar cualquier carga \u00fatil de JavaScript al cuerpo del mensaje y ejecutarlo si el usuario decide guardar ese correo electr\u00f3nico"
}
],
"id": "CVE-2020-12670",
"lastModified": "2024-11-21T05:00:02.340",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-12T16:15:12.437",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.webmin.com/security.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.webmin.com/security.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-15 04:15
Modified
2024-11-21 08:20
Severity ?
Summary
A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Find in Results file.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://webmin.com | Product | |
| cve@mitre.org | https://github.com/Vi39/Webmin-2.100/blob/main/CVE-2023-40983 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://webmin.com | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Vi39/Webmin-2.100/blob/main/CVE-2023-40983 | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:2.100:*:*:*:*:*:*:*",
"matchCriteriaId": "C1B4BC89-37BB-4538-887D-DE2B0930BDED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Find in Results file."
},
{
"lang": "es",
"value": "Una vulnerabilidad de cross-site scripting (XSS) reflejada en la funci\u00f3n Administrador de Archivos de Webmin v2.100 permite a los atacantes ejecutar secuencias de comandos maliciosas mediante la inyecci\u00f3n de un payload preparado en el archivo Buscar en Resultados."
}
],
"id": "CVE-2023-40983",
"lastModified": "2024-11-21T08:20:22.010",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-15T04:15:10.243",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "http://webmin.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Vi39/Webmin-2.100/blob/main/CVE-2023-40983"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "http://webmin.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Vi39/Webmin-2.100/blob/main/CVE-2023-40983"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-03-14 19:29
Modified
2024-11-21 04:14
Severity ?
Summary
An issue was discovered in Webmin 1.840 and 1.880 when the default Yes setting of "Can view any file as a log file" is enabled. As a result of weak default configuration settings, limited users have full access rights to the underlying Unix system files, allowing the user to read sensitive data from the local system (using Local File Include) such as the '/etc/shadow' file via a "GET /syslog/save_log.cgi?view=1&file=/etc/shadow" request.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.7elements.co.uk/resources/technical-advisories/webmin-1-840-1-880-unrestricted-access-arbitrary-files-using-local-file-include/ | Issue Tracking | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.7elements.co.uk/resources/technical-advisories/webmin-1-840-1-880-unrestricted-access-arbitrary-files-using-local-file-include/ | Issue Tracking |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:1.840:*:*:*:*:*:*:*",
"matchCriteriaId": "8C90E884-CC69-40BD-928D-22CB3912CE1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.880:*:*:*:*:*:*:*",
"matchCriteriaId": "582E63F5-FB43-41C0-9022-FBBEAE5BAA63",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Webmin 1.840 and 1.880 when the default Yes setting of \"Can view any file as a log file\" is enabled. As a result of weak default configuration settings, limited users have full access rights to the underlying Unix system files, allowing the user to read sensitive data from the local system (using Local File Include) such as the \u0027/etc/shadow\u0027 file via a \"GET /syslog/save_log.cgi?view=1\u0026file=/etc/shadow\" request."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en Webmin 1.840 y 1.880 cuando est\u00e1 habilitada la opci\u00f3n por defecto Yes de \"Can view any file as a log file\". Como resultado de las opciones de configuraci\u00f3n por defecto d\u00e9biles, los usuarios limitados tienen acceso total a los archivos del sistema Unix subyacentes. Esto permite que el usuario lea datos sensibles del sistema local (empleando Local File Include) tales como el archivo \"/etc/shadow\" mediante una petici\u00f3n \"GET /syslog/save_log.cgi?view=1file=/etc/shadow\"."
}
],
"id": "CVE-2018-8712",
"lastModified": "2024-11-21T04:14:11.150",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-14T19:29:00.830",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://www.7elements.co.uk/resources/technical-advisories/webmin-1-840-1-880-unrestricted-access-arbitrary-files-using-local-file-include/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://www.7elements.co.uk/resources/technical-advisories/webmin-1-840-1-880-unrestricted-access-arbitrary-files-using-local-file-include/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-10-12 16:15
Modified
2024-11-21 05:39
Severity ?
