Vulnerabilites related to usermin - usermin
Vulnerability from fkie_nvd
Published
2004-10-20 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
The maketemp.pl script in Usermin 1.070 and 1.080 allows local users to overwrite arbitrary files at install time via a symlink attack on the /tmp/.usermin directory.
References
cve@mitre.orghttp://secunia.com/advisories/12488/Patch, Vendor Advisory
cve@mitre.orghttp://www.gentoo.org/security/en/glsa/glsa-200409-15.xmlPatch, Vendor Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/11153Patch, Vendor Advisory
cve@mitre.orghttp://www.webmin.com/uchanges-1.089.html
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/17299
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/12488/Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-200409-15.xmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/11153Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.webmin.com/uchanges-1.089.html
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/17299
Impacted products
Vendor Product Version
usermin usermin 1.000
usermin usermin 1.010
usermin usermin 1.020
usermin usermin 1.030
usermin usermin 1.040
usermin usermin 1.051
usermin usermin 1.060
usermin usermin 1.070
usermin usermin 1.080
webmin webmin 1.0.00
webmin webmin 1.0.20
webmin webmin 1.0.50
webmin webmin 1.0.60
webmin webmin 1.0.70
webmin webmin 1.0.80
webmin webmin 1.0.90
webmin webmin 1.1.00
webmin webmin 1.1.10
webmin webmin 1.1.21
webmin webmin 1.1.30
webmin webmin 1.1.40
webmin webmin 1.1.50
mandrakesoft mandrake_linux 9.2
mandrakesoft mandrake_linux 9.2
mandrakesoft mandrake_linux 10.0
mandrakesoft mandrake_linux 10.0
mandrakesoft mandrake_linux_corporate_server 2.1
mandrakesoft mandrake_linux_corporate_server 2.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.000:*:*:*:*:*:*:*",
              "matchCriteriaId": "C70274C3-7CA0-49A2-B63C-7DAF492CCD0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.010:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7C4A319-0EA6-47E0-831A-27530DCF714E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.020:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1009D90-9851-441B-A2E2-FA5B676E8182",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.030:*:*:*:*:*:*:*",
              "matchCriteriaId": "934A3D3F-CF10-478C-9206-DB468BCA4702",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.040:*:*:*:*:*:*:*",
              "matchCriteriaId": "77B42570-F094-4C25-B246-6439D3FF4B30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.051:*:*:*:*:*:*:*",
              "matchCriteriaId": "69A30BB5-2C3F-4C39-8CDC-CC0CC280384C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.060:*:*:*:*:*:*:*",
              "matchCriteriaId": "753BF8DE-D225-4301-A6A6-50CD60B34234",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.070:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC37A972-11D7-4C85-A8DC-5EDE808629F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.080:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA7131C0-4FE1-4D69-9B21-8A9BFADE2A2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B4A574A-5B2A-4769-B932-E1736564160A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9425C1F-5E6A-489A-9A8B-9156E79FEAA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.50:*:*:*:*:*:*:*",
              "matchCriteriaId": "C968FBE9-191A-40B1-9A69-BF24511E40B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.60:*:*:*:*:*:*:*",
              "matchCriteriaId": "D89047FD-39F0-4614-B1EC-D13BAF57405E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.70:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CDF2120-F341-4C2E-88C1-A6C76626BFF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.80:*:*:*:*:*:*:*",
              "matchCriteriaId": "01DFC15C-3513-4E94-B46D-94FEA0D627FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.90:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4E068D3-F6B5-4102-B9FA-949E2FAA33D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.1.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E6BD551-EC6A-4C77-B9E7-B9CF3DC21021",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "01B0FE2D-02BC-4081-B172-64A74389C5F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.1.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "1615ACA2-32CC-48B7-AB5A-0BB0FDA7F190",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.1.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5ABAE43-0EEF-44D5-AB36-44DA54290122",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.1.40:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD33CE40-DFC9-4BDC-BF4F-9E0B268B8503",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.1.50:*:*:*:*:*:*:*",
              "matchCriteriaId": "8608F5A2-B6FA-43C6-9862-43DBAF01EB1C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4177C378-7729-46AB-B49B-C6DAED3200E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:9.2:*:amd64:*:*:*:*:*",
              "matchCriteriaId": "2164D10D-D1A4-418A-A9C8-CA8FAB1E90A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A06E5CD0-8BEC-4F4C-9E11-1FEE0563946C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:amd64:*:*:*:*:*",
              "matchCriteriaId": "A3BDD466-84C9-4CFC-A3A8-7AC0F752FB53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0F0D201-B1DC-4024-AF77-A284673618F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:x86_64:*:*:*:*:*",
              "matchCriteriaId": "052E3862-BFB7-42E7-889D-8590AFA8EF37",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The maketemp.pl script in Usermin 1.070 and 1.080 allows local users to overwrite arbitrary files at install time via a symlink attack on the /tmp/.usermin directory."
    },
    {
      "lang": "es",
      "value": "El script maketemp.pl en Usermin 1.070 y 1.080 permite a usuarios locales sobreescribir ficheros de su elecci\u00f3n durante la instalaci\u00f3n mediante un ataque de enlaces simb\u00f3licos en el directorio /tmp/.usermin"
    }
  ],
  "id": "CVE-2004-0559",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2004-10-20T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/12488/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200409-15.xml"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/11153"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.webmin.com/uchanges-1.089.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17299"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/12488/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200409-15.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/11153"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.webmin.com/uchanges-1.089.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17299"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2002-08-12 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
(1) Webmin 0.96 and (2) Usermin 0.90 with password timeouts enabled allow local and possibly remote attackers to bypass authentication and gain privileges via certain control characters in the authentication information, which can force Webmin or Usermin to accept arbitrary username/session ID combinations.
References
cve@mitre.orghttp://online.securityfocus.com/archive/1/271466Exploit, Patch, Vendor Advisory
cve@mitre.orghttp://www.iss.net/security_center/static/9037.phpPatch, Vendor Advisory
cve@mitre.orghttp://www.linux-mandrake.com/en/security/2002/MDKSA-2002-033.phpPatch
cve@mitre.orghttp://www.securityfocus.com/bid/4700Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://online.securityfocus.com/archive/1/271466Exploit, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.iss.net/security_center/static/9037.phpPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-033.phpPatch
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/4700Patch, Vendor Advisory
Impacted products
Vendor Product Version
usermin usermin 0.7
usermin usermin 0.8
usermin usermin 0.9
webmin webmin 0.91
webmin webmin 0.92
webmin webmin 0.92.1
webmin webmin 0.93
webmin webmin 0.94
webmin webmin 0.95
webmin webmin 0.96


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD343610-8BE2-4916-AF30-66B21330D84C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D54B4D9-5218-41F9-A701-F960199EE520",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "B352FF6B-989C-4540-B434-9452851F745C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.91:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B0813F3-1886-481E-8822-4BD199C4934F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.92:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D25A7CA-ED9D-4562-8965-D4906D1BE5FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.92.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5C38C77-246F-41A9-A3D5-99C2DDA1DAE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.93:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1F2D028-F2F9-4CE0-A24B-7DB44D488D4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.94:*:*:*:*:*:*:*",
              "matchCriteriaId": "82EE7A9B-5688-4933-95B9-476873D44A65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.95:*:*:*:*:*:*:*",
              "matchCriteriaId": "30A57D7A-B989-4D82-B667-029A245AA6D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.96:*:*:*:*:*:*:*",
              "matchCriteriaId": "C664186B-DD40-490B-B2DE-4279B00102F2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "(1) Webmin 0.96 and (2) Usermin 0.90 with password timeouts enabled allow local and possibly remote attackers to bypass authentication and gain privileges via certain control characters in the authentication information, which can force Webmin or Usermin to accept arbitrary username/session ID combinations."
    },
    {
      "lang": "es",
      "value": "Webmin 0.96 y Usermin 0.90 con tiempo de espera para contrase\u00f1as habilitado, permite a atacantes locales y posiblemente a remotos, evitar la autenticaci\u00f3n y obtener privilegios mediante ciertos caracteres de control en la informaci\u00f3n de autenticaci\u00f3n, que podr\u00eda forzar a Webmin o Usermin a aceptar combinaciones arbitrarias de usuario/sesi\u00f3n (username/session ID)."
    }
  ],
  "id": "CVE-2002-0757",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": true,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2002-08-12T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://online.securityfocus.com/archive/1/271466"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.iss.net/security_center/static/9037.php"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-033.php"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/4700"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://online.securityfocus.com/archive/1/271466"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.iss.net/security_center/static/9037.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-033.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/4700"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
The web mail functionality in Usermin 1.x and Webmin 1.x allows remote attackers to execute arbitrary commands via shell metacharacters in an e-mail message.
References
cve@mitre.orghttp://secunia.com/advisories/12488/Patch
cve@mitre.orghttp://www.gentoo.org/security/en/glsa/glsa-200409-15.xmlPatch
cve@mitre.orghttp://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/77_e.html
cve@mitre.orghttp://www.securityfocus.com/bid/11122Exploit, Patch
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/17293
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/12488/Patch
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-200409-15.xmlPatch
af854a3a-2127-422b-91ae-364da2661108http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/77_e.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/11122Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/17293
Impacted products
Vendor Product Version
usermin usermin 1.000
usermin usermin 1.010
usermin usermin 1.020
usermin usermin 1.030
usermin usermin 1.040
usermin usermin 1.051
usermin usermin 1.060
usermin usermin 1.070
usermin usermin 1.080
webmin webmin 1.0.00
webmin webmin 1.0.20
webmin webmin 1.0.50
webmin webmin 1.0.60
webmin webmin 1.0.70
webmin webmin 1.0.80
webmin webmin 1.0.90
webmin webmin 1.1.00
webmin webmin 1.1.10
webmin webmin 1.1.21
webmin webmin 1.1.30
webmin webmin 1.1.40
webmin webmin 1.1.50


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.000:*:*:*:*:*:*:*",
              "matchCriteriaId": "C70274C3-7CA0-49A2-B63C-7DAF492CCD0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.010:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7C4A319-0EA6-47E0-831A-27530DCF714E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.020:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1009D90-9851-441B-A2E2-FA5B676E8182",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.030:*:*:*:*:*:*:*",
              "matchCriteriaId": "934A3D3F-CF10-478C-9206-DB468BCA4702",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.040:*:*:*:*:*:*:*",
              "matchCriteriaId": "77B42570-F094-4C25-B246-6439D3FF4B30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.051:*:*:*:*:*:*:*",
              "matchCriteriaId": "69A30BB5-2C3F-4C39-8CDC-CC0CC280384C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.060:*:*:*:*:*:*:*",
              "matchCriteriaId": "753BF8DE-D225-4301-A6A6-50CD60B34234",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.070:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC37A972-11D7-4C85-A8DC-5EDE808629F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.080:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA7131C0-4FE1-4D69-9B21-8A9BFADE2A2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B4A574A-5B2A-4769-B932-E1736564160A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9425C1F-5E6A-489A-9A8B-9156E79FEAA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.50:*:*:*:*:*:*:*",
              "matchCriteriaId": "C968FBE9-191A-40B1-9A69-BF24511E40B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.60:*:*:*:*:*:*:*",
              "matchCriteriaId": "D89047FD-39F0-4614-B1EC-D13BAF57405E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.70:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CDF2120-F341-4C2E-88C1-A6C76626BFF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.80:*:*:*:*:*:*:*",
              "matchCriteriaId": "01DFC15C-3513-4E94-B46D-94FEA0D627FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.90:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4E068D3-F6B5-4102-B9FA-949E2FAA33D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.1.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E6BD551-EC6A-4C77-B9E7-B9CF3DC21021",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "01B0FE2D-02BC-4081-B172-64A74389C5F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.1.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "1615ACA2-32CC-48B7-AB5A-0BB0FDA7F190",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.1.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5ABAE43-0EEF-44D5-AB36-44DA54290122",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.1.40:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD33CE40-DFC9-4BDC-BF4F-9E0B268B8503",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.1.50:*:*:*:*:*:*:*",
              "matchCriteriaId": "8608F5A2-B6FA-43C6-9862-43DBAF01EB1C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The web mail functionality in Usermin 1.x and Webmin 1.x allows remote attackers to execute arbitrary commands via shell metacharacters in an e-mail message."
    }
  ],
  "id": "CVE-2004-1468",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": true,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2004-12-31T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://secunia.com/advisories/12488/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200409-15.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/77_e.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/11122"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17293"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://secunia.com/advisories/12488/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200409-15.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/77_e.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/11122"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17293"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2006-09-19 18:07
Modified
2025-04-03 01:03
Severity ?
Summary
Usermin before 1.220 (20060629) allows remote attackers to read arbitrary files, possibly related to chfn/save.cgi not properly handling an empty shell parameter, which results in changing root's shell instead of the shell of a specified user.
