All the vulnerabilites related to usermin - usermin
cve-2004-0559
Vulnerability from cvelistv5
Published
2004-09-24 04:00
Modified
2024-08-08 00:24
Severity ?
Summary
The maketemp.pl script in Usermin 1.070 and 1.080 allows local users to overwrite arbitrary files at install time via a symlink attack on the /tmp/.usermin directory.
References
http://www.webmin.com/uchanges-1.089.htmlx_refsource_CONFIRM
http://www.securityfocus.com/bid/11153vdb-entry, x_refsource_BID
http://secunia.com/advisories/12488/third-party-advisory, x_refsource_SECUNIA
http://www.gentoo.org/security/en/glsa/glsa-200409-15.xmlvendor-advisory, x_refsource_GENTOO
https://exchange.xforce.ibmcloud.com/vulnerabilities/17299vdb-entry, x_refsource_XF
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T00:24:25.802Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.webmin.com/uchanges-1.089.html"
          },
          {
            "name": "11153",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/11153"
          },
          {
            "name": "12488",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/12488/"
          },
          {
            "name": "GLSA-200409-15",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200409-15.xml"
          },
          {
            "name": "usermin-installation-unspecified(17299)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17299"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-09-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The maketemp.pl script in Usermin 1.070 and 1.080 allows local users to overwrite arbitrary files at install time via a symlink attack on the /tmp/.usermin directory."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.webmin.com/uchanges-1.089.html"
        },
        {
          "name": "11153",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/11153"
        },
        {
          "name": "12488",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/12488/"
        },
        {
          "name": "GLSA-200409-15",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200409-15.xml"
        },
        {
          "name": "usermin-installation-unspecified(17299)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17299"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-0559",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The maketemp.pl script in Usermin 1.070 and 1.080 allows local users to overwrite arbitrary files at install time via a symlink attack on the /tmp/.usermin directory."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.webmin.com/uchanges-1.089.html",
              "refsource": "CONFIRM",
              "url": "http://www.webmin.com/uchanges-1.089.html"
            },
            {
              "name": "11153",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/11153"
            },
            {
              "name": "12488",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/12488/"
            },
            {
              "name": "GLSA-200409-15",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200409-15.xml"
            },
            {
              "name": "usermin-installation-unspecified(17299)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17299"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-0559",
    "datePublished": "2004-09-24T04:00:00",
    "dateReserved": "2004-06-14T00:00:00",
    "dateUpdated": "2024-08-08T00:24:25.802Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2004-0583
Vulnerability from cvelistv5
Published
2004-06-23 04:00
Modified
2024-08-08 00:24
Severity ?
Summary
The account lockout functionality in (1) Webmin 1.140 and (2) Usermin 1.070 does not parse certain character strings, which allows remote attackers to conduct a brute force attack to guess user IDs and passwords.
References
http://www.securityfocus.com/bid/10474vdb-entry, x_refsource_BID
http://www.debian.org/security/2004/dsa-526vendor-advisory, x_refsource_DEBIAN
https://exchange.xforce.ibmcloud.com/vulnerabilities/16334vdb-entry, x_refsource_XF
http://www.securityfocus.com/bid/10523vdb-entry, x_refsource_BID
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:074vendor-advisory, x_refsource_MANDRAKE
http://marc.info/?l=bugtraq&m=108737059313829&w=2mailing-list, x_refsource_BUGTRAQ
http://www.gentoo.org/security/en/glsa/glsa-200406-15.xmlvendor-advisory, x_refsource_GENTOO
http://www.webmin.com/changes-1.150.htmlx_refsource_CONFIRM
http://www.gentoo.org/security/en/glsa/glsa-200406-12.xmlvendor-advisory, x_refsource_GENTOO
http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/75_e.htmlx_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T00:24:26.063Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "10474",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/10474"
          },
          {
            "name": "DSA-526",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2004/dsa-526"
          },
          {
            "name": "webmin-username-password-dos(16334)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16334"
          },
          {
            "name": "10523",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/10523"
          },
          {
            "name": "MDKSA-2004:074",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRAKE",
              "x_transferred"
            ],
            "url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:074"
          },
          {
            "name": "20040611 [SNS Advisory No.75] Webmin/Usermin Account Lockout Bypass Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=108737059313829\u0026w=2"
          },
          {
            "name": "GLSA-200406-15",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200406-15.xml"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.webmin.com/changes-1.150.html"
          },
          {
            "name": "GLSA-200406-12",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200406-12.xml"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/75_e.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-06-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The account lockout functionality in (1) Webmin 1.140 and (2) Usermin 1.070 does not parse certain character strings, which allows remote attackers to conduct a brute force attack to guess user IDs and passwords."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "10474",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/10474"
        },
        {
          "name": "DSA-526",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2004/dsa-526"
        },
        {
          "name": "webmin-username-password-dos(16334)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16334"
        },
        {
          "name": "10523",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/10523"
        },
        {
          "name": "MDKSA-2004:074",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRAKE"
          ],
          "url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:074"
        },
        {
          "name": "20040611 [SNS Advisory No.75] Webmin/Usermin Account Lockout Bypass Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=108737059313829\u0026w=2"
        },
        {
          "name": "GLSA-200406-15",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200406-15.xml"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.webmin.com/changes-1.150.html"
        },
        {
          "name": "GLSA-200406-12",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200406-12.xml"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/75_e.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-0583",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The account lockout functionality in (1) Webmin 1.140 and (2) Usermin 1.070 does not parse certain character strings, which allows remote attackers to conduct a brute force attack to guess user IDs and passwords."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "10474",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/10474"
            },
            {
              "name": "DSA-526",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2004/dsa-526"
            },
            {
              "name": "webmin-username-password-dos(16334)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16334"
            },
            {
              "name": "10523",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/10523"
            },
            {
              "name": "MDKSA-2004:074",
              "refsource": "MANDRAKE",
              "url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:074"
            },
            {
              "name": "20040611 [SNS Advisory No.75] Webmin/Usermin Account Lockout Bypass Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=108737059313829\u0026w=2"
            },
            {
              "name": "GLSA-200406-15",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200406-15.xml"
            },
            {
              "name": "http://www.webmin.com/changes-1.150.html",
              "refsource": "CONFIRM",
              "url": "http://www.webmin.com/changes-1.150.html"
            },
            {
              "name": "GLSA-200406-12",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200406-12.xml"
            },
            {
              "name": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/75_e.html",
              "refsource": "MISC",
              "url": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/75_e.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-0583",
    "datePublished": "2004-06-23T04:00:00",
    "dateReserved": "2004-06-18T00:00:00",
    "dateUpdated": "2024-08-08T00:24:26.063Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2004-1468
Vulnerability from cvelistv5
Published
2005-02-13 05:00
Modified
2024-08-08 00:53
Severity ?