Summary
An XSS Vulnerability exists in Webmin 1.941 and earlier affecting the Cluster Shell Commands Endpoint. A user may enter any XSS Payload into the Command field and execute it. Then, after revisiting the Cluster Shell Commands Menu, the XSS Payload will be rendered and executed.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.webmin.com/security.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.webmin.com/security.html | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "10FD4323-6E4B-4F7A-AB7B-D4F1A7635685",
"versionEndIncluding": "1.941",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An XSS Vulnerability exists in Webmin 1.941 and earlier affecting the Cluster Shell Commands Endpoint. A user may enter any XSS Payload into the Command field and execute it. Then, after revisiting the Cluster Shell Commands Menu, the XSS Payload will be rendered and executed."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de tipo XSS en Webmin versiones 1.941 y anteriores, afectando al Endpoint Cluster Shell Commands.\u0026#xa0;Un usuario puede ingresar cualquier Carga \u00datil XSS en el campo Command y ejecutarlo.\u0026#xa0;Luego, despu\u00e9s de volver a visitar al Men\u00fa de Cluster Shell Commands, la carga \u00fatil de tipo XSS ser\u00e1 renderizada y ejecutada"
}
],
"id": "CVE-2020-8820",
"lastModified": "2024-11-21T05:39:30.267",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-12T16:15:12.513",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.webmin.com/security.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.webmin.com/security.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-31 15:15
Modified
2024-11-21 08:13
Severity ?
Summary
An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the Users and Groups functionality, allowing an attacker to store a malicious payload in the Group Name field when creating a new group.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38304 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://webmin.com/tags/webmin-changelog/ | Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38304 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://webmin.com/tags/webmin-changelog/ | Release Notes |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:2.021:*:*:*:*:*:*:*",
"matchCriteriaId": "80238B58-DA47-4036-900B-61044249B404",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the Users and Groups functionality, allowing an attacker to store a malicious payload in the Group Name field when creating a new group."
}
],
"id": "CVE-2023-38304",
"lastModified": "2024-11-21T08:13:17.080",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-31T15:15:10.547",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38304"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://webmin.com/tags/webmin-changelog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38304"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://webmin.com/tags/webmin-changelog/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-11 06:15
Modified
2024-11-21 06:06
Severity ?
Summary
A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 through the Add Users feature.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Mesh3l911/CVE-2021-32160 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Mesh3l911/CVE-2021-32160 | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:1.973:*:*:*:*:*:*:*",
"matchCriteriaId": "36AF9E26-A663-4BCE-AD76-CABD6DA36B66",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 through the Add Users feature."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de tipo Cross-Site Scripting (XSS) en Webmin versi\u00f3n 1.973, mediante la funcionalidad Add Users"
}
],
"id": "CVE-2021-32160",
"lastModified": "2024-11-21T06:06:53.277",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-11T06:15:08.443",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Mesh3l911/CVE-2021-32160"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Mesh3l911/CVE-2021-32160"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-03-02 12:15
Modified
2024-11-21 06:39
Severity ?
Summary
Improper Authorization in GitHub repository webmin/webmin prior to 1.990.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/webmin/webmin/commit/eeeea3c097f5cc473770119f7ac61f1dcfa671b9 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/f2d0389f-d7d1-4f34-9f9d-268b0a0da05e | Exploit, Third Party Advisory | |
| security@huntr.dev | https://notes.netbytesec.com/2022/03/webmin-broken-access-control-to-post-auth-rce.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/webmin/webmin/commit/eeeea3c097f5cc473770119f7ac61f1dcfa671b9 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/f2d0389f-d7d1-4f34-9f9d-268b0a0da05e | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://notes.netbytesec.com/2022/03/webmin-broken-access-control-to-post-auth-rce.html | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CCBB705F-B54E-4537-A487-7BA0B97FC389",
"versionEndExcluding": "1.990",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Authorization in GitHub repository webmin/webmin prior to 1.990."