References
security@debian.orghttp://secunia.com/advisories/21968Vendor Advisory
security@debian.orghttp://secunia.com/advisories/21981Patch, Vendor Advisory
security@debian.orghttp://sourceforge.net/tracker/index.php?func=detail&aid=1509145&group_id=17457&atid=485894Patch
security@debian.orghttp://www.debian.org/security/2006/dsa-1177Patch
security@debian.orghttp://www.osreviews.net/reviews/admin/usermin
security@debian.orghttp://www.securityfocus.com/bid/18574Patch
security@debian.orghttp://www.vupen.com/english/advisories/2006/3668
security@debian.orghttp://www.webmin.com/uchanges.htmlPatch
security@debian.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/29010
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/21968Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/21981Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://sourceforge.net/tracker/index.php?func=detail&aid=1509145&group_id=17457&atid=485894Patch
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2006/dsa-1177Patch
af854a3a-2127-422b-91ae-364da2661108http://www.osreviews.net/reviews/admin/usermin
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/18574Patch
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/3668
af854a3a-2127-422b-91ae-364da2661108http://www.webmin.com/uchanges.htmlPatch
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/29010
Impacted products
Vendor Product Version
usermin usermin *
usermin usermin 0.4
usermin usermin 0.5
usermin usermin 0.6
usermin usermin 0.7
usermin usermin 0.8
usermin usermin 0.9
usermin usermin 0.91
usermin usermin 0.92
usermin usermin 0.93
usermin usermin 0.94
usermin usermin 0.95
usermin usermin 0.96
usermin usermin 0.97
usermin usermin 0.98
usermin usermin 0.99
usermin usermin 1.000
usermin usermin 1.010
usermin usermin 1.020
usermin usermin 1.030
usermin usermin 1.040
usermin usermin 1.051
usermin usermin 1.060
usermin usermin 1.070
usermin usermin 1.080
usermin usermin 1.090
usermin usermin 1.100
usermin usermin 1.110
usermin usermin 1.120
usermin usermin 1.130
usermin usermin 1.140
usermin usermin 1.150


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:usermin:usermin:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "26B92F53-3598-44F5-8CE1-A04A28EFF92E",
              "versionEndIncluding": "1.210",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AD41B8B-72C0-411F-83E7-A82E1642FA26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "65A99166-28DF-4651-985F-922DBB06687E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F9EACC7-1464-4476-9AA1-50DD902A3489",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD343610-8BE2-4916-AF30-66B21330D84C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D54B4D9-5218-41F9-A701-F960199EE520",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "B352FF6B-989C-4540-B434-9452851F745C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.91:*:*:*:*:*:*:*",
              "matchCriteriaId": "F83F9841-49C7-410A-891F-365BBA043D2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.92:*:*:*:*:*:*:*",
              "matchCriteriaId": "711485C5-F16A-4481-AEE3-E2AF1BAA09DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.93:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD5B9395-DCEA-4615-825E-1C4B42F25E2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.94:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B7162DD-DFE1-478D-B87C-28C393E20941",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.95:*:*:*:*:*:*:*",
              "matchCriteriaId": "A01D1150-FCDE-47F5-BFE6-F06A294D7B29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.96:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D673B88-A9D9-4D22-9531-7F06791BC551",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.97:*:*:*:*:*:*:*",
              "matchCriteriaId": "538021A3-2A6E-446F-B14D-4DCC7A470E55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.98:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB1A2A26-1187-46BE-8EFC-F3C325679245",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.99:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E70B0A6-31C9-4D78-B4B9-E75B45B6368C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.000:*:*:*:*:*:*:*",
              "matchCriteriaId": "C70274C3-7CA0-49A2-B63C-7DAF492CCD0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.010:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7C4A319-0EA6-47E0-831A-27530DCF714E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.020:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1009D90-9851-441B-A2E2-FA5B676E8182",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.030:*:*:*:*:*:*:*",
              "matchCriteriaId": "934A3D3F-CF10-478C-9206-DB468BCA4702",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.040:*:*:*:*:*:*:*",
              "matchCriteriaId": "77B42570-F094-4C25-B246-6439D3FF4B30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.051:*:*:*:*:*:*:*",
              "matchCriteriaId": "69A30BB5-2C3F-4C39-8CDC-CC0CC280384C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.060:*:*:*:*:*:*:*",
              "matchCriteriaId": "753BF8DE-D225-4301-A6A6-50CD60B34234",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.070:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC37A972-11D7-4C85-A8DC-5EDE808629F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.080:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA7131C0-4FE1-4D69-9B21-8A9BFADE2A2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.090:*:*:*:*:*:*:*",
              "matchCriteriaId": "6499BF74-CA64-4192-A45F-0D8B30C1FF37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.100:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0E9BC53-C2EC-43B8-9B5D-40675CF4C335",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.110:*:*:*:*:*:*:*",
              "matchCriteriaId": "4702AEBE-E774-4015-974C-761901D50697",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.120:*:*:*:*:*:*:*",
              "matchCriteriaId": "9AC9875A-3D23-4E4B-9A18-F8F86A62E5DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.130:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AED1941-33C5-4C29-BC85-F43B0BE3920B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.140:*:*:*:*:*:*:*",
              "matchCriteriaId": "D05ED34F-0D69-4A4F-B59B-15437E991075",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.150:*:*:*:*:*:*:*",
              "matchCriteriaId": "B443FCF7-5949-4084-BA55-74F45A8ADB66",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Usermin before 1.220 (20060629) allows remote attackers to read arbitrary files, possibly related to chfn/save.cgi not properly handling an empty shell parameter, which results in changing root\u0027s shell instead of the shell of a specified user."
    },
    {
      "lang": "es",
      "value": "Usermin anterior a 1.220 (20060629) permite a atacantes remotos leer ficheros de su elecci\u00f3n, posiblemente relacionado con que chfn/save.cgi no est\u00e1 manejando adecuadamente un par\u00e1metro shell vac\u00edo, lo cual provoca un cambio al shell de root en vez de al shell del usuario especificado."
    }
  ],
  "evaluatorSolution": "This vulnerability is addressed in the following product release:\r\nWebmin, Usermin, 1.220",
  "id": "CVE-2006-4246",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 3.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-09-19T18:07:00.000",
  "references": [
    {
      "source": "security@debian.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21968"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21981"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Patch"
      ],
      "url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1509145\u0026group_id=17457\u0026atid=485894"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.debian.org/security/2006/dsa-1177"
    },
    {
      "source": "security@debian.org",
      "url": "http://www.osreviews.net/reviews/admin/usermin"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/18574"
    },
    {
      "source": "security@debian.org",
      "url": "http://www.vupen.com/english/advisories/2006/3668"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.webmin.com/uchanges.html"
    },
    {
      "source": "security@debian.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29010"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21968"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21981"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1509145\u0026group_id=17457\u0026atid=485894"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.debian.org/security/2006/dsa-1177"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osreviews.net/reviews/admin/usermin"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/18574"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/3668"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.webmin.com/uchanges.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29010"
    }
  ],
  "sourceIdentifier": "security@debian.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2005-09-22 10:03
Modified
2025-04-03 01:03
Severity ?
Summary
miniserv.pl in Webmin before 1.230 and Usermin before 1.160, when "full PAM conversations" is enabled, allows remote attackers to bypass authentication by spoofing session IDs via certain metacharacters (line feed or carriage return).
References
cve@mitre.orghttp://archives.neohapsis.com/archives/bugtraq/2005-09/0257.htmlPatch, Vendor Advisory
cve@mitre.orghttp://jvn.jp/jp/JVN%2340940493/index.html
cve@mitre.orghttp://secunia.com/advisories/16858Patch, Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/17282
cve@mitre.orghttp://securityreason.com/securityalert/17
cve@mitre.orghttp://www.gentoo.org/security/en/glsa/glsa-200509-17.xml
cve@mitre.orghttp://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/83_e.htmlPatch, Vendor Advisory
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDKSA-2005:176
cve@mitre.orghttp://www.novell.com/linux/security/advisories/2005_24_sr.html
cve@mitre.orghttp://www.osvdb.org/19575
cve@mitre.orghttp://www.securityfocus.com/bid/14889
cve@mitre.orghttp://www.vupen.com/english/advisories/2005/1791
cve@mitre.orghttp://www.webmin.com/changes-1.230.htmlPatch
cve@mitre.orghttp://www.webmin.com/uchanges-1.160.html
af854a3a-2127-422b-91ae-364da2661108http://archives.neohapsis.com/archives/bugtraq/2005-09/0257.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://jvn.jp/jp/JVN%2340940493/index.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/16858Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/17282
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/17
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-200509-17.xml
af854a3a-2127-422b-91ae-364da2661108http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/83_e.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2005:176
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2005_24_sr.html
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/19575
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/14889
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2005/1791
af854a3a-2127-422b-91ae-364da2661108http://www.webmin.com/changes-1.230.htmlPatch
af854a3a-2127-422b-91ae-364da2661108http://www.webmin.com/uchanges-1.160.html
Impacted products
Vendor Product Version
usermin usermin 1.150
webmin webmin 1.2.20


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.150:*:*:*:*:*:*:*",
              "matchCriteriaId": "B443FCF7-5949-4084-BA55-74F45A8ADB66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.2.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "E815171B-B054-450F-A9B3-2D522161DD02",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "miniserv.pl in Webmin before 1.230 and Usermin before 1.160, when \"full PAM conversations\" is enabled, allows remote attackers to bypass authentication by spoofing session IDs via certain metacharacters (line feed or carriage return)."
    }
  ],
  "id": "CVE-2005-3042",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2005-09-22T10:03:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://archives.neohapsis.com/archives/bugtraq/2005-09/0257.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://jvn.jp/jp/JVN%2340940493/index.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/16858"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/17282"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/17"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200509-17.xml"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/83_e.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:176"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.novell.com/linux/security/advisories/2005_24_sr.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/19575"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/14889"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2005/1791"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.webmin.com/changes-1.230.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.webmin.com/uchanges-1.160.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://archives.neohapsis.com/archives/bugtraq/2005-09/0257.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://jvn.jp/jp/JVN%2340940493/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/16858"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/17282"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/17"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200509-17.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/83_e.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:176"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2005_24_sr.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/19575"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/14889"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2005/1791"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.webmin.com/changes-1.230.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.webmin.com/uchanges-1.160.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2007-03-05 20:19
Modified
2025-04-09 00:30
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in chooser.cgi in Webmin before 1.330 and Usermin before 1.260 allow remote attackers to inject arbitrary web script or HTML via a crafted filename.
References
cve@mitre.orghttp://osvdb.org/33832
cve@mitre.orghttp://secunia.com/advisories/24321Vendor Advisory
cve@mitre.orghttp://www.securitytracker.com/id?1017711
cve@mitre.orghttp://www.vupen.com/english/advisories/2007/0780Vendor Advisory
cve@mitre.orghttp://www.webmin.com/changes-1.330.html
cve@mitre.orghttp://www.webmin.com/security.html
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/32725
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/33832
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/24321Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1017711
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/0780Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.webmin.com/changes-1.330.html
af854a3a-2127-422b-91ae-364da2661108http://www.webmin.com/security.html
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/32725
Impacted products
Vendor Product Version
usermin usermin 1.000
usermin usermin 1.010
usermin usermin 1.020
usermin usermin 1.030
usermin usermin 1.040
usermin usermin 1.051
usermin usermin 1.060
usermin usermin 1.070
usermin usermin 1.080
usermin usermin 1.090
usermin usermin 1.100
usermin usermin 1.110
usermin usermin 1.120
usermin usermin 1.130
usermin usermin 1.140
usermin usermin 1.150
usermin usermin 1.210
usermin usermin 1.220
usermin usermin 1.230
usermin usermin 1.240
usermin usermin 1.250
webmin webmin 1.0.00
webmin webmin 1.0.10
webmin webmin 1.0.20
webmin webmin 1.0.30
webmin webmin 1.0.40
webmin webmin 1.0.50
webmin webmin 1.0.51
webmin webmin 1.0.60
webmin webmin 1.0.70
webmin webmin 1.0.80
webmin webmin 1.0.90
webmin webmin 1.1.00
webmin webmin 1.1.10
webmin webmin 1.1.20
webmin webmin 1.1.21
webmin webmin 1.1.30
webmin webmin 1.1.40
webmin webmin 1.1.50
webmin webmin 1.2.20
webmin webmin 1.2.30
webmin webmin 1.2.40
webmin webmin 1.2.50
webmin webmin 1.3.20


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.000:*:*:*:*:*:*:*",
              "matchCriteriaId": "C70274C3-7CA0-49A2-B63C-7DAF492CCD0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.010:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7C4A319-0EA6-47E0-831A-27530DCF714E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.020:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1009D90-9851-441B-A2E2-FA5B676E8182",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.030:*:*:*:*:*:*:*",
              "matchCriteriaId": "934A3D3F-CF10-478C-9206-DB468BCA4702",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.040:*:*:*:*:*:*:*",
              "matchCriteriaId": "77B42570-F094-4C25-B246-6439D3FF4B30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.051:*:*:*:*:*:*:*",
              "matchCriteriaId": "69A30BB5-2C3F-4C39-8CDC-CC0CC280384C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.060:*:*:*:*:*:*:*",
              "matchCriteriaId": "753BF8DE-D225-4301-A6A6-50CD60B34234",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.070:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC37A972-11D7-4C85-A8DC-5EDE808629F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.080:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA7131C0-4FE1-4D69-9B21-8A9BFADE2A2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.090:*:*:*:*:*:*:*",
              "matchCriteriaId": "6499BF74-CA64-4192-A45F-0D8B30C1FF37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.100:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0E9BC53-C2EC-43B8-9B5D-40675CF4C335",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.110:*:*:*:*:*:*:*",
              "matchCriteriaId": "4702AEBE-E774-4015-974C-761901D50697",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.120:*:*:*:*:*:*:*",
              "matchCriteriaId": "9AC9875A-3D23-4E4B-9A18-F8F86A62E5DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.130:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AED1941-33C5-4C29-BC85-F43B0BE3920B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.140:*:*:*:*:*:*:*",
              "matchCriteriaId": "D05ED34F-0D69-4A4F-B59B-15437E991075",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.150:*:*:*:*:*:*:*",
              "matchCriteriaId": "B443FCF7-5949-4084-BA55-74F45A8ADB66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.210:*:*:*:*:*:*:*",
              "matchCriteriaId": "D42C312D-82DE-48A5-9FDE-00D547A57416",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.220:*:*:*:*:*:*:*",
              "matchCriteriaId": "278FE0A3-D3F2-4C36-BD87-CE3E349B6D0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.230:*:*:*:*:*:*:*",
              "matchCriteriaId": "5083E992-E844-4101-ADE2-123FAA1E35BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.240:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B322237-AA34-4D87-ADB4-7AF4EB01E71E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.250:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F399AAA-68FC-41AF-B701-219D1D5373CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B4A574A-5B2A-4769-B932-E1736564160A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "C644D728-1DD4-48E0-9E42-35E836006F41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9425C1F-5E6A-489A-9A8B-9156E79FEAA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B8347DA-13F8-40E9-B9EA-2703C049AFA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.40:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD9C3443-526E-4D68-9C7E-F3432BECE6C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.50:*:*:*:*:*:*:*",
              "matchCriteriaId": "C968FBE9-191A-40B1-9A69-BF24511E40B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.51:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC77E1B6-E368-4ECD-8459-69C718CE5409",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.60:*:*:*:*:*:*:*",
              "matchCriteriaId": "D89047FD-39F0-4614-B1EC-D13BAF57405E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.70:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CDF2120-F341-4C2E-88C1-A6C76626BFF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.80:*:*:*:*:*:*:*",
              "matchCriteriaId": "01DFC15C-3513-4E94-B46D-94FEA0D627FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.90:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4E068D3-F6B5-4102-B9FA-949E2FAA33D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.1.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E6BD551-EC6A-4C77-B9E7-B9CF3DC21021",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "01B0FE2D-02BC-4081-B172-64A74389C5F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.1.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "43433ECE-8225-43EE-9F5E-FBB170B60CFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.1.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "1615ACA2-32CC-48B7-AB5A-0BB0FDA7F190",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.1.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5ABAE43-0EEF-44D5-AB36-44DA54290122",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.1.40:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD33CE40-DFC9-4BDC-BF4F-9E0B268B8503",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.1.50:*:*:*:*:*:*:*",
              "matchCriteriaId": "8608F5A2-B6FA-43C6-9862-43DBAF01EB1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.2.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "E815171B-B054-450F-A9B3-2D522161DD02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.2.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD941A62-A41E-41CB-80C0-8B780AC39FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.2.40:*:*:*:*:*:*:*",
              "matchCriteriaId": "786287DD-2565-4931-BBA0-2CACD7671352",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.2.50:*:*:*:*:*:*:*",
              "matchCriteriaId": "4784DC04-D2C5-46C6-831F-23D69B4B0513",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.3.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C02919F-4201-4D1E-8395-04C6A7193077",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in chooser.cgi in Webmin before 1.330 and Usermin before 1.260 allow remote attackers to inject arbitrary web script or HTML via a crafted filename."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de tipo cross-site scripting (XSS) en el archivo chooser.cgi en Webmin versiones anteriores a 1.330 y Usermin versiones anteriores a 1.260, permite a atacantes remotos inyectar script web o HTML arbitrario por medio de un nombre de archivo dise\u00f1ado."
    }
  ],
  "id": "CVE-2007-1276",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2007-03-05T20:19:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/33832"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/24321"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1017711"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/0780"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.webmin.com/changes-1.330.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.webmin.com/security.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32725"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/33832"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/24321"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1017711"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/0780"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.webmin.com/changes-1.330.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.webmin.com/security.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32725"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2002-08-12 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Cross-site scripting vulnerability in the authentication page for (1) Webmin 0.96 and (2) Usermin 0.90 allows remote attackers to insert script into an error page and possibly steal cookies.