Summary
The web mail functionality in Usermin 1.x and Webmin 1.x allows remote attackers to execute arbitrary commands via shell metacharacters in an e-mail message.
References
http://www.securityfocus.com/bid/11122vdb-entry, x_refsource_BID
http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/77_e.htmlx_refsource_MISC
http://secunia.com/advisories/12488/third-party-advisory, x_refsource_SECUNIA
http://www.gentoo.org/security/en/glsa/glsa-200409-15.xmlvendor-advisory, x_refsource_GENTOO
https://exchange.xforce.ibmcloud.com/vulnerabilities/17293vdb-entry, x_refsource_XF
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T00:53:23.804Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "11122",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/11122"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/77_e.html"
          },
          {
            "name": "12488",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/12488/"
          },
          {
            "name": "GLSA-200409-15",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200409-15.xml"
          },
          {
            "name": "usermin-web-mail-command-execution(17293)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17293"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-09-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The web mail functionality in Usermin 1.x and Webmin 1.x allows remote attackers to execute arbitrary commands via shell metacharacters in an e-mail message."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "11122",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/11122"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/77_e.html"
        },
        {
          "name": "12488",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/12488/"
        },
        {
          "name": "GLSA-200409-15",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200409-15.xml"
        },
        {
          "name": "usermin-web-mail-command-execution(17293)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17293"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-1468",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The web mail functionality in Usermin 1.x and Webmin 1.x allows remote attackers to execute arbitrary commands via shell metacharacters in an e-mail message."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "11122",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/11122"
            },
            {
              "name": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/77_e.html",
              "refsource": "MISC",
              "url": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/77_e.html"
            },
            {
              "name": "12488",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/12488/"
            },
            {
              "name": "GLSA-200409-15",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200409-15.xml"
            },
            {
              "name": "usermin-web-mail-command-execution(17293)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17293"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-1468",
    "datePublished": "2005-02-13T05:00:00",
    "dateReserved": "2005-02-13T00:00:00",
    "dateUpdated": "2024-08-08T00:53:23.804Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2006-4246
Vulnerability from cvelistv5
Published
2006-09-19 18:00
Modified
2024-08-07 19:06
Severity ?
Summary
Usermin before 1.220 (20060629) allows remote attackers to read arbitrary files, possibly related to chfn/save.cgi not properly handling an empty shell parameter, which results in changing root's shell instead of the shell of a specified user.
References
http://secunia.com/advisories/21968third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/21981third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/bid/18574vdb-entry, x_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilities/29010vdb-entry, x_refsource_XF
http://www.webmin.com/uchanges.htmlx_refsource_CONFIRM
http://www.vupen.com/english/advisories/2006/3668vdb-entry, x_refsource_VUPEN
http://www.osreviews.net/reviews/admin/userminx_refsource_MISC
http://sourceforge.net/tracker/index.php?func=detail&aid=1509145&group_id=17457&atid=485894x_refsource_CONFIRM
http://www.debian.org/security/2006/dsa-1177vendor-advisory, x_refsource_DEBIAN
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T19:06:07.026Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "21968",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21968"
          },
          {
            "name": "21981",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21981"
          },
          {
            "name": "18574",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/18574"
          },
          {
            "name": "usermin-shell-dos(29010)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29010"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.webmin.com/uchanges.html"
          },
          {
            "name": "ADV-2006-3668",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3668"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.osreviews.net/reviews/admin/usermin"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1509145\u0026group_id=17457\u0026atid=485894"
          },
          {
            "name": "DSA-1177",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2006/dsa-1177"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-06-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Usermin before 1.220 (20060629) allows remote attackers to read arbitrary files, possibly related to chfn/save.cgi not properly handling an empty shell parameter, which results in changing root\u0027s shell instead of the shell of a specified user."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-19T15:57:01",
        "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
        "shortName": "debian"
      },
      "references": [
        {
          "name": "21968",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21968"
        },
        {
          "name": "21981",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21981"
        },
        {
          "name": "18574",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/18574"
        },
        {
          "name": "usermin-shell-dos(29010)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29010"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.webmin.com/uchanges.html"
        },
        {
          "name": "ADV-2006-3668",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3668"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.osreviews.net/reviews/admin/usermin"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1509145\u0026group_id=17457\u0026atid=485894"
        },
        {
          "name": "DSA-1177",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2006/dsa-1177"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@debian.org",
          "ID": "CVE-2006-4246",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Usermin before 1.220 (20060629) allows remote attackers to read arbitrary files, possibly related to chfn/save.cgi not properly handling an empty shell parameter, which results in changing root\u0027s shell instead of the shell of a specified user."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "21968",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21968"
            },
            {
              "name": "21981",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21981"
            },
            {
              "name": "18574",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/18574"
            },
            {
              "name": "usermin-shell-dos(29010)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29010"
            },
            {
              "name": "http://www.webmin.com/uchanges.html",
              "refsource": "CONFIRM",
              "url": "http://www.webmin.com/uchanges.html"
            },
            {
              "name": "ADV-2006-3668",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/3668"
            },
            {
              "name": "http://www.osreviews.net/reviews/admin/usermin",
              "refsource": "MISC",
              "url": "http://www.osreviews.net/reviews/admin/usermin"
            },
            {
              "name": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1509145\u0026group_id=17457\u0026atid=485894",
              "refsource": "CONFIRM",
              "url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1509145\u0026group_id=17457\u0026atid=485894"
            },
            {
              "name": "DSA-1177",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2006/dsa-1177"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
    "assignerShortName": "debian",
    "cveId": "CVE-2006-4246",
    "datePublished": "2006-09-19T18:00:00",
    "dateReserved": "2006-08-21T00:00:00",
    "dateUpdated": "2024-08-07T19:06:07.026Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2004-0588
Vulnerability from cvelistv5
Published
2004-06-23 04:00
Modified
2024-08-08 00:24
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the web mail module for Usermin 1.070 allows remote attackers to insert arbitrary HTML and script via e-mail messages.
