All the vulnerabilites related to Webmin Project - Usermin
jvndb-2014-000058
Vulnerability from jvndb
Published
2014-06-20 13:56
Modified
2014-07-23 10:59
Summary
Usermin vulnerable to cross-site scripting
Details
Usermin is a web-based interface used to manage webmail. Usermin contains a cross-site scripting vulnerability.
Keigo Yamazaki of LAC Co., Ltd reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product |
|---|---|
| Webmin Project | Usermin |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000058.html",
"dc:date": "2014-07-23T10:59+09:00",
"dcterms:issued": "2014-06-20T13:56+09:00",
"dcterms:modified": "2014-07-23T10:59+09:00",
"description": "Usermin is a web-based interface used to manage webmail. Usermin contains a cross-site scripting vulnerability.\r\n\r\nKeigo Yamazaki of LAC Co., Ltd reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000058.html",
"sec:cpe": {
"#text": "cpe:/a:webmin:usermin",
"@product": "Usermin",
"@vendor": "Webmin Project",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2014-000058",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN92737498/index.html",
"@id": "JVN#92737498",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3884",
"@id": "CVE-2014-3884",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3884",
"@id": "CVE-2014-3884",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Usermin vulnerable to cross-site scripting"
}
jvndb-2016-000202
Vulnerability from jvndb
Published
2016-10-07 13:50
Modified
2017-05-16 17:52
Severity
Summary
Usermin cross-site scripting vulnerabilties
Details
Usermin is a web-based interface used to manage webmail. Usermin contains reflected cross-site scripting vulnerabilities in /filter/save_forward.cgi, /filter/save.cgi and /man/search.cgi.
Toshinobu Honjo of NTT Communications Corporation reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL |
|---|---|
| JVN | http://jvn.jp/en/jp/JVN32504719/index.html |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4897 |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2016-4897 |
| Cross-site Scripting(CWE-79) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| Vendor | Product |
|---|---|
| Webmin Project | Usermin |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000202.html",
"dc:date": "2017-05-16T17:52+09:00",
"dcterms:issued": "2016-10-07T13:50+09:00",
"dcterms:modified": "2017-05-16T17:52+09:00",
"description": "Usermin is a web-based interface used to manage webmail. Usermin contains reflected cross-site scripting vulnerabilities in /filter/save_forward.cgi, /filter/save.cgi and /man/search.cgi.\r\n\r\nToshinobu Honjo of NTT Communications Corporation reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000202.html",
"sec:cpe": {
"#text": "cpe:/a:webmin:usermin",
"@product": "Usermin",
"@vendor": "Webmin Project",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "6.1",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000202",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN32504719/index.html",
"@id": "JVN#32504719",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4897",
"@id": "CVE-2016-4897",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-4897",
"@id": "CVE-2016-4897",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Usermin cross-site scripting vulnerabilties"
}
jvndb-2014-000057
Vulnerability from jvndb
Published
2014-06-20 13:56
Modified
2014-06-24 13:44
Summary
Usermin vulnerable to OS command injection
Details
Usermin is a web-based interface used to manage webmail. Usermin contains an OS command injection vulnerability.
Keigo Yamazaki of LAC Co., Ltd reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL |
|---|---|
| JVN | http://jvn.jp/en/jp/JVN48805624/index.html |
| CVE | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3883 |
| NVD | http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3883 |
| IPA SECURITY ALERTS | http://www.ipa.go.jp/security/ciadr/vul/20140620-jvn.html |
| OS Command Injection(CWE-78) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| Vendor | Product |
|---|---|
| Webmin Project | Usermin |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000057.html",
"dc:date": "2014-06-24T13:44+09:00",
"dcterms:issued": "2014-06-20T13:56+09:00",
"dcterms:modified": "2014-06-24T13:44+09:00",
"description": "Usermin is a web-based interface used to manage webmail. Usermin contains an OS command injection vulnerability.\r\n\r\nKeigo Yamazaki of LAC Co., Ltd reported this vulnerability to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000057.html",
"sec:cpe": {
"#text": "cpe:/a:webmin:usermin",
"@product": "Usermin",
"@vendor": "Webmin Project",
"@version": "2.2"
},
"sec:cvss": {
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2014-000057",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN48805624/index.html",
"@id": "JVN#48805624",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3883",
"@id": "CVE-2014-3883",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3883",
"@id": "CVE-2014-3883",
"@source": "NVD"
},
{
"#text": "http://www.ipa.go.jp/security/ciadr/vul/20140620-jvn.html",
"@id": "Security Alert for Usermin vulnerable to OS command injection (JVN#48805624)",
"@source": "IPA SECURITY ALERTS"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-78",
"@title": "OS Command Injection(CWE-78)"
}
],
"title": "Usermin vulnerable to OS command injection"
}
jvndb-2024-000059
Vulnerability from jvndb
Published
2024-07-09 14:27
Modified
2024-07-09 14:27
Severity
Summary
Multiple vulnerabilities in multiple Webmin products
Details
Multiple Webmin products contain multiple vulnerabilities listed below.