References
cve@mitre.orghttp://archives.neohapsis.com/archives/bugtraq/2002-05/0040.htmlPatch, Vendor Advisory
cve@mitre.orghttp://www.iss.net/security_center/static/9036.phpPatch, Vendor Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/4694Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://archives.neohapsis.com/archives/bugtraq/2002-05/0040.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.iss.net/security_center/static/9036.phpPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/4694Patch, Vendor Advisory
Impacted products
Vendor Product Version
usermin usermin 0.7
usermin usermin 0.8
usermin usermin 0.9
webmin webmin 0.91
webmin webmin 0.92
webmin webmin 0.92.1
webmin webmin 0.93
webmin webmin 0.94
webmin webmin 0.95
webmin webmin 0.96


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD343610-8BE2-4916-AF30-66B21330D84C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D54B4D9-5218-41F9-A701-F960199EE520",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "B352FF6B-989C-4540-B434-9452851F745C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.91:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B0813F3-1886-481E-8822-4BD199C4934F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.92:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D25A7CA-ED9D-4562-8965-D4906D1BE5FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.92.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5C38C77-246F-41A9-A3D5-99C2DDA1DAE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.93:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1F2D028-F2F9-4CE0-A24B-7DB44D488D4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.94:*:*:*:*:*:*:*",
              "matchCriteriaId": "82EE7A9B-5688-4933-95B9-476873D44A65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.95:*:*:*:*:*:*:*",
              "matchCriteriaId": "30A57D7A-B989-4D82-B667-029A245AA6D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.96:*:*:*:*:*:*:*",
              "matchCriteriaId": "C664186B-DD40-490B-B2DE-4279B00102F2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting vulnerability in the authentication page for (1) Webmin 0.96 and (2) Usermin 0.90 allows remote attackers to insert script into an error page and possibly steal cookies."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados en la p\u00e1gina de autenticaci\u00f3n de:\r\n\r\n Webmin 0.96\r\n Usermin 0.90\r\n\r\nque permite  a atacantes remotos la inserci\u00f3n de c\u00f3digo en una p\u00e1gina de error y posiblemente el robo de cookies."
    }
  ],
  "id": "CVE-2002-0756",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": true,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2002-08-12T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://archives.neohapsis.com/archives/bugtraq/2002-05/0040.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.iss.net/security_center/static/9036.php"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/4694"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://archives.neohapsis.com/archives/bugtraq/2002-05/0040.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.iss.net/security_center/static/9036.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/4694"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2004-08-06 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the web mail module for Usermin 1.070 allows remote attackers to insert arbitrary HTML and script via e-mail messages.
References
cve@mitre.orghttp://marc.info/?l=bugtraq&m=108781564518287&w=2
cve@mitre.orghttp://www.gentoo.org/security/en/glsa/glsa-200406-15.xmlPatch, Vendor Advisory
cve@mitre.orghttp://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/73_e.html
cve@mitre.orghttp://www.securityfocus.com/bid/10521Patch
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/16494
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=108781564518287&w=2
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-200406-15.xmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/73_e.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/10521Patch
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/16494
Impacted products
Vendor Product Version
usermin usermin 1.070


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.070:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC37A972-11D7-4C85-A8DC-5EDE808629F8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in the web mail module for Usermin 1.070 allows remote attackers to insert arbitrary HTML and script via e-mail messages."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el m\u00f3dulo de correo web de Usermin 1.070 permite a atacantes remotos insertar HTML y scrpit de su elecci\u00f3n mediante mensajes de correo electr\u00f3nico."
    }
  ],
  "evaluatorSolution": "This vulnerability is addressed in the following product update:\r\nUsermin, Usermin, 1.080",
  "id": "CVE-2004-0588",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2004-08-06T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=108781564518287\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200406-15.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/73_e.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/10521"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16494"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=108781564518287\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200406-15.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/73_e.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/10521"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16494"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2003-03-03 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
miniserv.pl in (1) Webmin before 1.070 and (2) Usermin before 1.000 does not properly handle metacharacters such as line feeds and carriage returns (CRLF) in Base-64 encoded strings during Basic authentication, which allows remote attackers to spoof a session ID and gain root privileges.
References
cve@mitre.orgftp://patches.sgi.com/support/free/security/advisories/20030602-01-I
cve@mitre.orghttp://archives.neohapsis.com/archives/hp/2003-q1/0063.html
cve@mitre.orghttp://archives.neohapsis.com/archives/linux/engarde/2003-q1/0008.html
cve@mitre.orghttp://marc.info/?l=bugtraq&m=104610245624895&w=2
cve@mitre.orghttp://marc.info/?l=bugtraq&m=104610300325629&w=2
cve@mitre.orghttp://marc.info/?l=bugtraq&m=104610336226274&w=2
cve@mitre.orghttp://marc.info/?l=webmin-announce&m=104587858408101&w=2
cve@mitre.orghttp://secunia.com/advisories/8115
cve@mitre.orghttp://secunia.com/advisories/8163
cve@mitre.orghttp://www.ciac.org/ciac/bulletins/n-058.shtml
cve@mitre.orghttp://www.debian.org/security/2003/dsa-319
cve@mitre.orghttp://www.iss.net/security_center/static/11390.phpVendor Advisory
cve@mitre.orghttp://www.lac.co.jp/security/english/snsadv_e/62_e.html
cve@mitre.orghttp://www.linuxsecurity.com/advisories/gentoo_advisory-2886.html
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDKSA-2003:025
cve@mitre.orghttp://www.securityfocus.com/bid/6915
cve@mitre.orghttp://www.securitytracker.com/id?1006160
af854a3a-2127-422b-91ae-364da2661108ftp://patches.sgi.com/support/free/security/advisories/20030602-01-I
af854a3a-2127-422b-91ae-364da2661108http://archives.neohapsis.com/archives/hp/2003-q1/0063.html
af854a3a-2127-422b-91ae-364da2661108http://archives.neohapsis.com/archives/linux/engarde/2003-q1/0008.html
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=104610245624895&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=104610300325629&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=104610336226274&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=webmin-announce&m=104587858408101&w=2
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/8115
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/8163
af854a3a-2127-422b-91ae-364da2661108http://www.ciac.org/ciac/bulletins/n-058.shtml
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2003/dsa-319
af854a3a-2127-422b-91ae-364da2661108http://www.iss.net/security_center/static/11390.phpVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.lac.co.jp/security/english/snsadv_e/62_e.html
af854a3a-2127-422b-91ae-364da2661108http://www.linuxsecurity.com/advisories/gentoo_advisory-2886.html
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2003:025
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/6915
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1006160
Impacted products
Vendor Product Version
engardelinux guardian_digital_webtool 1.2
usermin usermin 0.4
usermin usermin 0.5
usermin usermin 0.6
usermin usermin 0.7
usermin usermin 0.8
usermin usermin 0.9
usermin usermin 0.91
usermin usermin 0.92
usermin usermin 0.93
usermin usermin 0.94
usermin usermin 0.95
usermin usermin 0.96
usermin usermin 0.97
usermin usermin 0.98
usermin usermin 0.99
webmin webmin 1.0.50
webmin webmin 1.0.60


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:engardelinux:guardian_digital_webtool:1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "91EB3988-0BFD-4BE8-A170-A99A32222540",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AD41B8B-72C0-411F-83E7-A82E1642FA26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "65A99166-28DF-4651-985F-922DBB06687E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F9EACC7-1464-4476-9AA1-50DD902A3489",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD343610-8BE2-4916-AF30-66B21330D84C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D54B4D9-5218-41F9-A701-F960199EE520",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "B352FF6B-989C-4540-B434-9452851F745C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.91:*:*:*:*:*:*:*",
              "matchCriteriaId": "F83F9841-49C7-410A-891F-365BBA043D2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.92:*:*:*:*:*:*:*",
              "matchCriteriaId": "711485C5-F16A-4481-AEE3-E2AF1BAA09DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.93:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD5B9395-DCEA-4615-825E-1C4B42F25E2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.94:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B7162DD-DFE1-478D-B87C-28C393E20941",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.95:*:*:*:*:*:*:*",
              "matchCriteriaId": "A01D1150-FCDE-47F5-BFE6-F06A294D7B29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.96:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D673B88-A9D9-4D22-9531-7F06791BC551",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.97:*:*:*:*:*:*:*",
              "matchCriteriaId": "538021A3-2A6E-446F-B14D-4DCC7A470E55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.98:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB1A2A26-1187-46BE-8EFC-F3C325679245",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.99:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E70B0A6-31C9-4D78-B4B9-E75B45B6368C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.50:*:*:*:*:*:*:*",
              "matchCriteriaId": "C968FBE9-191A-40B1-9A69-BF24511E40B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.60:*:*:*:*:*:*:*",
              "matchCriteriaId": "D89047FD-39F0-4614-B1EC-D13BAF57405E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "miniserv.pl in (1) Webmin before 1.070 and (2) Usermin before 1.000 does not properly handle metacharacters such as line feeds and carriage returns (CRLF) in Base-64 encoded strings during Basic authentication, which allows remote attackers to spoof a session ID and gain root privileges."
    },
    {
      "lang": "es",
      "value": "miniserv.pl en Webmin anterior a 1.070 y Usermin antes de 1.000 no maneja adecuadamente metacaract\u00e9res como avance de l\u00ednea y retorno de carro (CRLF) en cadenas codificadas en Base-64 durante la autenticaci\u00f3n b\u00e1sica, lo que permite a atacantes remotos suplantar un ID de sesi\u00f3n y ganar privilegios de root."
    }
  ],
  "id": "CVE-2003-0101",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2003-03-03T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "ftp://patches.sgi.com/support/free/security/advisories/20030602-01-I"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://archives.neohapsis.com/archives/hp/2003-q1/0063.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://archives.neohapsis.com/archives/linux/engarde/2003-q1/0008.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=104610245624895\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=104610300325629\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=104610336226274\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=webmin-announce\u0026m=104587858408101\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/8115"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/8163"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ciac.org/ciac/bulletins/n-058.shtml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2003/dsa-319"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.iss.net/security_center/static/11390.php"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.lac.co.jp/security/english/snsadv_e/62_e.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.linuxsecurity.com/advisories/gentoo_advisory-2886.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:025"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/6915"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1006160"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://patches.sgi.com/support/free/security/advisories/20030602-01-I"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archives.neohapsis.com/archives/hp/2003-q1/0063.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archives.neohapsis.com/archives/linux/engarde/2003-q1/0008.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=104610245624895\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=104610300325629\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=104610336226274\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=webmin-announce\u0026m=104587858408101\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/8115"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/8163"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ciac.org/ciac/bulletins/n-058.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2003/dsa-319"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.iss.net/security_center/static/11390.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.lac.co.jp/security/english/snsadv_e/62_e.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.linuxsecurity.com/advisories/gentoo_advisory-2886.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:025"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/6915"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1006160"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2006-09-05 23:04
Modified
2025-04-03 01:03
Severity ?
Summary
Webmin before 1.296 and Usermin before 1.226 do not properly handle a URL with a null ("%00") character, which allows remote attackers to conduct cross-site scripting (XSS), read CGI program source code, list directories, and possibly execute programs.