References
http://www.gentoo.org/security/en/glsa/glsa-200406-15.xmlvendor-advisory, x_refsource_GENTOO
http://marc.info/?l=bugtraq&m=108781564518287&w=2mailing-list, x_refsource_BUGTRAQ
http://www.securityfocus.com/bid/10521vdb-entry, x_refsource_BID
http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/73_e.htmlx_refsource_MISC
https://exchange.xforce.ibmcloud.com/vulnerabilities/16494vdb-entry, x_refsource_XF
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T00:24:26.181Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "GLSA-200406-15",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200406-15.xml"
          },
          {
            "name": "20040611 [SNS Advisory No.73] Usermin Cross-site Scripting Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=108781564518287\u0026w=2"
          },
          {
            "name": "10521",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/10521"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/73_e.html"
          },
          {
            "name": "usermin-email-xss(16494)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16494"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-06-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in the web mail module for Usermin 1.070 allows remote attackers to insert arbitrary HTML and script via e-mail messages."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "GLSA-200406-15",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200406-15.xml"
        },
        {
          "name": "20040611 [SNS Advisory No.73] Usermin Cross-site Scripting Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=108781564518287\u0026w=2"
        },
        {
          "name": "10521",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/10521"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/73_e.html"
        },
        {
          "name": "usermin-email-xss(16494)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16494"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-0588",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in the web mail module for Usermin 1.070 allows remote attackers to insert arbitrary HTML and script via e-mail messages."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "GLSA-200406-15",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200406-15.xml"
            },
            {
              "name": "20040611 [SNS Advisory No.73] Usermin Cross-site Scripting Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=108781564518287\u0026w=2"
            },
            {
              "name": "10521",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/10521"
            },
            {
              "name": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/73_e.html",
              "refsource": "MISC",
              "url": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/73_e.html"
            },
            {
              "name": "usermin-email-xss(16494)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16494"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-0588",
    "datePublished": "2004-06-23T04:00:00",
    "dateReserved": "2004-06-21T00:00:00",
    "dateUpdated": "2024-08-08T00:24:26.181Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2006-3392
Vulnerability from cvelistv5
Published
2006-07-06 20:00
Modified
2024-08-07 18:30
Severity ?
Summary
Webmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML, which allows remote attackers to read arbitrary files, as demonstrated using "..%01" sequences, which bypass the removal of "../" sequences before bytes such as "%01" are removed from the filename. NOTE: This is a different issue than CVE-2006-3274.
References
http://secunia.com/advisories/21365third-party-advisory, x_refsource_SECUNIA
http://security.gentoo.org/glsa/glsa-200608-11.xmlvendor-advisory, x_refsource_GENTOO
http://www.webmin.com/changes.htmlx_refsource_CONFIRM
http://www.securityfocus.com/archive/1/440125/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://secunia.com/advisories/21105third-party-advisory, x_refsource_SECUNIA
http://www.securityfocus.com/bid/18744vdb-entry, x_refsource_BID
http://www.securityfocus.com/archive/1/440493/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://www.securityfocus.com/archive/1/440466/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://www.kb.cert.org/vuls/id/999601third-party-advisory, x_refsource_CERT-VN
http://www.debian.org/security/2006/dsa-1199vendor-advisory, x_refsource_DEBIAN
http://attrition.org/pipermail/vim/2006-June/000912.htmlmailing-list, x_refsource_VIM
http://secunia.com/advisories/20892third-party-advisory, x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDKSA-2006:125vendor-advisory, x_refsource_MANDRIVA
http://www.vupen.com/english/advisories/2006/2612vdb-entry, x_refsource_VUPEN
http://www.securityfocus.com/archive/1/439653/100/0/threadedmailing-list, x_refsource_BUGTRAQ
http://www.osvdb.org/26772vdb-entry, x_refsource_OSVDB
http://secunia.com/advisories/22556third-party-advisory, x_refsource_SECUNIA
http://attrition.org/pipermail/vim/2006-July/000923.htmlmailing-list, x_refsource_VIM
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T18:30:32.634Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "21365",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21365"
          },
          {
            "name": "GLSA-200608-11",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200608-11.xml"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.webmin.com/changes.html"
          },
          {
            "name": "20060710 Re: Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/440125/100/0/threaded"
          },
          {
            "name": "21105",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21105"
          },
          {
            "name": "18744",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/18744"
          },
          {
            "name": "20060715 Webmin / Usermin Arbitrary File Disclosure Vulnerability Perl",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/440493/100/0/threaded"
          },
          {
            "name": "20060715 Re: Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/440466/100/0/threaded"
          },
          {
            "name": "VU#999601",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/999601"
          },
          {
            "name": "DSA-1199",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2006/dsa-1199"
          },
          {
            "name": "20060630 Webmin traversal - changelog",
            "tags": [
              "mailing-list",
              "x_refsource_VIM",
              "x_transferred"
            ],
            "url": "http://attrition.org/pipermail/vim/2006-June/000912.html"
          },
          {
            "name": "20892",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20892"
          },
          {
            "name": "MDKSA-2006:125",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:125"
          },
          {
            "name": "ADV-2006-2612",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/2612"