},
{
"lang": "es",
"value": "Una Autorizaci\u00f3n Inapropiada en el repositorio de GitHub webmin/webmin versiones anteriores a 1.990"
}
],
"id": "CVE-2022-0829",
"lastModified": "2024-11-21T06:39:28.880",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-02T12:15:07.847",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/webmin/webmin/commit/eeeea3c097f5cc473770119f7ac61f1dcfa671b9"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/f2d0389f-d7d1-4f34-9f9d-268b0a0da05e"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://notes.netbytesec.com/2022/03/webmin-broken-access-control-to-post-auth-rce.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/webmin/webmin/commit/eeeea3c097f5cc473770119f7ac61f1dcfa671b9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/f2d0389f-d7d1-4f34-9f9d-268b0a0da05e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://notes.netbytesec.com/2022/03/webmin-broken-access-control-to-post-auth-rce.html"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-285"
}
],
"source": "security@huntr.dev",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-12-29 06:15
Modified
2024-11-21 05:28
Severity ?
Summary
miniserv.pl in Webmin 1.962 on Windows mishandles special characters in query arguments to the CGI program.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/webmin/webmin/commit/1163f3a7f418f249af64890f4636575e687e9de7#diff-9b33fd8f5603d4f0d1428689bc36f24af4770608a22c0d92b7a8bcc522450dc6 | Patch, Third Party Advisory | |
| cve@mitre.org | https://vigilance.fr/vulnerability/Webmin-code-execution-via-miniserv-pl-handle-request-34220 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/webmin/webmin/commit/1163f3a7f418f249af64890f4636575e687e9de7#diff-9b33fd8f5603d4f0d1428689bc36f24af4770608a22c0d92b7a8bcc522450dc6 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vigilance.fr/vulnerability/Webmin-code-execution-via-miniserv-pl-handle-request-34220 | Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:1.962:*:*:*:*:*:*:*",
"matchCriteriaId": "89E73E98-9324-4DC9-8A7E-4A06D8C3A686",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "miniserv.pl in Webmin 1.962 on Windows mishandles special characters in query arguments to the CGI program."
},
{
"lang": "es",
"value": "El archivo miniserv.pl en Webmin versi\u00f3n 1.962 en Windows, maneja inapropiadamente unos caracteres especiales en los argumentos de consulta para el programa CGI"
}
],
"id": "CVE-2020-35769",
"lastModified": "2024-11-21T05:28:02.853",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-29T06:15:13.773",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/webmin/webmin/commit/1163f3a7f418f249af64890f4636575e687e9de7#diff-9b33fd8f5603d4f0d1428689bc36f24af4770608a22c0d92b7a8bcc522450dc6"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://vigilance.fr/vulnerability/Webmin-code-execution-via-miniserv-pl-handle-request-34220"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/webmin/webmin/commit/1163f3a7f418f249af64890f4636575e687e9de7#diff-9b33fd8f5603d4f0d1428689bc36f24af4770608a22c0d92b7a8bcc522450dc6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://vigilance.fr/vulnerability/Webmin-code-execution-via-miniserv-pl-handle-request-34220"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
The Printer Administration module for Webmin 0.990 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the printer name.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:05.asc | ||
| cve@mitre.org | http://www.iss.net/security_center/static/10052.php | ||
| cve@mitre.org | http://www.webmin.com/updates.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:05.asc | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.iss.net/security_center/static/10052.php | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.webmin.com/updates.html |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F52798C-8D7B-46CD-A27A-E4378C631568",
"versionEndIncluding": "0.99",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Printer Administration module for Webmin 0.990 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the printer name."