References
cve@mitre.orghttp://jvn.jp/jp/JVN%2399776858/index.htmlPatch
cve@mitre.orghttp://secunia.com/advisories/21690Patch, Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/22087
cve@mitre.orghttp://secunia.com/advisories/22114
cve@mitre.orghttp://secunia.com/advisories/22556
cve@mitre.orghttp://securitytracker.com/id?1016776
cve@mitre.orghttp://securitytracker.com/id?1016777
cve@mitre.orghttp://webmin.com/security.htmlPatch
cve@mitre.orghttp://www.debian.org/security/2006/dsa-1199
cve@mitre.orghttp://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/89_e.htmlPatch, Vendor Advisory
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDKSA-2006:170
cve@mitre.orghttp://www.osvdb.org/28337
cve@mitre.orghttp://www.osvdb.org/28338
cve@mitre.orghttp://www.securityfocus.com/bid/19820
cve@mitre.orghttp://www.vupen.com/english/advisories/2006/3424Vendor Advisory
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/28699
af854a3a-2127-422b-91ae-364da2661108http://jvn.jp/jp/JVN%2399776858/index.htmlPatch
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/21690Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/22087
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/22114
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/22556
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1016776
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1016777
af854a3a-2127-422b-91ae-364da2661108http://webmin.com/security.htmlPatch
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2006/dsa-1199
af854a3a-2127-422b-91ae-364da2661108http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/89_e.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2006:170
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/28337
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/28338
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/19820
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/3424Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/28699
Impacted products
Vendor Product Version
usermin usermin *
usermin usermin 0.4
usermin usermin 0.5
usermin usermin 0.6
usermin usermin 0.7
usermin usermin 0.8
usermin usermin 0.9
usermin usermin 0.91
usermin usermin 0.92
usermin usermin 0.93
usermin usermin 0.94
usermin usermin 0.95
usermin usermin 0.96
usermin usermin 0.97
usermin usermin 0.98
usermin usermin 0.99
usermin usermin 1.000
usermin usermin 1.010
usermin usermin 1.020
usermin usermin 1.030
usermin usermin 1.040
usermin usermin 1.051
usermin usermin 1.060
usermin usermin 1.070
usermin usermin 1.080
usermin usermin 1.090
usermin usermin 1.100
usermin usermin 1.110
usermin usermin 1.120
usermin usermin 1.130
usermin usermin 1.140
usermin usermin 1.150
usermin usermin 1.210
webmin webmin *
webmin webmin 0.1
webmin webmin 0.2
webmin webmin 0.3
webmin webmin 0.4
webmin webmin 0.5
webmin webmin 0.6
webmin webmin 0.7
webmin webmin 0.21
webmin webmin 0.22
webmin webmin 0.31
webmin webmin 0.41
webmin webmin 0.42
webmin webmin 0.51
webmin webmin 0.76
webmin webmin 0.77
webmin webmin 0.78
webmin webmin 0.79
webmin webmin 0.80
webmin webmin 0.83
webmin webmin 0.84
webmin webmin 0.85
webmin webmin 0.88
webmin webmin 0.90
webmin webmin 0.91
webmin webmin 0.92
webmin webmin 0.92.1
webmin webmin 0.93
webmin webmin 0.94
webmin webmin 0.95
webmin webmin 0.96
webmin webmin 0.97
webmin webmin 0.98
webmin webmin 0.99
webmin webmin 1.0.00
webmin webmin 1.0.10
webmin webmin 1.0.20
webmin webmin 1.0.30
webmin webmin 1.0.40
webmin webmin 1.0.50
webmin webmin 1.0.51
webmin webmin 1.0.60
webmin webmin 1.0.70
webmin webmin 1.0.80
webmin webmin 1.0.90
webmin webmin 1.1.00
webmin webmin 1.1.10
webmin webmin 1.1.20
webmin webmin 1.1.21
webmin webmin 1.1.30
webmin webmin 1.1.40
webmin webmin 1.1.50
webmin webmin 1.2.20
webmin webmin 1.2.30
webmin webmin 1.2.40
webmin webmin 1.2.50
webmin webmin 1.2.60
webmin webmin 1.2.70
webmin webmin 1.2.80


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:usermin:usermin:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "876EE957-11A6-4B93-9EE5-820FD954324F",
              "versionEndIncluding": "1.220",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AD41B8B-72C0-411F-83E7-A82E1642FA26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "65A99166-28DF-4651-985F-922DBB06687E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F9EACC7-1464-4476-9AA1-50DD902A3489",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD343610-8BE2-4916-AF30-66B21330D84C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D54B4D9-5218-41F9-A701-F960199EE520",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "B352FF6B-989C-4540-B434-9452851F745C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.91:*:*:*:*:*:*:*",
              "matchCriteriaId": "F83F9841-49C7-410A-891F-365BBA043D2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.92:*:*:*:*:*:*:*",
              "matchCriteriaId": "711485C5-F16A-4481-AEE3-E2AF1BAA09DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.93:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD5B9395-DCEA-4615-825E-1C4B42F25E2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.94:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B7162DD-DFE1-478D-B87C-28C393E20941",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.95:*:*:*:*:*:*:*",
              "matchCriteriaId": "A01D1150-FCDE-47F5-BFE6-F06A294D7B29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.96:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D673B88-A9D9-4D22-9531-7F06791BC551",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.97:*:*:*:*:*:*:*",
              "matchCriteriaId": "538021A3-2A6E-446F-B14D-4DCC7A470E55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.98:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB1A2A26-1187-46BE-8EFC-F3C325679245",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.99:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E70B0A6-31C9-4D78-B4B9-E75B45B6368C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.000:*:*:*:*:*:*:*",
              "matchCriteriaId": "C70274C3-7CA0-49A2-B63C-7DAF492CCD0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.010:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7C4A319-0EA6-47E0-831A-27530DCF714E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.020:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1009D90-9851-441B-A2E2-FA5B676E8182",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.030:*:*:*:*:*:*:*",
              "matchCriteriaId": "934A3D3F-CF10-478C-9206-DB468BCA4702",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.040:*:*:*:*:*:*:*",
              "matchCriteriaId": "77B42570-F094-4C25-B246-6439D3FF4B30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.051:*:*:*:*:*:*:*",
              "matchCriteriaId": "69A30BB5-2C3F-4C39-8CDC-CC0CC280384C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.060:*:*:*:*:*:*:*",
              "matchCriteriaId": "753BF8DE-D225-4301-A6A6-50CD60B34234",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.070:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC37A972-11D7-4C85-A8DC-5EDE808629F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.080:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA7131C0-4FE1-4D69-9B21-8A9BFADE2A2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.090:*:*:*:*:*:*:*",
              "matchCriteriaId": "6499BF74-CA64-4192-A45F-0D8B30C1FF37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.100:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0E9BC53-C2EC-43B8-9B5D-40675CF4C335",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.110:*:*:*:*:*:*:*",
              "matchCriteriaId": "4702AEBE-E774-4015-974C-761901D50697",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.120:*:*:*:*:*:*:*",
              "matchCriteriaId": "9AC9875A-3D23-4E4B-9A18-F8F86A62E5DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.130:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AED1941-33C5-4C29-BC85-F43B0BE3920B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.140:*:*:*:*:*:*:*",
              "matchCriteriaId": "D05ED34F-0D69-4A4F-B59B-15437E991075",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.150:*:*:*:*:*:*:*",
              "matchCriteriaId": "B443FCF7-5949-4084-BA55-74F45A8ADB66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.210:*:*:*:*:*:*:*",
              "matchCriteriaId": "D42C312D-82DE-48A5-9FDE-00D547A57416",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "63F9D04D-D42B-47E1-B63A-BD7C943EB03D",
              "versionEndIncluding": "1.2.90",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "30E3CF12-D0B7-4C7F-96C8-36A3FAFA8EDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C808C470-F0A1-4338-A988-3968EABE78E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C16685C0-94E9-4AE6-8221-1D32112808F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "EDACA626-1687-4192-A2E8-C74823B715A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9641C23-B30A-4CB2-A348-BD708F68F90A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0852A462-22ED-422D-A454-0A6E026D9AD0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "97FEF73D-767D-4BF2-AA12-67268719A404",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "84B5A02C-96AB-46FD-A958-86AC0DFD1F2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB1B8073-C512-4ACA-8E3F-92D46D63FBCF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "B368FAD0-39A7-4115-9327-1D32BECF2F7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.41:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B3D7B7A-0426-4176-A759-E96024DC492D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.42:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E3EFDEE-A99B-4D0E-B6A7-E7C285A5DFBC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.51:*:*:*:*:*:*:*",
              "matchCriteriaId": "50C3D4D4-246A-4287-AA42-CFDD0C1AE22A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.76:*:*:*:*:*:*:*",
              "matchCriteriaId": "F05CF0BA-0606-42E5-A631-D302FF1D59F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.77:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A79B7B3-708A-42E4-B4EF-7746F6292DB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.78:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2F06BC0-0418-4A1C-BD4A-B7429A6CEA39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.79:*:*:*:*:*:*:*",
              "matchCriteriaId": "1817FDA9-31F4-4D4A-A867-386D2F1CDB1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.80:*:*:*:*:*:*:*",
              "matchCriteriaId": "23522A64-FD03-4C5B-9A8A-5E7CDDC65CEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.83:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFD94AA9-CABA-4FC8-8367-D5D9D8B4F623",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.84:*:*:*:*:*:*:*",
              "matchCriteriaId": "35B136CA-47BF-46DE-885A-9E74EBDE5306",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.85:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9A3F522-6E6D-446C-8694-7AE91F19F1C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.88:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBB86BC7-4A99-4C5B-9460-CDDA7C4E4041",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.90:*:*:*:*:*:*:*",
              "matchCriteriaId": "957C7CA1-DD36-409C-B7E5-01B719B4695E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.91:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B0813F3-1886-481E-8822-4BD199C4934F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.92:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D25A7CA-ED9D-4562-8965-D4906D1BE5FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.92.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5C38C77-246F-41A9-A3D5-99C2DDA1DAE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.93:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1F2D028-F2F9-4CE0-A24B-7DB44D488D4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.94:*:*:*:*:*:*:*",
              "matchCriteriaId": "82EE7A9B-5688-4933-95B9-476873D44A65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.95:*:*:*:*:*:*:*",
              "matchCriteriaId": "30A57D7A-B989-4D82-B667-029A245AA6D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.96:*:*:*:*:*:*:*",
              "matchCriteriaId": "C664186B-DD40-490B-B2DE-4279B00102F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.97:*:*:*:*:*:*:*",
              "matchCriteriaId": "88E1D6C5-20FE-4514-B618-312BB19E5F6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.98:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5017EA5-7188-4293-9FDF-5D23DCB40B12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.99:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF6C5F07-330D-46C5-8A8B-8DF734F4640F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B4A574A-5B2A-4769-B932-E1736564160A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "C644D728-1DD4-48E0-9E42-35E836006F41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9425C1F-5E6A-489A-9A8B-9156E79FEAA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B8347DA-13F8-40E9-B9EA-2703C049AFA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.40:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD9C3443-526E-4D68-9C7E-F3432BECE6C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.50:*:*:*:*:*:*:*",
              "matchCriteriaId": "C968FBE9-191A-40B1-9A69-BF24511E40B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.51:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC77E1B6-E368-4ECD-8459-69C718CE5409",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.60:*:*:*:*:*:*:*",
              "matchCriteriaId": "D89047FD-39F0-4614-B1EC-D13BAF57405E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.70:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CDF2120-F341-4C2E-88C1-A6C76626BFF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.80:*:*:*:*:*:*:*",
              "matchCriteriaId": "01DFC15C-3513-4E94-B46D-94FEA0D627FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.90:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4E068D3-F6B5-4102-B9FA-949E2FAA33D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.1.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E6BD551-EC6A-4C77-B9E7-B9CF3DC21021",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "01B0FE2D-02BC-4081-B172-64A74389C5F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.1.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "43433ECE-8225-43EE-9F5E-FBB170B60CFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.1.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "1615ACA2-32CC-48B7-AB5A-0BB0FDA7F190",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.1.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5ABAE43-0EEF-44D5-AB36-44DA54290122",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.1.40:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD33CE40-DFC9-4BDC-BF4F-9E0B268B8503",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.1.50:*:*:*:*:*:*:*",
              "matchCriteriaId": "8608F5A2-B6FA-43C6-9862-43DBAF01EB1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.2.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "E815171B-B054-450F-A9B3-2D522161DD02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.2.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD941A62-A41E-41CB-80C0-8B780AC39FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.2.40:*:*:*:*:*:*:*",
              "matchCriteriaId": "786287DD-2565-4931-BBA0-2CACD7671352",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.2.50:*:*:*:*:*:*:*",
              "matchCriteriaId": "4784DC04-D2C5-46C6-831F-23D69B4B0513",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.2.60:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C219DAB-C13C-4232-8B98-2D7A9ED16E30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.2.70:*:*:*:*:*:*:*",
              "matchCriteriaId": "F88507A8-6143-4FB7-8027-EFB0C981ED8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.2.80:*:*:*:*:*:*:*",
              "matchCriteriaId": "E35C0772-8265-415F-A390-530640DB9599",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Webmin before 1.296 and Usermin before 1.226 do not properly handle a URL with a null (\"%00\") character, which allows remote attackers to conduct cross-site scripting (XSS), read CGI program source code, list directories, and possibly execute programs."
    },
    {
      "lang": "es",
      "value": "Webmin anterior a 1.296 y Usermin anterior a  1.226 no dirigidas adecuadamente una URL con un caracter nulo (\"%00\"), lo cual permite a un atacante remoto dirigir una secuencia de comandos de sitios cruzados (XSS), leer el c\u00f3digo fuente del programa CGI, lista de directorios, y posiblemente ejecutar programas."
    }
  ],
  "evaluatorSolution": "This vulnerability is addressed in the following product releases:\r\nWebmin, Webmin, 1.296\r\nUsermin, Usermin, 1.226",
  "id": "CVE-2006-4542",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-09-05T23:04:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://jvn.jp/jp/JVN%2399776858/index.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21690"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/22087"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/22114"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/22556"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1016776"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1016777"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://webmin.com/security.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2006/dsa-1199"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/89_e.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:170"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/28337"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/28338"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/19820"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/3424"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28699"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://jvn.jp/jp/JVN%2399776858/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21690"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/22087"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/22114"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/22556"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1016776"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1016777"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://webmin.com/security.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2006/dsa-1199"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/89_e.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:170"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/28337"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/28338"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/19820"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/3424"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28699"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2004-08-06 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
The account lockout functionality in (1) Webmin 1.140 and (2) Usermin 1.070 does not parse certain character strings, which allows remote attackers to conduct a brute force attack to guess user IDs and passwords.
References
cve@mitre.orghttp://marc.info/?l=bugtraq&m=108737059313829&w=2
cve@mitre.orghttp://www.debian.org/security/2004/dsa-526
cve@mitre.orghttp://www.gentoo.org/security/en/glsa/glsa-200406-12.xml
cve@mitre.orghttp://www.gentoo.org/security/en/glsa/glsa-200406-15.xml
cve@mitre.orghttp://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/75_e.html
cve@mitre.orghttp://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:074
cve@mitre.orghttp://www.securityfocus.com/bid/10474Patch, Vendor Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/10523Patch, Vendor Advisory
cve@mitre.orghttp://www.webmin.com/changes-1.150.html
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/16334
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=108737059313829&w=2
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2004/dsa-526
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-200406-12.xml
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-200406-15.xml
af854a3a-2127-422b-91ae-364da2661108http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/75_e.html
af854a3a-2127-422b-91ae-364da2661108http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:074
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/10474Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/10523Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.webmin.com/changes-1.150.html
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/16334
Impacted products
Vendor Product Version
usermin usermin 1.070
webmin webmin 1.1.40
debian debian_linux 3.0
debian debian_linux 3.0
debian debian_linux 3.0
debian debian_linux 3.0
debian debian_linux 3.0
debian debian_linux 3.0
debian debian_linux 3.0
debian debian_linux 3.0
debian debian_linux 3.0
debian debian_linux 3.0
debian debian_linux 3.0
debian debian_linux 3.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.070:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC37A972-11D7-4C85-A8DC-5EDE808629F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.1.40:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD33CE40-DFC9-4BDC-BF4F-9E0B268B8503",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CAE037F-111C-4A76-8FFE-716B74D65EF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:alpha:*:*:*:*:*",
              "matchCriteriaId": "A6B060E4-B5A6-4469-828E-211C52542547",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:arm:*:*:*:*:*",
              "matchCriteriaId": "974C3541-990C-4CD4-A05A-38FA74A84632",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:hppa:*:*:*:*:*",
              "matchCriteriaId": "6CBF1E0F-C7F3-4F83-9E60-6E63FA7D2775",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:ia-32:*:*:*:*:*",
              "matchCriteriaId": "58792F77-B06F-4780-BA25-FE1EE6C3FDD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:ia-64:*:*:*:*:*",
              "matchCriteriaId": "C9419322-572F-4BB6-8416-C5E96541CF33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:m68k:*:*:*:*:*",
              "matchCriteriaId": "BFC50555-C084-46A3-9C9F-949C5E3BB448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:mips:*:*:*:*:*",
              "matchCriteriaId": "9C25D6E1-D283-4CEA-B47B-60C47A5C0797",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:mipsel:*:*:*:*:*",
              "matchCriteriaId": "AD18A446-C634-417E-86AC-B19B6DDDC856",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:ppc:*:*:*:*:*",
              "matchCriteriaId": "E4BB852E-61B2-4842-989F-C6C0C901A8D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:s-390:*:*:*:*:*",
              "matchCriteriaId": "24DD9D59-E2A2-4116-A887-39E8CC2004FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:sparc:*:*:*:*:*",
              "matchCriteriaId": "F28D7457-607E-4E0C-909A-413F91CFCD82",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The account lockout functionality in (1) Webmin 1.140 and (2) Usermin 1.070 does not parse certain character strings, which allows remote attackers to conduct a brute force attack to guess user IDs and passwords."
    },
    {
      "lang": "es",
      "value": "La funcionalidad lockout en (1)Webmin 1.140 y (2) Usermin 1.070 no process ciertas cadenas de caract\u00e9reis, lo que permite a atacanetes remotos conducir un ataque de fuerza bruta para averiguar IDs de usuario y contrase\u00f1as."
    }
  ],
  "id": "CVE-2004-0583",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2004-08-06T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=108737059313829\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2004/dsa-526"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200406-12.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200406-15.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/75_e.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:074"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/10474"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/10523"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.webmin.com/changes-1.150.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16334"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=108737059313829\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2004/dsa-526"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200406-12.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200406-15.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/75_e.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:074"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/10474"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/10523"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.webmin.com/changes-1.150.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16334"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Unknown vulnerability in (1) Webmin and (2) Usermin before 1.200 causes Webmin to change permissions and ownership of configuration files, with unknown impact.