          },
          {
            "name": "20060709 Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/439653/100/0/threaded"
          },
          {
            "name": "26772",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/26772"
          },
          {
            "name": "22556",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22556"
          },
          {
            "name": "20060711 Re: Webmin traversal - changelog",
            "tags": [
              "mailing-list",
              "x_refsource_VIM",
              "x_transferred"
            ],
            "url": "http://attrition.org/pipermail/vim/2006-July/000923.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-06-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Webmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML, which allows remote attackers to read arbitrary files, as demonstrated using \"..%01\" sequences, which bypass the removal of \"../\" sequences before bytes such as \"%01\" are removed from the filename.  NOTE: This is a different issue than CVE-2006-3274."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-18T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "21365",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21365"
        },
        {
          "name": "GLSA-200608-11",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200608-11.xml"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.webmin.com/changes.html"
        },
        {
          "name": "20060710 Re: Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/440125/100/0/threaded"
        },
        {
          "name": "21105",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21105"
        },
        {
          "name": "18744",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/18744"
        },
        {
          "name": "20060715 Webmin / Usermin Arbitrary File Disclosure Vulnerability Perl",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/440493/100/0/threaded"
        },
        {
          "name": "20060715 Re: Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/440466/100/0/threaded"
        },
        {
          "name": "VU#999601",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/999601"
        },
        {
          "name": "DSA-1199",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2006/dsa-1199"
        },
        {
          "name": "20060630 Webmin traversal - changelog",
          "tags": [
            "mailing-list",
            "x_refsource_VIM"
          ],
          "url": "http://attrition.org/pipermail/vim/2006-June/000912.html"
        },
        {
          "name": "20892",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20892"
        },
        {
          "name": "MDKSA-2006:125",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:125"
        },
        {
          "name": "ADV-2006-2612",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/2612"
        },
        {
          "name": "20060709 Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/439653/100/0/threaded"
        },
        {
          "name": "26772",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/26772"
        },
        {
          "name": "22556",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22556"
        },
        {
          "name": "20060711 Re: Webmin traversal - changelog",
          "tags": [
            "mailing-list",
            "x_refsource_VIM"
          ],
          "url": "http://attrition.org/pipermail/vim/2006-July/000923.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-3392",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Webmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML, which allows remote attackers to read arbitrary files, as demonstrated using \"..%01\" sequences, which bypass the removal of \"../\" sequences before bytes such as \"%01\" are removed from the filename.  NOTE: This is a different issue than CVE-2006-3274."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "21365",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21365"
            },
            {
              "name": "GLSA-200608-11",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200608-11.xml"
            },
            {
              "name": "http://www.webmin.com/changes.html",
              "refsource": "CONFIRM",
              "url": "http://www.webmin.com/changes.html"
            },
            {
              "name": "20060710 Re: Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/440125/100/0/threaded"
            },
            {
              "name": "21105",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21105"
            },
            {
              "name": "18744",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/18744"
            },
            {
              "name": "20060715 Webmin / Usermin Arbitrary File Disclosure Vulnerability Perl",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/440493/100/0/threaded"
            },
            {
              "name": "20060715 Re: Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/440466/100/0/threaded"
            },
            {
              "name": "VU#999601",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/999601"
            },
            {
              "name": "DSA-1199",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2006/dsa-1199"
            },
            {
              "name": "20060630 Webmin traversal - changelog",
              "refsource": "VIM",
              "url": "http://attrition.org/pipermail/vim/2006-June/000912.html"
            },
            {
              "name": "20892",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/20892"
            },
            {
              "name": "MDKSA-2006:125",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:125"
            },
            {
              "name": "ADV-2006-2612",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/2612"
            },
            {
              "name": "20060709 Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/439653/100/0/threaded"
            },
            {
              "name": "26772",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/26772"
            },
            {
              "name": "22556",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22556"
            },
            {
              "name": "20060711 Re: Webmin traversal - changelog",
              "refsource": "VIM",
              "url": "http://attrition.org/pipermail/vim/2006-July/000923.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-3392",
    "datePublished": "2006-07-06T20:00:00",
    "dateReserved": "2006-07-06T00:00:00",
    "dateUpdated": "2024-08-07T18:30:32.634Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2002-0756
Vulnerability from cvelistv5
Published
2002-07-26 04:00
Modified
2024-08-08 03:03
Severity ?
Summary
Cross-site scripting vulnerability in the authentication page for (1) Webmin 0.96 and (2) Usermin 0.90 allows remote attackers to insert script into an error page and possibly steal cookies.