}
],
"id": "CVE-2002-2201",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:05.asc"
},
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/10052.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.webmin.com/updates.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:05.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/10052.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.webmin.com/updates.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-16 03:15
Modified
2025-03-14 17:50
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnerability.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/154141/Webmin-1.920-Remote-Command-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://packetstormsecurity.com/files/154141/Webmin-Remote-Comman-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://packetstormsecurity.com/files/154197/Webmin-1.920-password_change.cgi-Backdoor.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://packetstormsecurity.com/files/154485/Webmin-1.920-Remote-Code-Execution.html | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.pentest.com.tr/exploits/DEFCON-Webmin-1920-Unauthenticated-Remote-Command-Execution.html | Exploit, Third Party Advisory | |
| cve@mitre.org | http://www.webmin.com/security.html | Vendor Advisory | |
| cve@mitre.org | https://attackerkb.com/topics/hxx3zmiCkR/webmin-password-change-cgi-command-injection | Third Party Advisory | |
| cve@mitre.org | https://www.exploit-db.com/exploits/47230 | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/154141/Webmin-1.920-Remote-Command-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/154141/Webmin-Remote-Comman-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/154197/Webmin-1.920-password_change.cgi-Backdoor.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/154485/Webmin-1.920-Remote-Code-Execution.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.pentest.com.tr/exploits/DEFCON-Webmin-1920-Unauthenticated-Remote-Command-Execution.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.webmin.com/security.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://attackerkb.com/topics/hxx3zmiCkR/webmin-password-change-cgi-command-injection | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/47230 | Exploit, Third Party Advisory, VDB Entry |
{
"cisaActionDue": "2022-04-15",
"cisaExploitAdd": "2022-03-25",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Webmin Command Injection Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0662557D-EC4E-4850-BC78-AA3A5B67CAE8",
"versionEndIncluding": "1.920",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Webmin \u003c=1.920. The parameter old in password_change.cgi contains a command injection vulnerability."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Webmin menor o igual a la versi\u00f3n 1.920. El par\u00e1metro old en password_change.cgi contiene una vulnerabilidad de inyecci\u00f3n de comandos."
}
],
"id": "CVE-2019-15107",
"lastModified": "2025-03-14T17:50:48.763",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2019-08-16T03:15:11.387",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/154141/Webmin-1.920-Remote-Command-Execution.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/154141/Webmin-Remote-Comman-Execution.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/154197/Webmin-1.920-password_change.cgi-Backdoor.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/154485/Webmin-1.920-Remote-Code-Execution.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://www.pentest.com.tr/exploits/DEFCON-Webmin-1920-Unauthenticated-Remote-Command-Execution.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.webmin.com/security.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://attackerkb.com/topics/hxx3zmiCkR/webmin-password-change-cgi-command-injection"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/47230"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/154141/Webmin-1.920-Remote-Command-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/154141/Webmin-Remote-Comman-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/154197/Webmin-1.920-password_change.cgi-Backdoor.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/154485/Webmin-1.920-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://www.pentest.com.tr/exploits/DEFCON-Webmin-1920-Unauthenticated-Remote-Command-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.webmin.com/security.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://attackerkb.com/topics/hxx3zmiCkR/webmin-password-change-cgi-command-injection"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/47230"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-11 06:15
Modified
2024-11-21 06:06
Severity ?
Summary
A cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 via the Scheduled Cron Jobs feature.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Mesh3l911/CVE-2021-32156 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Mesh3l911/CVE-2021-32156 | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:1.973:*:*:*:*:*:*:*",
"matchCriteriaId": "36AF9E26-A663-4BCE-AD76-CABD6DA36B66",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 via the Scheduled Cron Jobs feature."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de tipo cross-site request forgery (CSRF) en Webmin versi\u00f3n 1.973, por medio de la funcionalidad Scheduled Cron Jobs"
}
],
"id": "CVE-2021-32156",
"lastModified": "2024-11-21T06:06:52.717",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-11T06:15:08.160",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Mesh3l911/CVE-2021-32156"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Mesh3l911/CVE-2021-32156"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-27 04:15
Modified
2024-11-21 07:13
Severity ?
Summary
The Read Mail module in Webmin 1.995 and Usermin through 1.850 allows XSS via a crafted HTML e-mail message.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.webmin.com/security.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.webmin.com/security.html | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:usermin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "24AEB62A-F2B3-442F-8FE7-B649173A0236",
"versionEndIncluding": "1.850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.995:*:*:*:*:*:*:*",
"matchCriteriaId": "720EE395-A946-4F86-892D-EFB3D3A4A0AB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Read Mail module in Webmin 1.995 and Usermin through 1.850 allows XSS via a crafted HTML e-mail message."