References
cve@mitre.orghttp://securitytracker.com/id?1013723Patch
cve@mitre.orghttp://www.webmin.com/changes.html
cve@mitre.orghttp://www.webmin.com/uchanges.html
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/20607
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1013723Patch
af854a3a-2127-422b-91ae-364da2661108http://www.webmin.com/changes.html
af854a3a-2127-422b-91ae-364da2661108http://www.webmin.com/uchanges.html
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/20607
Impacted products
Vendor Product Version
usermin usermin 0.4
usermin usermin 0.5
usermin usermin 0.6
usermin usermin 0.7
usermin usermin 0.8
usermin usermin 0.9
usermin usermin 0.91
usermin usermin 0.92
usermin usermin 0.93
usermin usermin 0.94
usermin usermin 0.95
usermin usermin 0.96
usermin usermin 0.97
usermin usermin 0.98
usermin usermin 0.99
usermin usermin 1.000
usermin usermin 1.010
usermin usermin 1.020
usermin usermin 1.030
usermin usermin 1.040
usermin usermin 1.051
usermin usermin 1.060
usermin usermin 1.070
usermin usermin 1.080
usermin usermin 1.090
usermin usermin 1.100
usermin usermin 1.110
usermin usermin 1.120
usermin usermin 1.130
usermin usermin 1.140
webmin webmin 0.4
webmin webmin 0.5
webmin webmin 0.6
webmin webmin 0.7
webmin webmin 0.80
webmin webmin 0.90
webmin webmin 0.91
webmin webmin 0.92
webmin webmin 0.93
webmin webmin 0.94
webmin webmin 0.95
webmin webmin 0.96
webmin webmin 0.97
webmin webmin 0.98
webmin webmin 0.99
webmin webmin 1.0.00
webmin webmin 1.0.10
webmin webmin 1.0.20
webmin webmin 1.0.30
webmin webmin 1.0.40
webmin webmin 1.0.51
webmin webmin 1.0.60
webmin webmin 1.0.70
webmin webmin 1.0.80
webmin webmin 1.0.90
webmin webmin 1.1.00
webmin webmin 1.1.10
webmin webmin 1.1.20
webmin webmin 1.1.30
webmin webmin 1.1.40


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AD41B8B-72C0-411F-83E7-A82E1642FA26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "65A99166-28DF-4651-985F-922DBB06687E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F9EACC7-1464-4476-9AA1-50DD902A3489",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD343610-8BE2-4916-AF30-66B21330D84C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D54B4D9-5218-41F9-A701-F960199EE520",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "B352FF6B-989C-4540-B434-9452851F745C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.91:*:*:*:*:*:*:*",
              "matchCriteriaId": "F83F9841-49C7-410A-891F-365BBA043D2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.92:*:*:*:*:*:*:*",
              "matchCriteriaId": "711485C5-F16A-4481-AEE3-E2AF1BAA09DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.93:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD5B9395-DCEA-4615-825E-1C4B42F25E2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.94:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B7162DD-DFE1-478D-B87C-28C393E20941",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.95:*:*:*:*:*:*:*",
              "matchCriteriaId": "A01D1150-FCDE-47F5-BFE6-F06A294D7B29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.96:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D673B88-A9D9-4D22-9531-7F06791BC551",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.97:*:*:*:*:*:*:*",
              "matchCriteriaId": "538021A3-2A6E-446F-B14D-4DCC7A470E55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.98:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB1A2A26-1187-46BE-8EFC-F3C325679245",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.99:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E70B0A6-31C9-4D78-B4B9-E75B45B6368C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.000:*:*:*:*:*:*:*",
              "matchCriteriaId": "C70274C3-7CA0-49A2-B63C-7DAF492CCD0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.010:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7C4A319-0EA6-47E0-831A-27530DCF714E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.020:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1009D90-9851-441B-A2E2-FA5B676E8182",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.030:*:*:*:*:*:*:*",
              "matchCriteriaId": "934A3D3F-CF10-478C-9206-DB468BCA4702",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.040:*:*:*:*:*:*:*",
              "matchCriteriaId": "77B42570-F094-4C25-B246-6439D3FF4B30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.051:*:*:*:*:*:*:*",
              "matchCriteriaId": "69A30BB5-2C3F-4C39-8CDC-CC0CC280384C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.060:*:*:*:*:*:*:*",
              "matchCriteriaId": "753BF8DE-D225-4301-A6A6-50CD60B34234",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.070:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC37A972-11D7-4C85-A8DC-5EDE808629F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.080:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA7131C0-4FE1-4D69-9B21-8A9BFADE2A2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.090:*:*:*:*:*:*:*",
              "matchCriteriaId": "6499BF74-CA64-4192-A45F-0D8B30C1FF37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.100:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0E9BC53-C2EC-43B8-9B5D-40675CF4C335",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.110:*:*:*:*:*:*:*",
              "matchCriteriaId": "4702AEBE-E774-4015-974C-761901D50697",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.120:*:*:*:*:*:*:*",
              "matchCriteriaId": "9AC9875A-3D23-4E4B-9A18-F8F86A62E5DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.130:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AED1941-33C5-4C29-BC85-F43B0BE3920B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.140:*:*:*:*:*:*:*",
              "matchCriteriaId": "D05ED34F-0D69-4A4F-B59B-15437E991075",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "EDACA626-1687-4192-A2E8-C74823B715A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9641C23-B30A-4CB2-A348-BD708F68F90A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0852A462-22ED-422D-A454-0A6E026D9AD0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "97FEF73D-767D-4BF2-AA12-67268719A404",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.80:*:*:*:*:*:*:*",
              "matchCriteriaId": "23522A64-FD03-4C5B-9A8A-5E7CDDC65CEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.90:*:*:*:*:*:*:*",
              "matchCriteriaId": "957C7CA1-DD36-409C-B7E5-01B719B4695E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.91:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B0813F3-1886-481E-8822-4BD199C4934F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.92:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D25A7CA-ED9D-4562-8965-D4906D1BE5FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.93:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1F2D028-F2F9-4CE0-A24B-7DB44D488D4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.94:*:*:*:*:*:*:*",
              "matchCriteriaId": "82EE7A9B-5688-4933-95B9-476873D44A65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.95:*:*:*:*:*:*:*",
              "matchCriteriaId": "30A57D7A-B989-4D82-B667-029A245AA6D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.96:*:*:*:*:*:*:*",
              "matchCriteriaId": "C664186B-DD40-490B-B2DE-4279B00102F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.97:*:*:*:*:*:*:*",
              "matchCriteriaId": "88E1D6C5-20FE-4514-B618-312BB19E5F6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.98:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5017EA5-7188-4293-9FDF-5D23DCB40B12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.99:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF6C5F07-330D-46C5-8A8B-8DF734F4640F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B4A574A-5B2A-4769-B932-E1736564160A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "C644D728-1DD4-48E0-9E42-35E836006F41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9425C1F-5E6A-489A-9A8B-9156E79FEAA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B8347DA-13F8-40E9-B9EA-2703C049AFA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.40:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD9C3443-526E-4D68-9C7E-F3432BECE6C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.51:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC77E1B6-E368-4ECD-8459-69C718CE5409",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.60:*:*:*:*:*:*:*",
              "matchCriteriaId": "D89047FD-39F0-4614-B1EC-D13BAF57405E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.70:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CDF2120-F341-4C2E-88C1-A6C76626BFF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.80:*:*:*:*:*:*:*",
              "matchCriteriaId": "01DFC15C-3513-4E94-B46D-94FEA0D627FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.90:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4E068D3-F6B5-4102-B9FA-949E2FAA33D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.1.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E6BD551-EC6A-4C77-B9E7-B9CF3DC21021",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "01B0FE2D-02BC-4081-B172-64A74389C5F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.1.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "43433ECE-8225-43EE-9F5E-FBB170B60CFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.1.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5ABAE43-0EEF-44D5-AB36-44DA54290122",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.1.40:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD33CE40-DFC9-4BDC-BF4F-9E0B268B8503",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unknown vulnerability in (1) Webmin and (2) Usermin before 1.200 causes Webmin to change permissions and ownership of configuration files, with unknown impact."
    }
  ],
  "id": "CVE-2005-1177",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2005-05-02T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://securitytracker.com/id?1013723"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.webmin.com/changes.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.webmin.com/uchanges.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20607"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://securitytracker.com/id?1013723"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.webmin.com/changes.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.webmin.com/uchanges.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20607"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2006-07-06 20:05
Modified
2025-04-03 01:03
Severity ?
Summary
Webmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML, which allows remote attackers to read arbitrary files, as demonstrated using "..%01" sequences, which bypass the removal of "../" sequences before bytes such as "%01" are removed from the filename. NOTE: This is a different issue than CVE-2006-3274.
References
cve@mitre.orghttp://attrition.org/pipermail/vim/2006-July/000923.html
cve@mitre.orghttp://attrition.org/pipermail/vim/2006-June/000912.html
cve@mitre.orghttp://secunia.com/advisories/20892Patch, Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/21105Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/21365Patch, Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/22556Vendor Advisory
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-200608-11.xml
cve@mitre.orghttp://www.debian.org/security/2006/dsa-1199
cve@mitre.orghttp://www.kb.cert.org/vuls/id/999601US Government Resource
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDKSA-2006:125
cve@mitre.orghttp://www.osvdb.org/26772Patch
cve@mitre.orghttp://www.securityfocus.com/archive/1/439653/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/440125/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/440466/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/440493/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/18744
cve@mitre.orghttp://www.vupen.com/english/advisories/2006/2612Vendor Advisory
cve@mitre.orghttp://www.webmin.com/changes.html
af854a3a-2127-422b-91ae-364da2661108http://attrition.org/pipermail/vim/2006-July/000923.html
af854a3a-2127-422b-91ae-364da2661108http://attrition.org/pipermail/vim/2006-June/000912.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/20892Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/21105Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/21365Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/22556Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200608-11.xml
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2006/dsa-1199
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/999601US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2006:125
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/26772Patch
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/439653/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/440125/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/440466/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/440493/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/18744
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/2612Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.webmin.com/changes.html
Impacted products
Vendor Product Version
usermin usermin *
webmin webmin *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:usermin:usermin:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "26B92F53-3598-44F5-8CE1-A04A28EFF92E",
              "versionEndIncluding": "1.210",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A061012-19EE-4A9E-9AFC-75DF24D316C5",
              "versionEndIncluding": "1.2.80",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Webmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML, which allows remote attackers to read arbitrary files, as demonstrated using \"..%01\" sequences, which bypass the removal of \"../\" sequences before bytes such as \"%01\" are removed from the filename.  NOTE: This is a different issue than CVE-2006-3274."
    },
    {
      "lang": "es",
      "value": "Las aplicaciones Webmin antes de su versi\u00f3n 1.290 y Usermin antes de la 1.220 llaman a la funci\u00f3n simplify_path antes de decodificar HTML, lo que permite a atacantes remotos leer ficheros arbitrarios, como se ha demostrado utilizando secuencias \"..% 01\", evitando de esta manera la supresi\u00f3n del nombre de fichero de las secuencias \"../\" anteriores a octetos del estilo de \"%01\". NOTA: Se trata de una vulnerabilidad diferente a CVE-2006-3274."
    }
  ],
  "id": "CVE-2006-3392",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-07-06T20:05:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://attrition.org/pipermail/vim/2006-July/000923.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://attrition.org/pipermail/vim/2006-June/000912.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/20892"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21105"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21365"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22556"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-200608-11.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2006/dsa-1199"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/999601"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:125"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.osvdb.org/26772"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/439653/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/440125/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/440466/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/440493/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/18744"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/2612"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.webmin.com/changes.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://attrition.org/pipermail/vim/2006-July/000923.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://attrition.org/pipermail/vim/2006-June/000912.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/20892"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21105"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21365"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22556"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200608-11.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2006/dsa-1199"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/999601"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:125"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.osvdb.org/26772"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/439653/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/440125/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/440466/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/440493/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/18744"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/2612"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.webmin.com/changes.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2002-0756 (GCVE-0-2002-0756)
Vulnerability from cvelistv5
Published
2002-07-26 04:00
Modified
2024-08-08 03:03
Severity ?
CWE
  • n/a
Summary
Cross-site scripting vulnerability in the authentication page for (1) Webmin 0.96 and (2) Usermin 0.90 allows remote attackers to insert script into an error page and possibly steal cookies.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T03:03:47.965Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "webmin-usermin-authpage-css(9036)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "http://www.iss.net/security_center/static/9036.php"
          },
          {
            "name": "4694",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/4694"
          },
          {
            "name": "20020508 [SNS Advisory No.52] Webmin/Usermin Cross-site Scripting Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2002-05/0040.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2002-05-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting vulnerability in the authentication page for (1) Webmin 0.96 and (2) Usermin 0.90 allows remote attackers to insert script into an error page and possibly steal cookies."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2002-07-31T09:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "webmin-usermin-authpage-css(9036)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "http://www.iss.net/security_center/static/9036.php"
        },
        {
          "name": "4694",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/4694"
        },
        {
          "name": "20020508 [SNS Advisory No.52] Webmin/Usermin Cross-site Scripting Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2002-05/0040.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2002-0756",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting vulnerability in the authentication page for (1) Webmin 0.96 and (2) Usermin 0.90 allows remote attackers to insert script into an error page and possibly steal cookies."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "webmin-usermin-authpage-css(9036)",
              "refsource": "XF",
              "url": "http://www.iss.net/security_center/static/9036.php"
            },
            {
              "name": "4694",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/4694"
            },
            {
              "name": "20020508 [SNS Advisory No.52] Webmin/Usermin Cross-site Scripting Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://archives.neohapsis.com/archives/bugtraq/2002-05/0040.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2002-0756",
    "datePublished": "2002-07-26T04:00:00",
    "dateReserved": "2002-07-25T00:00:00",
    "dateUpdated": "2024-08-08T03:03:47.965Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2004-0583 (GCVE-0-2004-0583)
Vulnerability from cvelistv5
Published
2004-06-23 04:00
Modified
2024-08-08 00:24
Severity ?