References
http://www.iss.net/security_center/static/9036.phpvdb-entry, x_refsource_XF
http://www.securityfocus.com/bid/4694vdb-entry, x_refsource_BID
http://archives.neohapsis.com/archives/bugtraq/2002-05/0040.htmlmailing-list, x_refsource_BUGTRAQ
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T03:03:47.965Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "webmin-usermin-authpage-css(9036)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "http://www.iss.net/security_center/static/9036.php"
          },
          {
            "name": "4694",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/4694"
          },
          {
            "name": "20020508 [SNS Advisory No.52] Webmin/Usermin Cross-site Scripting Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2002-05/0040.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2002-05-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting vulnerability in the authentication page for (1) Webmin 0.96 and (2) Usermin 0.90 allows remote attackers to insert script into an error page and possibly steal cookies."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2002-07-31T09:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "webmin-usermin-authpage-css(9036)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "http://www.iss.net/security_center/static/9036.php"
        },
        {
          "name": "4694",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/4694"
        },
        {
          "name": "20020508 [SNS Advisory No.52] Webmin/Usermin Cross-site Scripting Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2002-05/0040.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2002-0756",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting vulnerability in the authentication page for (1) Webmin 0.96 and (2) Usermin 0.90 allows remote attackers to insert script into an error page and possibly steal cookies."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "webmin-usermin-authpage-css(9036)",
              "refsource": "XF",
              "url": "http://www.iss.net/security_center/static/9036.php"
            },
            {
              "name": "4694",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/4694"
            },
            {
              "name": "20020508 [SNS Advisory No.52] Webmin/Usermin Cross-site Scripting Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://archives.neohapsis.com/archives/bugtraq/2002-05/0040.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2002-0756",
    "datePublished": "2002-07-26T04:00:00",
    "dateReserved": "2002-07-25T00:00:00",
    "dateUpdated": "2024-08-08T03:03:47.965Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2007-1276
Vulnerability from cvelistv5
Published
2007-03-05 20:00
Modified
2024-08-07 12:50
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in chooser.cgi in Webmin before 1.330 and Usermin before 1.260 allow remote attackers to inject arbitrary web script or HTML via a crafted filename.
References
http://www.webmin.com/security.htmlx_refsource_CONFIRM
http://osvdb.org/33832vdb-entry, x_refsource_OSVDB
http://secunia.com/advisories/24321third-party-advisory, x_refsource_SECUNIA
http://www.vupen.com/english/advisories/2007/0780vdb-entry, x_refsource_VUPEN
http://www.securitytracker.com/id?1017711vdb-entry, x_refsource_SECTRACK
http://www.webmin.com/changes-1.330.htmlx_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/32725vdb-entry, x_refsource_XF
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T12:50:34.879Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.webmin.com/security.html"
          },
          {
            "name": "33832",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/33832"
          },
          {
            "name": "24321",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/24321"
          },
          {
            "name": "ADV-2007-0780",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/0780"
          },
          {
            "name": "1017711",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1017711"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.webmin.com/changes-1.330.html"
          },
          {
            "name": "webmin-chooser-xss(32725)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32725"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-02-28T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in chooser.cgi in Webmin before 1.330 and Usermin before 1.260 allow remote attackers to inject arbitrary web script or HTML via a crafted filename."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.webmin.com/security.html"
        },
        {
          "name": "33832",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/33832"
        },
        {
          "name": "24321",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/24321"
        },
        {
          "name": "ADV-2007-0780",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/0780"
        },
        {
          "name": "1017711",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1017711"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.webmin.com/changes-1.330.html"
        },
        {
          "name": "webmin-chooser-xss(32725)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32725"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-1276",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in chooser.cgi in Webmin before 1.330 and Usermin before 1.260 allow remote attackers to inject arbitrary web script or HTML via a crafted filename."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.webmin.com/security.html",
              "refsource": "CONFIRM",
              "url": "http://www.webmin.com/security.html"
            },
            {
              "name": "33832",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/33832"
            },
            {
              "name": "24321",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/24321"
            },
            {
              "name": "ADV-2007-0780",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/0780"
            },
            {
              "name": "1017711",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1017711"
            },
            {
              "name": "http://www.webmin.com/changes-1.330.html",
              "refsource": "CONFIRM",
              "url": "http://www.webmin.com/changes-1.330.html"
            },
            {
              "name": "webmin-chooser-xss(32725)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32725"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-1276",
    "datePublished": "2007-03-05T20:00:00",
    "dateReserved": "2007-03-05T00:00:00",
    "dateUpdated": "2024-08-07T12:50:34.879Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2006-4542
Vulnerability from cvelistv5
Published
2006-09-05 23:00
Modified
2024-08-07 19:14
Severity ?
Summary
Webmin before 1.296 and Usermin before 1.226 do not properly handle a URL with a null ("%00") character, which allows remote attackers to conduct cross-site scripting (XSS), read CGI program source code, list directories, and possibly execute programs.
References
http://jvn.jp/jp/JVN%2399776858/index.htmlthird-party-advisory, x_refsource_JVN
http://www.securityfocus.com/bid/19820vdb-entry, x_refsource_BID
http://secunia.com/advisories/22114third-party-advisory, x_refsource_SECUNIA
http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/89_e.htmlx_refsource_MISC
http://www.vupen.com/english/advisories/2006/3424vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/21690third-party-advisory, x_refsource_SECUNIA
http://www.debian.org/security/2006/dsa-1199vendor-advisory, x_refsource_DEBIAN
http://www.osvdb.org/28338vdb-entry, x_refsource_OSVDB
http://secunia.com/advisories/22087third-party-advisory, x_refsource_SECUNIA
http://www.osvdb.org/28337vdb-entry, x_refsource_OSVDB
http://www.mandriva.com/security/advisories?name=MDKSA-2006:170vendor-advisory, x_refsource_MANDRIVA
http://securitytracker.com/id?1016776vdb-entry, x_refsource_SECTRACK
http://webmin.com/security.htmlx_refsource_CONFIRM
http://secunia.com/advisories/22556third-party-advisory, x_refsource_SECUNIA
http://securitytracker.com/id?1016777vdb-entry, x_refsource_SECTRACK
https://exchange.xforce.ibmcloud.com/vulnerabilities/28699vdb-entry, x_refsource_XF
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T19:14:47.503Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "JVN#99776858",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "http://jvn.jp/jp/JVN%2399776858/index.html"
          },
          {
            "name": "19820",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/19820"
          },
          {
            "name": "22114",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22114"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/89_e.html"
          },
          {
            "name": "ADV-2006-3424",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3424"
          },
          {
            "name": "21690",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21690"
          },
          {
            "name": "DSA-1199",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2006/dsa-1199"
          },
          {
            "name": "28338",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/28338"
          },
          {
            "name": "22087",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22087"
          },
          {
            "name": "28337",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/28337"
          },
          {
            "name": "MDKSA-2006:170",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:170"
          },
          {