},
{
"lang": "es",
"value": "El m\u00f3dulo Read Mail de Webmin 1.995 y Usermin hasta 1.850 permite un ataque de tipo XSS por medio de un mensaje de correo electr\u00f3nico HTML dise\u00f1ado"
}
],
"id": "CVE-2022-36880",
"lastModified": "2024-11-21T07:13:58.237",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-27T04:15:10.837",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.webmin.com/security.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.webmin.com/security.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-07-10 07:15
Modified
2025-03-13 15:15
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Cross-site scripting vulnerability exists in sysinfo.cgi of Webmin versions prior to 1.910. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product. As a result, a session ID may be obtained, a webpage may be altered, or a server may be halted.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN81442045/ | Third Party Advisory | |
| vultures@jpcert.or.jp | https://webmin.com/ | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN81442045/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://webmin.com/ | Product |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "681492C6-0496-4F86-9D53-EA041BDEDE55",
"versionEndExcluding": "1.910",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability exists in sysinfo.cgi of Webmin versions prior to 1.910. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product. As a result, a session ID may be obtained, a webpage may be altered, or a server may be halted."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de Cross Site Scripting en sysinfo.cgi de versiones de Webmin anteriores a la 1.910. Si se explota esta vulnerabilidad, se puede ejecutar un script arbitrario en el navegador web del usuario que accedi\u00f3 al sitio web utilizando el producto. Como resultado, se puede obtener una ID de sesi\u00f3n, se puede modificar una p\u00e1gina web o se puede detener un servidor."
}
],
"id": "CVE-2024-36450",
"lastModified": "2025-03-13T15:15:44.973",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-07-10T07:15:02.893",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN81442045/"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Product"
],
"url": "https://webmin.com/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN81442045/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://webmin.com/"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-11 06:15
Modified
2024-11-21 06:06
Severity ?
Summary
A Cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 through the File Manager feature.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Mesh3l911/CVE-2021-32162 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Mesh3l911/CVE-2021-32162 | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:1.973:*:*:*:*:*:*:*",
"matchCriteriaId": "36AF9E26-A663-4BCE-AD76-CABD6DA36B66",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 through the File Manager feature."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de tipo Cross-site request forgery (CSRF) en Webmin versi\u00f3n 1.973, mediante la funcionalidad File Manager"
}
],
"id": "CVE-2021-32162",
"lastModified": "2024-11-21T06:06:53.547",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-11T06:15:08.543",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Mesh3l911/CVE-2021-32162"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Mesh3l911/CVE-2021-32162"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-07-20 11:12
Modified
2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Webmin before 1.690 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2014-3924.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN49974594/index.html | Vendor Advisory | |
| vultures@jpcert.or.jp | http://jvndb.jvn.jp/jvndb/JVNDB-2014-000059 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN49974594/index.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvndb.jvn.jp/jvndb/JVNDB-2014-000059 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C7098876-1831-4013-AFDC-4B87AEBECEDA",
"versionEndIncluding": "1.680",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.600:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDBEEF5-0D51-4585-9AFF-E317E1E81C4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.610:*:*:*:*:*:*:*",
"matchCriteriaId": "79D5E434-C5D0-476C-991C-E82355AE32B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.620:*:*:*:*:*:*:*",
"matchCriteriaId": "523DF9D1-7E6D-458E-93AD-906AAE97E1CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.630:*:*:*:*:*:*:*",
"matchCriteriaId": "76BD5561-78F2-416F-BDE1-365D887FC061",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.640:*:*:*:*:*:*:*",
"matchCriteriaId": "E5D20433-B154-4CD2-BF7E-2B0F6E93E81C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.650:*:*:*:*:*:*:*",
"matchCriteriaId": "2403CB58-22C6-4B71-B007-4F2B8D942C5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.660:*:*:*:*:*:*:*",
"matchCriteriaId": "6321F048-D25F-4E4C-9994-7FA0D619418D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.670:*:*:*:*:*:*:*",
"matchCriteriaId": "AE07D5AE-0277-493F-8362-C09285A024E6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Webmin before 1.690 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2014-3924."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en Webmin anterior a 1.690 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores no especificados. NOTA: esto podr\u00eda solaparse con CVE-2014-3924."