CWE
  • n/a
Summary
The account lockout functionality in (1) Webmin 1.140 and (2) Usermin 1.070 does not parse certain character strings, which allows remote attackers to conduct a brute force attack to guess user IDs and passwords.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T00:24:26.063Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "10474",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/10474"
          },
          {
            "name": "DSA-526",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2004/dsa-526"
          },
          {
            "name": "webmin-username-password-dos(16334)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16334"
          },
          {
            "name": "10523",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/10523"
          },
          {
            "name": "MDKSA-2004:074",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRAKE",
              "x_transferred"
            ],
            "url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:074"
          },
          {
            "name": "20040611 [SNS Advisory No.75] Webmin/Usermin Account Lockout Bypass Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=108737059313829\u0026w=2"
          },
          {
            "name": "GLSA-200406-15",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200406-15.xml"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.webmin.com/changes-1.150.html"
          },
          {
            "name": "GLSA-200406-12",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200406-12.xml"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/75_e.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-06-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The account lockout functionality in (1) Webmin 1.140 and (2) Usermin 1.070 does not parse certain character strings, which allows remote attackers to conduct a brute force attack to guess user IDs and passwords."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "10474",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/10474"
        },
        {
          "name": "DSA-526",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2004/dsa-526"
        },
        {
          "name": "webmin-username-password-dos(16334)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16334"
        },
        {
          "name": "10523",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/10523"
        },
        {
          "name": "MDKSA-2004:074",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRAKE"
          ],
          "url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:074"
        },
        {
          "name": "20040611 [SNS Advisory No.75] Webmin/Usermin Account Lockout Bypass Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=108737059313829\u0026w=2"
        },
        {
          "name": "GLSA-200406-15",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200406-15.xml"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.webmin.com/changes-1.150.html"
        },
        {
          "name": "GLSA-200406-12",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200406-12.xml"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/75_e.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-0583",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The account lockout functionality in (1) Webmin 1.140 and (2) Usermin 1.070 does not parse certain character strings, which allows remote attackers to conduct a brute force attack to guess user IDs and passwords."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "10474",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/10474"
            },
            {
              "name": "DSA-526",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2004/dsa-526"
            },
            {
              "name": "webmin-username-password-dos(16334)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16334"
            },
            {
              "name": "10523",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/10523"
            },
            {
              "name": "MDKSA-2004:074",
              "refsource": "MANDRAKE",
              "url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:074"
            },
            {
              "name": "20040611 [SNS Advisory No.75] Webmin/Usermin Account Lockout Bypass Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=108737059313829\u0026w=2"
            },
            {
              "name": "GLSA-200406-15",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200406-15.xml"
            },
            {
              "name": "http://www.webmin.com/changes-1.150.html",
              "refsource": "CONFIRM",
              "url": "http://www.webmin.com/changes-1.150.html"
            },
            {
              "name": "GLSA-200406-12",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200406-12.xml"
            },
            {
              "name": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/75_e.html",
              "refsource": "MISC",
              "url": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/75_e.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-0583",
    "datePublished": "2004-06-23T04:00:00",
    "dateReserved": "2004-06-18T00:00:00",
    "dateUpdated": "2024-08-08T00:24:26.063Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2004-1468 (GCVE-0-2004-1468)
Vulnerability from cvelistv5
Published
2005-02-13 05:00
Modified
2024-08-08 00:53
Severity ?
CWE
  • n/a
Summary
The web mail functionality in Usermin 1.x and Webmin 1.x allows remote attackers to execute arbitrary commands via shell metacharacters in an e-mail message.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T00:53:23.804Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "11122",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/11122"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/77_e.html"
          },
          {
            "name": "12488",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/12488/"
          },
          {
            "name": "GLSA-200409-15",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200409-15.xml"
          },
          {
            "name": "usermin-web-mail-command-execution(17293)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17293"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-09-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The web mail functionality in Usermin 1.x and Webmin 1.x allows remote attackers to execute arbitrary commands via shell metacharacters in an e-mail message."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "11122",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/11122"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/77_e.html"
        },
        {
          "name": "12488",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/12488/"
        },
        {
          "name": "GLSA-200409-15",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200409-15.xml"
        },
        {
          "name": "usermin-web-mail-command-execution(17293)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17293"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-1468",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The web mail functionality in Usermin 1.x and Webmin 1.x allows remote attackers to execute arbitrary commands via shell metacharacters in an e-mail message."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "11122",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/11122"
            },
            {
              "name": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/77_e.html",
              "refsource": "MISC",
              "url": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/77_e.html"
            },
            {
              "name": "12488",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/12488/"
            },
            {
              "name": "GLSA-200409-15",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200409-15.xml"
            },
            {
              "name": "usermin-web-mail-command-execution(17293)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17293"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-1468",
    "datePublished": "2005-02-13T05:00:00",
    "dateReserved": "2005-02-13T00:00:00",
    "dateUpdated": "2024-08-08T00:53:23.804Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-2079 (GCVE-0-2015-2079)
Vulnerability from cvelistv5
Published
2025-04-28 00:00
Modified
2025-04-28 15:26
Severity ?
9.9 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CWE
  • CWE-96 - Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
Summary
Usermin 0.980 through 1.x before 1.660 allows uconfig_save.cgi sig_file_free remote code execution because it uses the two argument (not three argument) form of Perl open.
References
Impacted products
Vendor Product Version
Usermin Usermin Version: 0.980   < 1.660
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2015-2079",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-28T15:17:22.192383Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-28T15:26:11.894Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Usermin",
          "vendor": "Usermin",
          "versions": [
            {
              "lessThan": "1.660",
              "status": "affected",
              "version": "0.980",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:usermin:usermin:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "1.660",
                  "versionStartIncluding": "0.980",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Usermin 0.980 through 1.x before 1.660 allows uconfig_save.cgi sig_file_free remote code execution because it uses the two argument (not three argument) form of Perl open."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 9.9,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-96",
              "description": "CWE-96 Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-28T14:45:13.615Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://code-white.com/public-vulnerability-list/"
        },
        {
          "url": "https://code-white.com/blog/2015-05-cve-2015-2079-rce-usermin/"
        }
      ],
      "x_generator": {
        "engine": "enrichogram 0.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-2079",
    "datePublished": "2025-04-28T00:00:00.000Z",
    "dateReserved": "2015-02-24T00:00:00.000Z",
    "dateUpdated": "2025-04-28T15:26:11.894Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2005-3042 (GCVE-0-2005-3042)
Vulnerability from cvelistv5
Published
2005-09-22 04:00
Modified
2024-08-07 22:53
Severity ?
CWE
  • n/a
Summary
miniserv.pl in Webmin before 1.230 and Usermin before 1.160, when "full PAM conversations" is enabled, allows remote attackers to bypass authentication by spoofing session IDs via certain metacharacters (line feed or carriage return).
References
http://secunia.com/advisories/16858 third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/17282 third-party-advisory, x_refsource_SECUNIA
http://www.gentoo.org/security/en/glsa/glsa-200509-17.xml vendor-advisory, x_refsource_GENTOO
http://www.osvdb.org/19575 vdb-entry, x_refsource_OSVDB
http://securityreason.com/securityalert/17 third-party-advisory, x_refsource_SREASON
http://www.securityfocus.com/bid/14889 vdb-entry, x_refsource_BID
http://www.vupen.com/english/advisories/2005/1791 vdb-entry, x_refsource_VUPEN
http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/83_e.html x_refsource_MISC
http://www.mandriva.com/security/advisories?name=MDKSA-2005:176 vendor-advisory, x_refsource_MANDRIVA
http://www.novell.com/linux/security/advisories/2005_24_sr.html vendor-advisory, x_refsource_SUSE
http://archives.neohapsis.com/archives/bugtraq/2005-09/0257.html mailing-list, x_refsource_BUGTRAQ
http://www.webmin.com/changes-1.230.html x_refsource_CONFIRM
http://jvn.jp/jp/JVN%2340940493/index.html third-party-advisory, x_refsource_JVN
http://www.webmin.com/uchanges-1.160.html x_refsource_CONFIRM
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T22:53:30.475Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "16858",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/16858"
          },
          {
            "name": "17282",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/17282"
          },
          {
            "name": "GLSA-200509-17",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200509-17.xml"
          },
          {
            "name": "19575",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/19575"
          },
          {
            "name": "17",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/17"
          },
          {
            "name": "14889",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/14889"
          },
          {
            "name": "ADV-2005-1791",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2005/1791"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/83_e.html"
          },
          {
            "name": "MDKSA-2005:176",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:176"
          },
          {
            "name": "SUSE-SR:2005:024",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2005_24_sr.html"
          },
          {
            "name": "20050921 [SNS Advisory No.83] Webmin/Usermin PAM Authentication Bypass Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2005-09/0257.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.webmin.com/changes-1.230.html"
          },
          {
            "name": "JVN#40940493",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "http://jvn.jp/jp/JVN%2340940493/index.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.webmin.com/uchanges-1.160.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2005-09-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "miniserv.pl in Webmin before 1.230 and Usermin before 1.160, when \"full PAM conversations\" is enabled, allows remote attackers to bypass authentication by spoofing session IDs via certain metacharacters (line feed or carriage return)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2005-09-29T09:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "16858",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/16858"
        },
        {
          "name": "17282",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/17282"
        },
        {
          "name": "GLSA-200509-17",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200509-17.xml"
        },
        {
          "name": "19575",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/19575"
        },
        {
          "name": "17",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/17"
        },
        {
          "name": "14889",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/14889"
        },
        {
          "name": "ADV-2005-1791",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2005/1791"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/83_e.html"
        },
        {
          "name": "MDKSA-2005:176",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:176"
        },
        {
          "name": "SUSE-SR:2005:024",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2005_24_sr.html"
        },
        {
          "name": "20050921 [SNS Advisory No.83] Webmin/Usermin PAM Authentication Bypass Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2005-09/0257.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.webmin.com/changes-1.230.html"
        },
        {
          "name": "JVN#40940493",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "http://jvn.jp/jp/JVN%2340940493/index.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.webmin.com/uchanges-1.160.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-3042",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "miniserv.pl in Webmin before 1.230 and Usermin before 1.160, when \"full PAM conversations\" is enabled, allows remote attackers to bypass authentication by spoofing session IDs via certain metacharacters (line feed or carriage return)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "16858",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/16858"
            },
            {
              "name": "17282",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/17282"
            },
            {
              "name": "GLSA-200509-17",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200509-17.xml"
            },
            {
              "name": "19575",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/19575"
            },
            {
              "name": "17",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/17"
            },
            {
              "name": "14889",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/14889"
            },
            {
              "name": "ADV-2005-1791",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2005/1791"
            },
            {
              "name": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/83_e.html",
              "refsource": "MISC",
              "url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/83_e.html"
            },
            {
              "name": "MDKSA-2005:176",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:176"
            },
            {
              "name": "SUSE-SR:2005:024",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2005_24_sr.html"
            },
            {
              "name": "20050921 [SNS Advisory No.83] Webmin/Usermin PAM Authentication Bypass Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://archives.neohapsis.com/archives/bugtraq/2005-09/0257.html"
            },
            {
              "name": "http://www.webmin.com/changes-1.230.html",
              "refsource": "CONFIRM",
              "url": "http://www.webmin.com/changes-1.230.html"
            },
            {
              "name": "JVN#40940493",
              "refsource": "JVN",
              "url": "http://jvn.jp/jp/JVN%2340940493/index.html"
            },
            {
              "name": "http://www.webmin.com/uchanges-1.160.html",
              "refsource": "CONFIRM",
              "url": "http://www.webmin.com/uchanges-1.160.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2005-3042",
    "datePublished": "2005-09-22T04:00:00",
    "dateReserved": "2005-09-22T00:00:00",
    "dateUpdated": "2024-08-07T22:53:30.475Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2003-0101 (GCVE-0-2003-0101)
Vulnerability from cvelistv5
Published
2003-02-26 05:00
Modified
2024-08-08 01:43
Severity ?
CWE
  • n/a
Summary
miniserv.pl in (1) Webmin before 1.070 and (2) Usermin before 1.000 does not properly handle metacharacters such as line feeds and carriage returns (CRLF) in Base-64 encoded strings during Basic authentication, which allows remote attackers to spoof a session ID and gain root privileges.
References
http://www.debian.org/security/2003/dsa-319 vendor-advisory, x_refsource_DEBIAN
http://www.linuxsecurity.com/advisories/gentoo_advisory-2886.html x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=104610336226274&w=2 mailing-list, x_refsource_BUGTRAQ
http://www.ciac.org/ciac/bulletins/n-058.shtml third-party-advisory, government-resource, x_refsource_CIAC
http://secunia.com/advisories/8163 third-party-advisory, x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDKSA-2003:025 vendor-advisory, x_refsource_MANDRAKE
http://archives.neohapsis.com/archives/hp/2003-q1/0063.html vendor-advisory, x_refsource_HP
http://secunia.com/advisories/8115 third-party-advisory, x_refsource_SECUNIA
http://www.securitytracker.com/id?1006160 vdb-entry, x_refsource_SECTRACK
http://marc.info/?l=bugtraq&m=104610300325629&w=2 mailing-list, x_refsource_BUGTRAQ
http://archives.neohapsis.com/archives/linux/engarde/2003-q1/0008.html vendor-advisory, x_refsource_ENGARDE
http://marc.info/?l=webmin-announce&m=104587858408101&w=2 x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=104610245624895&w=2 mailing-list, x_refsource_BUGTRAQ
http://www.lac.co.jp/security/english/snsadv_e/62_e.html x_refsource_MISC
ftp://patches.sgi.com/support/free/security/advisories/20030602-01-I vendor-advisory, x_refsource_SGI
http://www.iss.net/security_center/static/11390.php vdb-entry, x_refsource_XF
http://www.securityfocus.com/bid/6915 vdb-entry, x_refsource_BID
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T01:43:35.586Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-319",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2003/dsa-319"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.linuxsecurity.com/advisories/gentoo_advisory-2886.html"
          },
          {
            "name": "20030224 GLSA:  usermin (200302-14)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=104610336226274\u0026w=2"
          },
          {
            "name": "N-058",
            "tags": [
              "third-party-advisory",
              "government-resource",
              "x_refsource_CIAC",
              "x_transferred"
            ],
            "url": "http://www.ciac.org/ciac/bulletins/n-058.shtml"
          },
          {
            "name": "8163",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/8163"
          },
          {
            "name": "MDKSA-2003:025",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRAKE",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:025"
          },
          {
            "name": "HPSBUX0303-250",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/hp/2003-q1/0063.html"
          },
          {
            "name": "8115",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/8115"
          },
          {
            "name": "1006160",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1006160"
          },
          {
            "name": "20030224 [SNS Advisory No.62] Webmin/Usermin Session ID Spoofing Vulnerability \"Episode 2\"",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=104610300325629\u0026w=2"
          },
          {
            "name": "ESA-20030225-006",
            "tags": [
              "vendor-advisory",
              "x_refsource_ENGARDE",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/linux/engarde/2003-q1/0008.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=webmin-announce\u0026m=104587858408101\u0026w=2"
          },
          {
            "name": "20030224 Webmin 1.050 - 1.060 remote exploit",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=104610245624895\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.lac.co.jp/security/english/snsadv_e/62_e.html"
          },
          {
            "name": "20030602-01-I",
            "tags": [
              "vendor-advisory",
              "x_refsource_SGI",
              "x_transferred"
            ],
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20030602-01-I"
          },
          {
            "name": "webmin-usermin-root-access(11390)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "http://www.iss.net/security_center/static/11390.php"
          },
          {
            "name": "6915",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/6915"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2003-02-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "miniserv.pl in (1) Webmin before 1.070 and (2) Usermin before 1.000 does not properly handle metacharacters such as line feeds and carriage returns (CRLF) in Base-64 encoded strings during Basic authentication, which allows remote attackers to spoof a session ID and gain root privileges."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-10-17T13:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "DSA-319",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2003/dsa-319"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.linuxsecurity.com/advisories/gentoo_advisory-2886.html"
        },
        {
          "name": "20030224 GLSA:  usermin (200302-14)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=104610336226274\u0026w=2"
        },
        {
          "name": "N-058",
          "tags": [
            "third-party-advisory",
            "government-resource",
            "x_refsource_CIAC"
          ],
          "url": "http://www.ciac.org/ciac/bulletins/n-058.shtml"
        },
        {
          "name": "8163",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/8163"
        },
        {
          "name": "MDKSA-2003:025",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRAKE"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:025"
        },
        {
          "name": "HPSBUX0303-250",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://archives.neohapsis.com/archives/hp/2003-q1/0063.html"
        },
        {
          "name": "8115",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/8115"
        },
        {
          "name": "1006160",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1006160"
        },
        {
          "name": "20030224 [SNS Advisory No.62] Webmin/Usermin Session ID Spoofing Vulnerability \"Episode 2\"",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=104610300325629\u0026w=2"
        },
        {
          "name": "ESA-20030225-006",
          "tags": [
            "vendor-advisory",
            "x_refsource_ENGARDE"
          ],
          "url": "http://archives.neohapsis.com/archives/linux/engarde/2003-q1/0008.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://marc.info/?l=webmin-announce\u0026m=104587858408101\u0026w=2"
        },
        {
          "name": "20030224 Webmin 1.050 - 1.060 remote exploit",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=104610245624895\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.lac.co.jp/security/english/snsadv_e/62_e.html"
        },
        {
          "name": "20030602-01-I",
          "tags": [
            "vendor-advisory",
            "x_refsource_SGI"
          ],
          "url": "ftp://patches.sgi.com/support/free/security/advisories/20030602-01-I"
        },
        {
          "name": "webmin-usermin-root-access(11390)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "http://www.iss.net/security_center/static/11390.php"
        },
        {
          "name": "6915",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/6915"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2003-0101",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "miniserv.pl in (1) Webmin before 1.070 and (2) Usermin before 1.000 does not properly handle metacharacters such as line feeds and carriage returns (CRLF) in Base-64 encoded strings during Basic authentication, which allows remote attackers to spoof a session ID and gain root privileges."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-319",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2003/dsa-319"
            },
            {
              "name": "http://www.linuxsecurity.com/advisories/gentoo_advisory-2886.html",
              "refsource": "CONFIRM",
              "url": "http://www.linuxsecurity.com/advisories/gentoo_advisory-2886.html"
            },
            {
              "name": "20030224 GLSA:  usermin (200302-14)",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=104610336226274\u0026w=2"
            },
            {
              "name": "N-058",
              "refsource": "CIAC",
              "url": "http://www.ciac.org/ciac/bulletins/n-058.shtml"
            },
            {
              "name": "8163",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/8163"
            },
            {
              "name": "MDKSA-2003:025",
              "refsource": "MANDRAKE",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:025"
            },
            {
              "name": "HPSBUX0303-250",
              "refsource": "HP",
              "url": "http://archives.neohapsis.com/archives/hp/2003-q1/0063.html"
            },
            {
              "name": "8115",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/8115"
            },
            {
              "name": "1006160",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1006160"
            },
            {
              "name": "20030224 [SNS Advisory No.62] Webmin/Usermin Session ID Spoofing Vulnerability \"Episode 2\"",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=104610300325629\u0026w=2"
            },
            {
              "name": "ESA-20030225-006",
              "refsource": "ENGARDE",
              "url": "http://archives.neohapsis.com/archives/linux/engarde/2003-q1/0008.html"
            },
            {
              "name": "http://marc.info/?l=webmin-announce\u0026m=104587858408101\u0026w=2",
              "refsource": "CONFIRM",
              "url": "http://marc.info/?l=webmin-announce\u0026m=104587858408101\u0026w=2"
            },
            {
              "name": "20030224 Webmin 1.050 - 1.060 remote exploit",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=104610245624895\u0026w=2"
            },
            {
              "name": "http://www.lac.co.jp/security/english/snsadv_e/62_e.html",
              "refsource": "MISC",
              "url": "http://www.lac.co.jp/security/english/snsadv_e/62_e.html"
            },
            {
              "name": "20030602-01-I",
              "refsource": "SGI",
              "url": "ftp://patches.sgi.com/support/free/security/advisories/20030602-01-I"
            },
            {
              "name": "webmin-usermin-root-access(11390)",
              "refsource": "XF",
              "url": "http://www.iss.net/security_center/static/11390.php"
            },
            {
              "name": "6915",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/6915"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2003-0101",
    "datePublished": "2003-02-26T05:00:00",
    "dateReserved": "2003-02-24T00:00:00",
    "dateUpdated": "2024-08-08T01:43:35.586Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2002-0757 (GCVE-0-2002-0757)
Vulnerability from cvelistv5
Published
2002-07-26 04:00
Modified
2024-08-08 03:03
Severity ?