            "name": "1016776",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1016776"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://webmin.com/security.html"
          },
          {
            "name": "22556",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22556"
          },
          {
            "name": "1016777",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1016777"
          },
          {
            "name": "webmin-usermin-source-disclosure(28699)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28699"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-08-31T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Webmin before 1.296 and Usermin before 1.226 do not properly handle a URL with a null (\"%00\") character, which allows remote attackers to conduct cross-site scripting (XSS), read CGI program source code, list directories, and possibly execute programs."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-19T15:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "JVN#99776858",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "http://jvn.jp/jp/JVN%2399776858/index.html"
        },
        {
          "name": "19820",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/19820"
        },
        {
          "name": "22114",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22114"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/89_e.html"
        },
        {
          "name": "ADV-2006-3424",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3424"
        },
        {
          "name": "21690",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21690"
        },
        {
          "name": "DSA-1199",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2006/dsa-1199"
        },
        {
          "name": "28338",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/28338"
        },
        {
          "name": "22087",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22087"
        },
        {
          "name": "28337",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/28337"
        },
        {
          "name": "MDKSA-2006:170",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:170"
        },
        {
          "name": "1016776",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1016776"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://webmin.com/security.html"
        },
        {
          "name": "22556",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22556"
        },
        {
          "name": "1016777",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1016777"
        },
        {
          "name": "webmin-usermin-source-disclosure(28699)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28699"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-4542",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Webmin before 1.296 and Usermin before 1.226 do not properly handle a URL with a null (\"%00\") character, which allows remote attackers to conduct cross-site scripting (XSS), read CGI program source code, list directories, and possibly execute programs."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "JVN#99776858",
              "refsource": "JVN",
              "url": "http://jvn.jp/jp/JVN%2399776858/index.html"
            },
            {
              "name": "19820",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/19820"
            },
            {
              "name": "22114",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22114"
            },
            {
              "name": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/89_e.html",
              "refsource": "MISC",
              "url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/89_e.html"
            },
            {
              "name": "ADV-2006-3424",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/3424"
            },
            {
              "name": "21690",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21690"
            },
            {
              "name": "DSA-1199",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2006/dsa-1199"
            },
            {
              "name": "28338",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/28338"
            },
            {
              "name": "22087",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22087"
            },
            {
              "name": "28337",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/28337"
            },
            {
              "name": "MDKSA-2006:170",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:170"
            },
            {
              "name": "1016776",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1016776"
            },
            {
              "name": "http://webmin.com/security.html",
              "refsource": "CONFIRM",
              "url": "http://webmin.com/security.html"
            },
            {
              "name": "22556",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/22556"
            },
            {
              "name": "1016777",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1016777"
            },
            {
              "name": "webmin-usermin-source-disclosure(28699)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28699"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-4542",
    "datePublished": "2006-09-05T23:00:00",
    "dateReserved": "2006-09-05T00:00:00",
    "dateUpdated": "2024-08-07T19:14:47.503Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2002-0757
Vulnerability from cvelistv5
Published
2002-07-26 04:00
Modified
2024-08-08 03:03
Severity ?
Summary
(1) Webmin 0.96 and (2) Usermin 0.90 with password timeouts enabled allow local and possibly remote attackers to bypass authentication and gain privileges via certain control characters in the authentication information, which can force Webmin or Usermin to accept arbitrary username/session ID combinations.
References
http://www.iss.net/security_center/static/9037.phpvdb-entry, x_refsource_XF
http://www.securityfocus.com/bid/4700vdb-entry, x_refsource_BID
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-033.phpvendor-advisory, x_refsource_MANDRAKE
http://online.securityfocus.com/archive/1/271466mailing-list, x_refsource_BUGTRAQ
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T03:03:47.946Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "webmin-usermin-sessionid-spoof(9037)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "http://www.iss.net/security_center/static/9037.php"
          },
          {
            "name": "4700",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/4700"
          },
          {
            "name": "MDKSA-2002:033",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRAKE",
              "x_transferred"
            ],
            "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-033.php"
          },
          {
            "name": "20020508 [SNS Advisory No.53] Webmin/Usermin Session ID Spoofing Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://online.securityfocus.com/archive/1/271466"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2002-05-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "(1) Webmin 0.96 and (2) Usermin 0.90 with password timeouts enabled allow local and possibly remote attackers to bypass authentication and gain privileges via certain control characters in the authentication information, which can force Webmin or Usermin to accept arbitrary username/session ID combinations."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2002-07-31T09:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "webmin-usermin-sessionid-spoof(9037)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "http://www.iss.net/security_center/static/9037.php"
        },
        {
          "name": "4700",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/4700"
        },
        {
          "name": "MDKSA-2002:033",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRAKE"
          ],
          "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-033.php"
        },
        {
          "name": "20020508 [SNS Advisory No.53] Webmin/Usermin Session ID Spoofing Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://online.securityfocus.com/archive/1/271466"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2002-0757",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "(1) Webmin 0.96 and (2) Usermin 0.90 with password timeouts enabled allow local and possibly remote attackers to bypass authentication and gain privileges via certain control characters in the authentication information, which can force Webmin or Usermin to accept arbitrary username/session ID combinations."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "webmin-usermin-sessionid-spoof(9037)",
              "refsource": "XF",
              "url": "http://www.iss.net/security_center/static/9037.php"
            },
            {
              "name": "4700",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/4700"
            },
            {
              "name": "MDKSA-2002:033",
              "refsource": "MANDRAKE",
              "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-033.php"
            },
            {
              "name": "20020508 [SNS Advisory No.53] Webmin/Usermin Session ID Spoofing Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://online.securityfocus.com/archive/1/271466"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2002-0757",
    "datePublished": "2002-07-26T04:00:00",
    "dateReserved": "2002-07-25T00:00:00",
    "dateUpdated": "2024-08-08T03:03:47.946Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2005-3042
Vulnerability from cvelistv5
Published
2005-09-22 04:00
Modified
2024-08-07 22:53
Severity ?