}
],
"id": "CVE-2014-3885",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-07-20T11:12:50.480",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://jvn.jp/en/jp/JVN49974594/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000059"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://jvn.jp/en/jp/JVN49974594/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000059"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-08-06 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
The account lockout functionality in (1) Webmin 1.140 and (2) Usermin 1.070 does not parse certain character strings, which allows remote attackers to conduct a brute force attack to guess user IDs and passwords.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://marc.info/?l=bugtraq&m=108737059313829&w=2 | ||
| cve@mitre.org | http://www.debian.org/security/2004/dsa-526 | ||
| cve@mitre.org | http://www.gentoo.org/security/en/glsa/glsa-200406-12.xml | ||
| cve@mitre.org | http://www.gentoo.org/security/en/glsa/glsa-200406-15.xml | ||
| cve@mitre.org | http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/75_e.html | ||
| cve@mitre.org | http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:074 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/10474 | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/10523 | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.webmin.com/changes-1.150.html | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/16334 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=108737059313829&w=2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2004/dsa-526 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.gentoo.org/security/en/glsa/glsa-200406-12.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.gentoo.org/security/en/glsa/glsa-200406-15.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/75_e.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:074 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/10474 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/10523 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.webmin.com/changes-1.150.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/16334 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| usermin | usermin | 1.070 | |
| webmin | webmin | 1.1.40 | |
| debian | debian_linux | 3.0 | |
| debian | debian_linux | 3.0 | |
| debian | debian_linux | 3.0 | |
| debian | debian_linux | 3.0 | |
| debian | debian_linux | 3.0 | |
| debian | debian_linux | 3.0 | |
| debian | debian_linux | 3.0 | |
| debian | debian_linux | 3.0 | |
| debian | debian_linux | 3.0 | |
| debian | debian_linux | 3.0 | |
| debian | debian_linux | 3.0 | |
| debian | debian_linux | 3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:usermin:usermin:1.070:*:*:*:*:*:*:*",
"matchCriteriaId": "FC37A972-11D7-4C85-A8DC-5EDE808629F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.40:*:*:*:*:*:*:*",
"matchCriteriaId": "AD33CE40-DFC9-4BDC-BF4F-9E0B268B8503",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2CAE037F-111C-4A76-8FFE-716B74D65EF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:alpha:*:*:*:*:*",
"matchCriteriaId": "A6B060E4-B5A6-4469-828E-211C52542547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:arm:*:*:*:*:*",
"matchCriteriaId": "974C3541-990C-4CD4-A05A-38FA74A84632",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:hppa:*:*:*:*:*",
"matchCriteriaId": "6CBF1E0F-C7F3-4F83-9E60-6E63FA7D2775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:ia-32:*:*:*:*:*",
"matchCriteriaId": "58792F77-B06F-4780-BA25-FE1EE6C3FDD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:ia-64:*:*:*:*:*",
"matchCriteriaId": "C9419322-572F-4BB6-8416-C5E96541CF33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:m68k:*:*:*:*:*",
"matchCriteriaId": "BFC50555-C084-46A3-9C9F-949C5E3BB448",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:mips:*:*:*:*:*",
"matchCriteriaId": "9C25D6E1-D283-4CEA-B47B-60C47A5C0797",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:mipsel:*:*:*:*:*",
"matchCriteriaId": "AD18A446-C634-417E-86AC-B19B6DDDC856",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:ppc:*:*:*:*:*",
"matchCriteriaId": "E4BB852E-61B2-4842-989F-C6C0C901A8D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:s-390:*:*:*:*:*",
"matchCriteriaId": "24DD9D59-E2A2-4116-A887-39E8CC2004FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:sparc:*:*:*:*:*",
"matchCriteriaId": "F28D7457-607E-4E0C-909A-413F91CFCD82",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The account lockout functionality in (1) Webmin 1.140 and (2) Usermin 1.070 does not parse certain character strings, which allows remote attackers to conduct a brute force attack to guess user IDs and passwords."
},
{
"lang": "es",
"value": "La funcionalidad lockout en (1)Webmin 1.140 y (2) Usermin 1.070 no process ciertas cadenas de caract\u00e9reis, lo que permite a atacanetes remotos conducir un ataque de fuerza bruta para averiguar IDs de usuario y contrase\u00f1as."