CWE
  • n/a
Summary
(1) Webmin 0.96 and (2) Usermin 0.90 with password timeouts enabled allow local and possibly remote attackers to bypass authentication and gain privileges via certain control characters in the authentication information, which can force Webmin or Usermin to accept arbitrary username/session ID combinations.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T03:03:47.946Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "webmin-usermin-sessionid-spoof(9037)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "http://www.iss.net/security_center/static/9037.php"
          },
          {
            "name": "4700",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/4700"
          },
          {
            "name": "MDKSA-2002:033",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRAKE",
              "x_transferred"
            ],
            "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-033.php"
          },
          {
            "name": "20020508 [SNS Advisory No.53] Webmin/Usermin Session ID Spoofing Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://online.securityfocus.com/archive/1/271466"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2002-05-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "(1) Webmin 0.96 and (2) Usermin 0.90 with password timeouts enabled allow local and possibly remote attackers to bypass authentication and gain privileges via certain control characters in the authentication information, which can force Webmin or Usermin to accept arbitrary username/session ID combinations."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2002-07-31T09:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "webmin-usermin-sessionid-spoof(9037)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "http://www.iss.net/security_center/static/9037.php"
        },
        {
          "name": "4700",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/4700"
        },
        {
          "name": "MDKSA-2002:033",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRAKE"
          ],
          "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-033.php"
        },
        {
          "name": "20020508 [SNS Advisory No.53] Webmin/Usermin Session ID Spoofing Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://online.securityfocus.com/archive/1/271466"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2002-0757",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "(1) Webmin 0.96 and (2) Usermin 0.90 with password timeouts enabled allow local and possibly remote attackers to bypass authentication and gain privileges via certain control characters in the authentication information, which can force Webmin or Usermin to accept arbitrary username/session ID combinations."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "webmin-usermin-sessionid-spoof(9037)",
              "refsource": "XF",
              "url": "http://www.iss.net/security_center/static/9037.php"
            },
            {
              "name": "4700",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/4700"
            },
            {
              "name": "MDKSA-2002:033",
              "refsource": "MANDRAKE",
              "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-033.php"
            },
            {
              "name": "20020508 [SNS Advisory No.53] Webmin/Usermin Session ID Spoofing Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://online.securityfocus.com/archive/1/271466"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2002-0757",
    "datePublished": "2002-07-26T04:00:00",
    "dateReserved": "2002-07-25T00:00:00",
    "dateUpdated": "2024-08-08T03:03:47.946Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2006-3392 (GCVE-0-2006-3392)
Vulnerability from cvelistv5
Published
2006-07-06 20:00
Modified
2024-08-07 18:30
Severity ?
CWE
  • n/a
Summary
Webmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML, which allows remote attackers to read arbitrary files, as demonstrated using "..%01" sequences, which bypass the removal of "../" sequences before bytes such as "%01" are removed from the filename. NOTE: This is a different issue than CVE-2006-3274.
References
http://secunia.com/advisories/21365 third-party-advisory, x_refsource_SECUNIA
http://security.gentoo.org/glsa/glsa-200608-11.xml vendor-advisory, x_refsource_GENTOO
http://www.webmin.com/changes.html x_refsource_CONFIRM
http://www.securityfocus.com/archive/1/440125/100/0/threaded mailing-list, x_refsource_BUGTRAQ
http://secunia.com/advisories/21105 third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/bid/18744 vdb-entry, x_refsource_BID
http://www.securityfocus.com/archive/1/440493/100/0/threaded mailing-list, x_refsource_BUGTRAQ
http://www.securityfocus.com/archive/1/440466/100/0/threaded mailing-list, x_refsource_BUGTRAQ
http://www.kb.cert.org/vuls/id/999601 third-party-advisory, x_refsource_CERT-VN
http://www.debian.org/security/2006/dsa-1199 vendor-advisory, x_refsource_DEBIAN
http://attrition.org/pipermail/vim/2006-June/000912.html mailing-list, x_refsource_VIM
http://secunia.com/advisories/20892 third-party-advisory, x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDKSA-2006:125 vendor-advisory, x_refsource_MANDRIVA
http://www.vupen.com/english/advisories/2006/2612 vdb-entry, x_refsource_VUPEN
http://www.securityfocus.com/archive/1/439653/100/0/threaded mailing-list, x_refsource_BUGTRAQ
http://www.osvdb.org/26772 vdb-entry, x_refsource_OSVDB
http://secunia.com/advisories/22556 third-party-advisory, x_refsource_SECUNIA
http://attrition.org/pipermail/vim/2006-July/000923.html mailing-list, x_refsource_VIM
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T18:30:32.634Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "21365",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21365"
          },
          {
            "name": "GLSA-200608-11",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200608-11.xml"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.webmin.com/changes.html"
          },
          {
            "name": "20060710 Re: Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/440125/100/0/threaded"
          },
          {
            "name": "21105",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21105"
          },
          {
            "name": "18744",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/18744"
          },
          {
            "name": "20060715 Webmin / Usermin Arbitrary File Disclosure Vulnerability Perl",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/440493/100/0/threaded"
          },
          {
            "name": "20060715 Re: Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/440466/100/0/threaded"
          },
          {
            "name": "VU#999601",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/999601"
          },
          {
            "name": "DSA-1199",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2006/dsa-1199"
          },
          {
            "name": "20060630 Webmin traversal - changelog",
            "tags": [
              "mailing-list",
              "x_refsource_VIM",
              "x_transferred"
            ],
            "url": "http://attrition.org/pipermail/vim/2006-June/000912.html"
          },
          {
            "name": "20892",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20892"
          },
          {
            "name": "MDKSA-2006:125",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:125"
          },
          {
            "name": "ADV-2006-2612",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/2612"
          },
          {
            "name": "20060709 Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/439653/100/0/threaded"
          },
          {
            "name": "26772",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/26772"
          },
          {
            "name": "22556",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22556"
          },
          {
            "name": "20060711 Re: Webmin traversal - changelog",
            "tags": [
              "mailing-list",
              "x_refsource_VIM",
              "x_transferred"
            ],
            "url": "http://attrition.org/pipermail/vim/2006-July/000923.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-06-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Webmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML, which allows remote attackers to read arbitrary files, as demonstrated using \"..%01\" sequences, which bypass the removal of \"../\" sequences before bytes such as \"%01\" are removed from the filename.  NOTE: This is a different issue than CVE-2006-3274."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-18T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "21365",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21365"
        },
        {
          "name": "GLSA-200608-11",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200608-11.xml"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.webmin.com/changes.html"
        },
        {
          "name": "20060710 Re: Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/440125/100/0/threaded"
        },
        {
          "name": "21105",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21105"
        },
        {
          "name": "18744",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/18744"
        },
        {
          "name": "20060715 Webmin / Usermin Arbitrary File Disclosure Vulnerability Perl",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/440493/100/0/threaded"
        },
        {
          "name": "20060715 Re: Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/440466/100/0/threaded"
        },
        {
          "name": "VU#999601",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/999601"
        },
        {
          "name": "DSA-1199",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2006/dsa-1199"
        },
        {
          "name": "20060630 Webmin traversal - changelog",
          "tags": [
            "mailing-list",
            "x_refsource_VIM"
          ],
          "url": "http://attrition.org/pipermail/vim/2006-June/000912.html"
        },
        {
          "name": "20892",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20892"
        },
        {
          "name": "MDKSA-2006:125",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:125"
        },
        {
          "name": "ADV-2006-2612",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/2612"
        },
        {
          "name": "20060709 Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/439653/100/0/threaded"
        },
        {
          "name": "26772",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/26772"
        },
        {
          "name": "22556",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22556"
        },
        {
          "name": "20060711 Re: Webmin traversal - changelog",
          "tags": [
            "mailing-list",
            "x_refsource_VIM"
          ],
          "url": "http://attrition.org/pipermail/vim/2006-July/000923.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-3392",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Webmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML, which allows remote attackers to read arbitrary files, as demonstrated using \"..%01\" sequences, which bypass the removal of \"../\" sequences before bytes such as \"%01\" are removed from the filename.  NOTE: This is a different issue than CVE-2006-3274."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "21365",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21365"
            },
            {
              "name": "GLSA-200608-11",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200608-11.xml"
            },
            {
              "name": "http://www.webmin.com/changes.html",
              "refsource": "CONFIRM",
              "url": "http://www.webmin.com/changes.html"
            },
            {
              "name": "20060710 Re: Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/440125/100/0/threaded"
            },
            {
              "name": "21105",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21105"
            },
            {
              "name": "18744",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/18744"
            },
            {
              "name": "20060715 Webmin / Usermin Arbitrary File Disclosure Vulnerability Perl",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/440493/100/0/threaded"
            },
            {
              "name": "20060715 Re: Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/440466/100/0/threaded"
            },
            {
              "name": "VU#999601",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/999601"
            },
            {
              "name": "DSA-1199",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2006/dsa-1199"
            },
            {
              "name": "20060630 Webmin traversal - changelog",
              "refsource": "VIM",
              "url": "http://attrition.org/pipermail/vim/2006-June/000912.html"
            },
            {
              "name": "20892",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/20892"
            },
            {
              "name": "MDKSA-2006:125",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:125"
            },
            {
              "name": "ADV-2006-2612",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/2612"
            },
            {
              "name": "20060709 Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/439653/100/0/threaded"
            },
            {
              "name": "26772",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/26772"
            },
            {
              "name": "22556",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22556"
            },
            {
              "name": "20060711 Re: Webmin traversal - changelog",
              "refsource": "VIM",
              "url": "http://attrition.org/pipermail/vim/2006-July/000923.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-3392",
    "datePublished": "2006-07-06T20:00:00",
    "dateReserved": "2006-07-06T00:00:00",
    "dateUpdated": "2024-08-07T18:30:32.634Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2006-4542 (GCVE-0-2006-4542)
Vulnerability from cvelistv5
Published
2006-09-05 23:00
Modified
2024-08-07 19:14
Severity ?
CWE
  • n/a
Summary
Webmin before 1.296 and Usermin before 1.226 do not properly handle a URL with a null ("%00") character, which allows remote attackers to conduct cross-site scripting (XSS), read CGI program source code, list directories, and possibly execute programs.