* sysinfo.cgi is vulnerable to cross-site scripting (CWE-79)
CVE-2024-36450
* session_login.cgi is vulnerable to cross-site scripting (CWE-79)
CVE-2024-36453
* ajaxterm module is vulnerable to improper handling of insufficient permissions or privileges (CWE-280)
CVE-2024-36451
* ajaxterm module is vulnerable to cross-site request forgery (CWE-352)
CVE-2024-36452
CVE-2024-36450, CVE-2024-36451, CVE-2024-36452
Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2024-36453
hibiki moriyama of STNet, Incorporated reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL |
|---|---|
| JVN | https://jvn.jp/en/jp/JVN81442045/index.html |
| CVE | https://www.cve.org/CVERecord?id=CVE-2024-36450 |
| CVE | https://www.cve.org/CVERecord?id=CVE-2024-36451 |
| CVE | https://www.cve.org/CVERecord?id=CVE-2024-36452 |
| CVE | https://www.cve.org/CVERecord?id=CVE-2024-36453 |
| Cross-Site Request Forgery(CWE-352) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
| Cross-site Scripting(CWE-79) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
| No Mapping(CWE-Other) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| Vendor | Product |
|---|---|
| Webmin Project | Usermin |
| Webmin Project | Webmin |
| Webmin Project | Webmin |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000059.html",
"dc:date": "2024-07-09T14:27+09:00",
"dcterms:issued": "2024-07-09T14:27+09:00",
"dcterms:modified": "2024-07-09T14:27+09:00",
"description": "Multiple Webmin products contain multiple vulnerabilities listed below.\r\n * sysinfo.cgi is vulnerable to cross-site scripting (CWE-79)\r\n CVE-2024-36450\r\n * session_login.cgi is vulnerable to cross-site scripting (CWE-79)\r\n CVE-2024-36453\r\n * ajaxterm module is vulnerable to improper handling of insufficient permissions or privileges (CWE-280)\r\n CVE-2024-36451\r\n * ajaxterm module is vulnerable to cross-site request forgery (CWE-352)\r\n CVE-2024-36452\r\n\r\nCVE-2024-36450, CVE-2024-36451, CVE-2024-36452\r\nToshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2024-36453\r\nhibiki moriyama of STNet, Incorporated reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000059.html",
"sec:cpe": [
{
"#text": "cpe:/a:webmin:usermin",
"@product": "Usermin",
"@vendor": "Webmin Project",
"@version": "2.2"
},
{
"#text": "cpe:/a:webmin:webmin",
"@product": "Webmin",
"@vendor": "Webmin Project",
"@version": "2.2"
},
{
"#text": "cpe:/a:webmin:webmin",
"@product": "Webmin",
"@vendor": "Webmin Project",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "8.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2024-000059",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN81442045/index.html",
"@id": "JVN#81442045",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-36450",
"@id": "CVE-2024-36450",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-36451",
"@id": "CVE-2024-36451",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-36452",
"@id": "CVE-2024-36452",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-36453",
"@id": "CVE-2024-36453",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-352",
"@title": "Cross-Site Request Forgery(CWE-352)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple vulnerabilities in multiple Webmin products"
}
jvndb-2006-000939
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Summary
Multiple vulnerabilities in Webmin and Usermin
Details
Webmin and Usermin, web-based system management tools, contain the following vulnerabilities:
- Execution of arbitrary files and viewing source code by bypassing Webmin and Usermin's access restrictions
- Cross-site scripting
We are aware that these vulnerabilities have been addressed in Webmin development version 1.297 and Usermin development version 1.226, as of August 31, 2006. Please refer to "Development Versions of Webmin and Usermin" on the vendor's website for information on the latest versions of the software.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000939.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "Webmin and Usermin, web-based system management tools, contain the following vulnerabilities:\r\n\r\n- Execution of arbitrary files and viewing source code by bypassing Webmin and Usermin\u0027s access restrictions\r\n- Cross-site scripting\r\n\r\nWe are aware that these vulnerabilities have been addressed in Webmin development version 1.297 and Usermin development version 1.226, as of August 31, 2006. Please refer to \"Development Versions of Webmin and Usermin\" on the vendor\u0027s website for information on the latest versions of the software.",
"link": "https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000939.html",
"sec:cpe": [
{
"#text": "cpe:/a:webmin:usermin",
"@product": "Usermin",
"@vendor": "Webmin Project",
"@version": "2.2"
},
{
"#text": "cpe:/a:webmin:webmin",
"@product": "Webmin",
"@vendor": "Webmin Project",
"@version": "2.2"
},
{
"#text": "cpe:/o:misc:miraclelinux_asianux_server",
"@product": "Asianux Server",
"@vendor": "Cybertrust Japan Co., Ltd.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2006-000939",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN99776858/index.html",