}
],
"id": "CVE-2004-0583",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-08-06T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108737059313829\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2004/dsa-526"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200406-12.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200406-15.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/75_e.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:074"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10474"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10523"
},
{
"source": "cve@mitre.org",
"url": "http://www.webmin.com/changes-1.150.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16334"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108737059313829\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2004/dsa-526"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200406-12.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200406-15.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/75_e.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:074"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10474"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10523"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.webmin.com/changes-1.150.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16334"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-07-06 20:05
Modified
2025-04-03 01:03
Severity ?
Summary
Webmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML, which allows remote attackers to read arbitrary files, as demonstrated using "..%01" sequences, which bypass the removal of "../" sequences before bytes such as "%01" are removed from the filename. NOTE: This is a different issue than CVE-2006-3274.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://attrition.org/pipermail/vim/2006-July/000923.html | ||
| cve@mitre.org | http://attrition.org/pipermail/vim/2006-June/000912.html | ||
| cve@mitre.org | http://secunia.com/advisories/20892 | Patch, Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/21105 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/21365 | Patch, Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/22556 | Vendor Advisory | |
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-200608-11.xml | ||
| cve@mitre.org | http://www.debian.org/security/2006/dsa-1199 | ||
| cve@mitre.org | http://www.kb.cert.org/vuls/id/999601 | US Government Resource | |
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDKSA-2006:125 | ||
| cve@mitre.org | http://www.osvdb.org/26772 | Patch | |
| cve@mitre.org | http://www.securityfocus.com/archive/1/439653/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/440125/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/440466/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/440493/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/18744 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2006/2612 | Vendor Advisory | |
| cve@mitre.org | http://www.webmin.com/changes.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://attrition.org/pipermail/vim/2006-July/000923.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://attrition.org/pipermail/vim/2006-June/000912.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/20892 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/21105 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/21365 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/22556 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200608-11.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2006/dsa-1199 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/999601 | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDKSA-2006:125 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/26772 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/439653/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/440125/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/440466/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/440493/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/18744 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2006/2612 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.webmin.com/changes.html |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:usermin:usermin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26B92F53-3598-44F5-8CE1-A04A28EFF92E",
"versionEndIncluding": "1.210",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3A061012-19EE-4A9E-9AFC-75DF24D316C5",
"versionEndIncluding": "1.2.80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Webmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML, which allows remote attackers to read arbitrary files, as demonstrated using \"..%01\" sequences, which bypass the removal of \"../\" sequences before bytes such as \"%01\" are removed from the filename. NOTE: This is a different issue than CVE-2006-3274."
},
{
"lang": "es",
"value": "Las aplicaciones Webmin antes de su versi\u00f3n 1.290 y Usermin antes de la 1.220 llaman a la funci\u00f3n simplify_path antes de decodificar HTML, lo que permite a atacantes remotos leer ficheros arbitrarios, como se ha demostrado utilizando secuencias \"..% 01\", evitando de esta manera la supresi\u00f3n del nombre de fichero de las secuencias \"../\" anteriores a octetos del estilo de \"%01\". NOTA: Se trata de una vulnerabilidad diferente a CVE-2006-3274."
}
],
"id": "CVE-2006-3392",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-07-06T20:05:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://attrition.org/pipermail/vim/2006-July/000923.html"
},
{
"source": "cve@mitre.org",
"url": "http://attrition.org/pipermail/vim/2006-June/000912.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20892"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21105"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21365"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22556"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200608-11.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2006/dsa-1199"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/999601"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:125"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.osvdb.org/26772"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/439653/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/440125/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/440466/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/440493/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/18744"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/2612"
},
{
"source": "cve@mitre.org",
"url": "http://www.webmin.com/changes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://attrition.org/pipermail/vim/2006-July/000923.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://attrition.org/pipermail/vim/2006-June/000912.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20892"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21105"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21365"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22556"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200608-11.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2006/dsa-1199"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/999601"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:125"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.osvdb.org/26772"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/439653/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/440125/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/440466/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/440493/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/18744"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/2612"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.webmin.com/changes.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}