References
http://jvn.jp/jp/JVN%2399776858/index.html third-party-advisory, x_refsource_JVN
http://www.securityfocus.com/bid/19820 vdb-entry, x_refsource_BID
http://secunia.com/advisories/22114 third-party-advisory, x_refsource_SECUNIA
http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/89_e.html x_refsource_MISC
http://www.vupen.com/english/advisories/2006/3424 vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/21690 third-party-advisory, x_refsource_SECUNIA
http://www.debian.org/security/2006/dsa-1199 vendor-advisory, x_refsource_DEBIAN
http://www.osvdb.org/28338 vdb-entry, x_refsource_OSVDB
http://secunia.com/advisories/22087 third-party-advisory, x_refsource_SECUNIA
http://www.osvdb.org/28337 vdb-entry, x_refsource_OSVDB
http://www.mandriva.com/security/advisories?name=MDKSA-2006:170 vendor-advisory, x_refsource_MANDRIVA
http://securitytracker.com/id?1016776 vdb-entry, x_refsource_SECTRACK
http://webmin.com/security.html x_refsource_CONFIRM
http://secunia.com/advisories/22556 third-party-advisory, x_refsource_SECUNIA
http://securitytracker.com/id?1016777 vdb-entry, x_refsource_SECTRACK
https://exchange.xforce.ibmcloud.com/vulnerabilities/28699 vdb-entry, x_refsource_XF
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T19:14:47.503Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "JVN#99776858",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "http://jvn.jp/jp/JVN%2399776858/index.html"
          },
          {
            "name": "19820",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/19820"
          },
          {
            "name": "22114",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22114"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/89_e.html"
          },
          {
            "name": "ADV-2006-3424",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3424"
          },
          {
            "name": "21690",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21690"
          },
          {
            "name": "DSA-1199",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2006/dsa-1199"
          },
          {
            "name": "28338",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/28338"
          },
          {
            "name": "22087",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22087"
          },
          {
            "name": "28337",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/28337"
          },
          {
            "name": "MDKSA-2006:170",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:170"
          },
          {
            "name": "1016776",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1016776"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://webmin.com/security.html"
          },
          {
            "name": "22556",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22556"
          },
          {
            "name": "1016777",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1016777"
          },
          {
            "name": "webmin-usermin-source-disclosure(28699)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28699"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-08-31T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Webmin before 1.296 and Usermin before 1.226 do not properly handle a URL with a null (\"%00\") character, which allows remote attackers to conduct cross-site scripting (XSS), read CGI program source code, list directories, and possibly execute programs."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-19T15:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "JVN#99776858",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "http://jvn.jp/jp/JVN%2399776858/index.html"
        },
        {
          "name": "19820",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/19820"
        },
        {
          "name": "22114",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22114"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/89_e.html"
        },
        {
          "name": "ADV-2006-3424",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3424"
        },
        {
          "name": "21690",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21690"
        },
        {
          "name": "DSA-1199",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2006/dsa-1199"
        },
        {
          "name": "28338",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/28338"
        },
        {
          "name": "22087",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22087"
        },
        {
          "name": "28337",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/28337"
        },
        {
          "name": "MDKSA-2006:170",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:170"
        },
        {
          "name": "1016776",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1016776"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://webmin.com/security.html"
        },
        {
          "name": "22556",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22556"
        },
        {
          "name": "1016777",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1016777"
        },
        {
          "name": "webmin-usermin-source-disclosure(28699)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28699"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-4542",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Webmin before 1.296 and Usermin before 1.226 do not properly handle a URL with a null (\"%00\") character, which allows remote attackers to conduct cross-site scripting (XSS), read CGI program source code, list directories, and possibly execute programs."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "JVN#99776858",
              "refsource": "JVN",
              "url": "http://jvn.jp/jp/JVN%2399776858/index.html"
            },
            {
              "name": "19820",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/19820"
            },
            {
              "name": "22114",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22114"
            },
            {
              "name": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/89_e.html",
              "refsource": "MISC",
              "url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/89_e.html"
            },
            {
              "name": "ADV-2006-3424",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/3424"
            },
            {
              "name": "21690",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21690"
            },
            {
              "name": "DSA-1199",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2006/dsa-1199"
            },
            {
              "name": "28338",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/28338"
            },
            {
              "name": "22087",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22087"
            },
            {
              "name": "28337",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/28337"
            },
            {
              "name": "MDKSA-2006:170",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:170"
            },
            {
              "name": "1016776",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1016776"
            },
            {
              "name": "http://webmin.com/security.html",
              "refsource": "CONFIRM",
              "url": "http://webmin.com/security.html"
            },
            {
              "name": "22556",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22556"
            },
            {
              "name": "1016777",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1016777"
            },
            {
              "name": "webmin-usermin-source-disclosure(28699)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28699"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-4542",
    "datePublished": "2006-09-05T23:00:00",
    "dateReserved": "2006-09-05T00:00:00",
    "dateUpdated": "2024-08-07T19:14:47.503Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2005-1177 (GCVE-0-2005-1177)
Vulnerability from cvelistv5
Published
2005-04-19 04:00
Modified
2024-08-07 21:44
Severity ?
CWE
  • n/a
Summary
Unknown vulnerability in (1) Webmin and (2) Usermin before 1.200 causes Webmin to change permissions and ownership of configuration files, with unknown impact.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T21:44:05.268Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.webmin.com/changes.html"
          },
          {
            "name": "1013723",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1013723"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.webmin.com/uchanges.html"
          },
          {
            "name": "webmin-config-file-permissions(20607)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20607"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2005-04-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unknown vulnerability in (1) Webmin and (2) Usermin before 1.200 causes Webmin to change permissions and ownership of configuration files, with unknown impact."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.webmin.com/changes.html"
        },
        {
          "name": "1013723",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1013723"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.webmin.com/uchanges.html"
        },
        {
          "name": "webmin-config-file-permissions(20607)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20607"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-1177",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unknown vulnerability in (1) Webmin and (2) Usermin before 1.200 causes Webmin to change permissions and ownership of configuration files, with unknown impact."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.webmin.com/changes.html",
              "refsource": "CONFIRM",
              "url": "http://www.webmin.com/changes.html"
            },
            {
              "name": "1013723",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1013723"
            },
            {
              "name": "http://www.webmin.com/uchanges.html",
              "refsource": "CONFIRM",
              "url": "http://www.webmin.com/uchanges.html"
            },
            {
              "name": "webmin-config-file-permissions(20607)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20607"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2005-1177",
    "datePublished": "2005-04-19T04:00:00",
    "dateReserved": "2005-04-19T00:00:00",
    "dateUpdated": "2024-08-07T21:44:05.268Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2007-1276 (GCVE-0-2007-1276)
Vulnerability from cvelistv5
Published
2007-03-05 20:00
Modified
2024-08-07 12:50
Severity ?
CWE
  • n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in chooser.cgi in Webmin before 1.330 and Usermin before 1.260 allow remote attackers to inject arbitrary web script or HTML via a crafted filename.
References
http://www.webmin.com/security.html x_refsource_CONFIRM
http://osvdb.org/33832 vdb-entry, x_refsource_OSVDB
http://secunia.com/advisories/24321 third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2007/0780 vdb-entry, x_refsource_VUPEN
http://www.securitytracker.com/id?1017711 vdb-entry, x_refsource_SECTRACK
http://www.webmin.com/changes-1.330.html x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/32725 vdb-entry, x_refsource_XF
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T12:50:34.879Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.webmin.com/security.html"
          },
          {
            "name": "33832",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/33832"
          },
          {
            "name": "24321",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24321"
          },
          {
            "name": "ADV-2007-0780",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/0780"
          },
          {
            "name": "1017711",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1017711"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.webmin.com/changes-1.330.html"
          },
          {
            "name": "webmin-chooser-xss(32725)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32725"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-02-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in chooser.cgi in Webmin before 1.330 and Usermin before 1.260 allow remote attackers to inject arbitrary web script or HTML via a crafted filename."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.webmin.com/security.html"
        },
        {
          "name": "33832",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/33832"
        },
        {
          "name": "24321",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24321"
        },
        {
          "name": "ADV-2007-0780",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/0780"
        },
        {
          "name": "1017711",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1017711"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.webmin.com/changes-1.330.html"
        },
        {
          "name": "webmin-chooser-xss(32725)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32725"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-1276",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in chooser.cgi in Webmin before 1.330 and Usermin before 1.260 allow remote attackers to inject arbitrary web script or HTML via a crafted filename."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.webmin.com/security.html",
              "refsource": "CONFIRM",
              "url": "http://www.webmin.com/security.html"
            },
            {
              "name": "33832",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/33832"
            },
            {
              "name": "24321",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24321"
            },
            {
              "name": "ADV-2007-0780",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/0780"
            },
            {
              "name": "1017711",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1017711"
            },
            {
              "name": "http://www.webmin.com/changes-1.330.html",
              "refsource": "CONFIRM",
              "url": "http://www.webmin.com/changes-1.330.html"
            },
            {
              "name": "webmin-chooser-xss(32725)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32725"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-1276",
    "datePublished": "2007-03-05T20:00:00",
    "dateReserved": "2007-03-05T00:00:00",
    "dateUpdated": "2024-08-07T12:50:34.879Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2004-0559 (GCVE-0-2004-0559)
Vulnerability from cvelistv5
Published
2004-09-24 04:00
Modified
2024-08-08 00:24
Severity ?
CWE
  • n/a
Summary
The maketemp.pl script in Usermin 1.070 and 1.080 allows local users to overwrite arbitrary files at install time via a symlink attack on the /tmp/.usermin directory.
References
http://www.webmin.com/uchanges-1.089.html x_refsource_CONFIRM
http://www.securityfocus.com/bid/11153 vdb-entry, x_refsource_BID
http://secunia.com/advisories/12488/ third-party-advisory, x_refsource_SECUNIA
http://www.gentoo.org/security/en/glsa/glsa-200409-15.xml vendor-advisory, x_refsource_GENTOO
https://exchange.xforce.ibmcloud.com/vulnerabilities/17299 vdb-entry, x_refsource_XF
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T00:24:25.802Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.webmin.com/uchanges-1.089.html"
          },
          {
            "name": "11153",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/11153"
          },
          {
            "name": "12488",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/12488/"
          },
          {
            "name": "GLSA-200409-15",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200409-15.xml"
          },
          {
            "name": "usermin-installation-unspecified(17299)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17299"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-09-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The maketemp.pl script in Usermin 1.070 and 1.080 allows local users to overwrite arbitrary files at install time via a symlink attack on the /tmp/.usermin directory."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.webmin.com/uchanges-1.089.html"
        },
        {
          "name": "11153",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/11153"
        },
        {
          "name": "12488",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/12488/"
        },
        {
          "name": "GLSA-200409-15",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200409-15.xml"
        },
        {
          "name": "usermin-installation-unspecified(17299)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17299"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-0559",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The maketemp.pl script in Usermin 1.070 and 1.080 allows local users to overwrite arbitrary files at install time via a symlink attack on the /tmp/.usermin directory."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.webmin.com/uchanges-1.089.html",
              "refsource": "CONFIRM",
              "url": "http://www.webmin.com/uchanges-1.089.html"
            },
            {
              "name": "11153",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/11153"
            },
            {
              "name": "12488",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/12488/"
            },
            {
              "name": "GLSA-200409-15",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200409-15.xml"
            },
            {
              "name": "usermin-installation-unspecified(17299)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17299"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-0559",
    "datePublished": "2004-09-24T04:00:00",
    "dateReserved": "2004-06-14T00:00:00",
    "dateUpdated": "2024-08-08T00:24:25.802Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2004-0588 (GCVE-0-2004-0588)
Vulnerability from cvelistv5
Published
2004-06-23 04:00
Modified
2024-08-08 00:24
Severity ?
CWE
  • n/a
Summary
Cross-site scripting (XSS) vulnerability in the web mail module for Usermin 1.070 allows remote attackers to insert arbitrary HTML and script via e-mail messages.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T00:24:26.181Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "GLSA-200406-15",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200406-15.xml"
          },
          {
            "name": "20040611 [SNS Advisory No.73] Usermin Cross-site Scripting Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=108781564518287\u0026w=2"
          },
          {
            "name": "10521",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/10521"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/73_e.html"
          },
          {
            "name": "usermin-email-xss(16494)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16494"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-06-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in the web mail module for Usermin 1.070 allows remote attackers to insert arbitrary HTML and script via e-mail messages."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "GLSA-200406-15",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200406-15.xml"
        },
        {
          "name": "20040611 [SNS Advisory No.73] Usermin Cross-site Scripting Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=108781564518287\u0026w=2"
        },
        {
          "name": "10521",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/10521"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/73_e.html"
        },
        {
          "name": "usermin-email-xss(16494)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16494"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-0588",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in the web mail module for Usermin 1.070 allows remote attackers to insert arbitrary HTML and script via e-mail messages."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "GLSA-200406-15",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200406-15.xml"
            },
            {
              "name": "20040611 [SNS Advisory No.73] Usermin Cross-site Scripting Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=108781564518287\u0026w=2"
            },
            {
              "name": "10521",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/10521"
            },
            {
              "name": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/73_e.html",
              "refsource": "MISC",
              "url": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/73_e.html"
            },
            {
              "name": "usermin-email-xss(16494)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16494"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-0588",
    "datePublished": "2004-06-23T04:00:00",
    "dateReserved": "2004-06-21T00:00:00",
    "dateUpdated": "2024-08-08T00:24:26.181Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2006-4246 (GCVE-0-2006-4246)
Vulnerability from cvelistv5
Published
2006-09-19 18:00
Modified
2024-08-07 19:06
Severity ?
CWE
  • n/a
Summary
Usermin before 1.220 (20060629) allows remote attackers to read arbitrary files, possibly related to chfn/save.cgi not properly handling an empty shell parameter, which results in changing root's shell instead of the shell of a specified user.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T19:06:07.026Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "21968",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21968"
          },
          {
            "name": "21981",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21981"
          },
          {
            "name": "18574",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/18574"
          },
          {
            "name": "usermin-shell-dos(29010)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29010"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.webmin.com/uchanges.html"
          },
          {
            "name": "ADV-2006-3668",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3668"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.osreviews.net/reviews/admin/usermin"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1509145\u0026group_id=17457\u0026atid=485894"
          },
          {
            "name": "DSA-1177",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2006/dsa-1177"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-06-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Usermin before 1.220 (20060629) allows remote attackers to read arbitrary files, possibly related to chfn/save.cgi not properly handling an empty shell parameter, which results in changing root\u0027s shell instead of the shell of a specified user."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-19T15:57:01",
        "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "shortName": "debian"
      },
      "references": [
        {
          "name": "21968",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21968"
        },
        {
          "name": "21981",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21981"
        },
        {
          "name": "18574",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/18574"
        },
        {
          "name": "usermin-shell-dos(29010)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29010"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.webmin.com/uchanges.html"
        },
        {
          "name": "ADV-2006-3668",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3668"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.osreviews.net/reviews/admin/usermin"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1509145\u0026group_id=17457\u0026atid=485894"
        },
        {
          "name": "DSA-1177",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2006/dsa-1177"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@debian.org",
          "ID": "CVE-2006-4246",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Usermin before 1.220 (20060629) allows remote attackers to read arbitrary files, possibly related to chfn/save.cgi not properly handling an empty shell parameter, which results in changing root\u0027s shell instead of the shell of a specified user."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "21968",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21968"
            },
            {
              "name": "21981",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21981"
            },
            {
              "name": "18574",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/18574"
            },
            {
              "name": "usermin-shell-dos(29010)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29010"
            },
            {
              "name": "http://www.webmin.com/uchanges.html",
              "refsource": "CONFIRM",
              "url": "http://www.webmin.com/uchanges.html"
            },
            {
              "name": "ADV-2006-3668",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/3668"
            },
            {
              "name": "http://www.osreviews.net/reviews/admin/usermin",
              "refsource": "MISC",
              "url": "http://www.osreviews.net/reviews/admin/usermin"
            },
            {
              "name": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1509145\u0026group_id=17457\u0026atid=485894",
              "refsource": "CONFIRM",
              "url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1509145\u0026group_id=17457\u0026atid=485894"
            },
            {
              "name": "DSA-1177",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2006/dsa-1177"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
    "assignerShortName": "debian",
    "cveId": "CVE-2006-4246",
    "datePublished": "2006-09-19T18:00:00",
    "dateReserved": "2006-08-21T00:00:00",
    "dateUpdated": "2024-08-07T19:06:07.026Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}