Summary
miniserv.pl in Webmin before 1.230 and Usermin before 1.160, when "full PAM conversations" is enabled, allows remote attackers to bypass authentication by spoofing session IDs via certain metacharacters (line feed or carriage return).
References
http://secunia.com/advisories/16858third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/17282third-party-advisory, x_refsource_SECUNIA
http://www.gentoo.org/security/en/glsa/glsa-200509-17.xmlvendor-advisory, x_refsource_GENTOO
http://www.osvdb.org/19575vdb-entry, x_refsource_OSVDB
http://securityreason.com/securityalert/17third-party-advisory, x_refsource_SREASON
http://www.securityfocus.com/bid/14889vdb-entry, x_refsource_BID
http://www.vupen.com/english/advisories/2005/1791vdb-entry, x_refsource_VUPEN
http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/83_e.htmlx_refsource_MISC
http://www.mandriva.com/security/advisories?name=MDKSA-2005:176vendor-advisory, x_refsource_MANDRIVA
http://www.novell.com/linux/security/advisories/2005_24_sr.htmlvendor-advisory, x_refsource_SUSE
http://archives.neohapsis.com/archives/bugtraq/2005-09/0257.htmlmailing-list, x_refsource_BUGTRAQ
http://www.webmin.com/changes-1.230.htmlx_refsource_CONFIRM
http://jvn.jp/jp/JVN%2340940493/index.htmlthird-party-advisory, x_refsource_JVN
http://www.webmin.com/uchanges-1.160.htmlx_refsource_CONFIRM
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T22:53:30.475Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "16858",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/16858"
          },
          {
            "name": "17282",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/17282"
          },
          {
            "name": "GLSA-200509-17",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200509-17.xml"
          },
          {
            "name": "19575",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/19575"
          },
          {
            "name": "17",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/17"
          },
          {
            "name": "14889",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/14889"
          },
          {
            "name": "ADV-2005-1791",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2005/1791"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/83_e.html"
          },
          {
            "name": "MDKSA-2005:176",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:176"
          },
          {
            "name": "SUSE-SR:2005:024",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2005_24_sr.html"
          },
          {
            "name": "20050921 [SNS Advisory No.83] Webmin/Usermin PAM Authentication Bypass Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2005-09/0257.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.webmin.com/changes-1.230.html"
          },
          {
            "name": "JVN#40940493",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "http://jvn.jp/jp/JVN%2340940493/index.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.webmin.com/uchanges-1.160.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2005-09-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "miniserv.pl in Webmin before 1.230 and Usermin before 1.160, when \"full PAM conversations\" is enabled, allows remote attackers to bypass authentication by spoofing session IDs via certain metacharacters (line feed or carriage return)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2005-09-29T09:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "16858",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/16858"
        },
        {
          "name": "17282",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/17282"
        },
        {
          "name": "GLSA-200509-17",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200509-17.xml"
        },
        {
          "name": "19575",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/19575"
        },
        {
          "name": "17",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/17"
        },
        {
          "name": "14889",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/14889"
        },
        {
          "name": "ADV-2005-1791",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2005/1791"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/83_e.html"
        },
        {
          "name": "MDKSA-2005:176",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:176"
        },
        {
          "name": "SUSE-SR:2005:024",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2005_24_sr.html"
        },
        {
          "name": "20050921 [SNS Advisory No.83] Webmin/Usermin PAM Authentication Bypass Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2005-09/0257.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.webmin.com/changes-1.230.html"
        },
        {
          "name": "JVN#40940493",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "http://jvn.jp/jp/JVN%2340940493/index.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.webmin.com/uchanges-1.160.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-3042",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "miniserv.pl in Webmin before 1.230 and Usermin before 1.160, when \"full PAM conversations\" is enabled, allows remote attackers to bypass authentication by spoofing session IDs via certain metacharacters (line feed or carriage return)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "16858",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/16858"
            },
            {
              "name": "17282",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/17282"
            },
            {
              "name": "GLSA-200509-17",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200509-17.xml"
            },
            {
              "name": "19575",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/19575"
            },
            {
              "name": "17",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/17"
            },
            {
              "name": "14889",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/14889"
            },
            {
              "name": "ADV-2005-1791",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2005/1791"
            },
            {
              "name": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/83_e.html",
              "refsource": "MISC",
              "url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/83_e.html"
            },
            {
              "name": "MDKSA-2005:176",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:176"
            },
            {
              "name": "SUSE-SR:2005:024",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2005_24_sr.html"
            },
            {
              "name": "20050921 [SNS Advisory No.83] Webmin/Usermin PAM Authentication Bypass Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://archives.neohapsis.com/archives/bugtraq/2005-09/0257.html"
            },
            {
              "name": "http://www.webmin.com/changes-1.230.html",
              "refsource": "CONFIRM",
              "url": "http://www.webmin.com/changes-1.230.html"
            },
            {
              "name": "JVN#40940493",
              "refsource": "JVN",
              "url": "http://jvn.jp/jp/JVN%2340940493/index.html"
            },
            {
              "name": "http://www.webmin.com/uchanges-1.160.html",
              "refsource": "CONFIRM",
              "url": "http://www.webmin.com/uchanges-1.160.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2005-3042",
    "datePublished": "2005-09-22T04:00:00",
    "dateReserved": "2005-09-22T00:00:00",
    "dateUpdated": "2024-08-07T22:53:30.475Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2003-0101
Vulnerability from cvelistv5
Published
2003-02-26 05:00
Modified
2024-08-08 01:43
Severity ?