"@id": "JVN#99776858",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4542",
"@id": "CVE-2006-4542",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4542",
"@id": "CVE-2006-4542",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/21690",
"@id": "SA21690",
"@source": "SECUNIA"
},
{
"#text": "http://secunia.com/advisories/22114",
"@id": "SA22114",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/19820",
"@id": "19820",
"@source": "BID"
},
{
"#text": "http://xforce.iss.net/xforce/xfdb/28699",
"@id": "28699",
"@source": "XF"
},
{
"#text": "http://securitytracker.com/id?1016776",
"@id": "1016776",
"@source": "SECTRACK"
},
{
"#text": "http://securitytracker.com/id?1016777",
"@id": "1016777",
"@source": "SECTRACK"
},
{
"#text": "http://www.frsirt.com/english/advisories/2006/3424",
"@id": "FrSIRT/ADV-2006-3424",
"@source": "FRSIRT"
}
],
"title": "Multiple vulnerabilities in Webmin and Usermin"
}
jvndb-2005-000537
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Summary
Webmin and Usermin authentication bypass vulnerability
Details
Webmin and Usermin, web-based system management tools for UNIX, contain a vulnerability which may allow a remote attacker to bypass authentication when PAM authentication is used.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000537.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "Webmin and Usermin, web-based system management tools for UNIX, contain a vulnerability which may allow a remote attacker to bypass authentication when PAM authentication is used.",
"link": "https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000537.html",
"sec:cpe": [
{
"#text": "cpe:/a:webmin:usermin",
"@product": "Usermin",
"@vendor": "Webmin Project",
"@version": "2.2"
},
{
"#text": "cpe:/a:webmin:webmin",
"@product": "Webmin",
"@vendor": "Webmin Project",
"@version": "2.2"
},
{
"#text": "cpe:/o:misc:miraclelinux_asianux_server",
"@product": "Asianux Server",
"@vendor": "Cybertrust Japan Co., Ltd.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "9.3",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2005-000537",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN40940493/index.html",
"@id": "JVN#40940493",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3042",
"@id": "CVE-2005-3042",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-3042",
"@id": "CVE-2005-3042",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/16858/",
"@id": "SA16858",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/14889",
"@id": "14889",
"@source": "BID"
},
{
"#text": "http://www.frsirt.com/english/advisories/2005/1791",
"@id": "FrSIRT/ADV-2005-1791",
"@source": "FRSIRT"
}
],
"title": "Webmin and Usermin authentication bypass vulnerability"
}
jvndb-2006-000938
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Summary
Webmin directory traversal vulnerability
Details
Webmin is a web-based system management tool.
Webmin contains a directory traversal vulnerability which allows to bypass authentication.
As of June 30, 2006, patched versions of the module addressing this vulnerability for all OS platforms are available from the vendor. This vulnerability was originally reported as an issue specific to the Windows platform. The vendor announces that the vulnerability affects the product on any OS platforms.
References
Impacted products
| Vendor | Product |
|---|---|
| Webmin Project | Usermin |
| Webmin Project | Webmin |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000938.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "Webmin is a web-based system management tool.\r\nWebmin contains a directory traversal vulnerability which allows to bypass authentication.\r\n\r\nAs of June 30, 2006, patched versions of the module addressing this vulnerability for all OS platforms are available from the vendor. This vulnerability was originally reported as an issue specific to the Windows platform. The vendor announces that the vulnerability affects the product on any OS platforms.",
"link": "https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000938.html",
"sec:cpe": [
{
"#text": "cpe:/a:webmin:usermin",
"@product": "Usermin",
"@vendor": "Webmin Project",
"@version": "2.2"
},
{
"#text": "cpe:/a:webmin:webmin",
"@product": "Webmin",
"@vendor": "Webmin Project",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2006-000938",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN67974490/index.html",
"@id": "JVN#67974490",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3274",
"@id": "CVE-2006-3274",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-3274",
"@id": "CVE-2006-3274",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/20777",
"@id": "SA20777",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/18613",
"@id": "18613",
"@source": "BID"
},
{
"#text": "http://xforce.iss.net/xforce/xfdb/27366",
"@id": "27366",
"@source": "XF"
},
{
"#text": "http://securitytracker.com/id?1016375",
"@id": "1016375",
"@source": "SECTRACK"
},
{
"#text": "http://www.frsirt.com/english/advisories/2006/2493",
"@id": "FrSIRT/ADV-2006-2493",
"@source": "FRSIRT"
}
],
"title": "Webmin directory traversal vulnerability"
}