Summary
miniserv.pl in (1) Webmin before 1.070 and (2) Usermin before 1.000 does not properly handle metacharacters such as line feeds and carriage returns (CRLF) in Base-64 encoded strings during Basic authentication, which allows remote attackers to spoof a session ID and gain root privileges.
References
http://www.debian.org/security/2003/dsa-319vendor-advisory, x_refsource_DEBIAN
http://www.linuxsecurity.com/advisories/gentoo_advisory-2886.htmlx_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=104610336226274&w=2mailing-list, x_refsource_BUGTRAQ
http://www.ciac.org/ciac/bulletins/n-058.shtmlthird-party-advisory, government-resource, x_refsource_CIAC
http://secunia.com/advisories/8163third-party-advisory, x_refsource_SECUNIA
http://www.mandriva.com/security/advisories?name=MDKSA-2003:025vendor-advisory, x_refsource_MANDRAKE
http://archives.neohapsis.com/archives/hp/2003-q1/0063.htmlvendor-advisory, x_refsource_HP
http://secunia.com/advisories/8115third-party-advisory, x_refsource_SECUNIA
http://www.securitytracker.com/id?1006160vdb-entry, x_refsource_SECTRACK
http://marc.info/?l=bugtraq&m=104610300325629&w=2mailing-list, x_refsource_BUGTRAQ
http://archives.neohapsis.com/archives/linux/engarde/2003-q1/0008.htmlvendor-advisory, x_refsource_ENGARDE
http://marc.info/?l=webmin-announce&m=104587858408101&w=2x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=104610245624895&w=2mailing-list, x_refsource_BUGTRAQ
http://www.lac.co.jp/security/english/snsadv_e/62_e.htmlx_refsource_MISC
ftp://patches.sgi.com/support/free/security/advisories/20030602-01-Ivendor-advisory, x_refsource_SGI
http://www.iss.net/security_center/static/11390.phpvdb-entry, x_refsource_XF
http://www.securityfocus.com/bid/6915vdb-entry, x_refsource_BID
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T01:43:35.586Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-319",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2003/dsa-319"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.linuxsecurity.com/advisories/gentoo_advisory-2886.html"
          },
          {
            "name": "20030224 GLSA:  usermin (200302-14)",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=104610336226274\u0026w=2"
          },
          {
            "name": "N-058",
            "tags": [
              "third-party-advisory",
              "government-resource",
              "x_refsource_CIAC",
              "x_transferred"
            ],
            "url": "http://www.ciac.org/ciac/bulletins/n-058.shtml"
          },
          {
            "name": "8163",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/8163"
          },
          {
            "name": "MDKSA-2003:025",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRAKE",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:025"
          },
          {
            "name": "HPSBUX0303-250",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/hp/2003-q1/0063.html"
          },
          {
            "name": "8115",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/8115"
          },
          {
            "name": "1006160",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1006160"
          },
          {
            "name": "20030224 [SNS Advisory No.62] Webmin/Usermin Session ID Spoofing Vulnerability \"Episode 2\"",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=104610300325629\u0026w=2"
          },
          {
            "name": "ESA-20030225-006",
            "tags": [
              "vendor-advisory",
              "x_refsource_ENGARDE",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/linux/engarde/2003-q1/0008.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=webmin-announce\u0026m=104587858408101\u0026w=2"
          },
          {
            "name": "20030224 Webmin 1.050 - 1.060 remote exploit",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=104610245624895\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.lac.co.jp/security/english/snsadv_e/62_e.html"
          },
          {
            "name": "20030602-01-I",
            "tags": [
              "vendor-advisory",
              "x_refsource_SGI",
              "x_transferred"
            ],
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20030602-01-I"
          },
          {
            "name": "webmin-usermin-root-access(11390)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "http://www.iss.net/security_center/static/11390.php"
          },
          {
            "name": "6915",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/6915"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2003-02-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "miniserv.pl in (1) Webmin before 1.070 and (2) Usermin before 1.000 does not properly handle metacharacters such as line feeds and carriage returns (CRLF) in Base-64 encoded strings during Basic authentication, which allows remote attackers to spoof a session ID and gain root privileges."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-10-17T13:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "DSA-319",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2003/dsa-319"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.linuxsecurity.com/advisories/gentoo_advisory-2886.html"
        },
        {
          "name": "20030224 GLSA:  usermin (200302-14)",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=104610336226274\u0026w=2"
        },
        {
          "name": "N-058",
          "tags": [
            "third-party-advisory",
            "government-resource",
            "x_refsource_CIAC"
          ],
          "url": "http://www.ciac.org/ciac/bulletins/n-058.shtml"
        },
        {
          "name": "8163",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/8163"
        },
        {
          "name": "MDKSA-2003:025",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRAKE"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:025"
        },
        {
          "name": "HPSBUX0303-250",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://archives.neohapsis.com/archives/hp/2003-q1/0063.html"
        },
        {
          "name": "8115",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/8115"
        },
        {
          "name": "1006160",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1006160"
        },
        {
          "name": "20030224 [SNS Advisory No.62] Webmin/Usermin Session ID Spoofing Vulnerability \"Episode 2\"",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=104610300325629\u0026w=2"
        },
        {
          "name": "ESA-20030225-006",
          "tags": [
            "vendor-advisory",
            "x_refsource_ENGARDE"
          ],
          "url": "http://archives.neohapsis.com/archives/linux/engarde/2003-q1/0008.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://marc.info/?l=webmin-announce\u0026m=104587858408101\u0026w=2"
        },
        {
          "name": "20030224 Webmin 1.050 - 1.060 remote exploit",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=104610245624895\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.lac.co.jp/security/english/snsadv_e/62_e.html"
        },
        {
          "name": "20030602-01-I",
          "tags": [
            "vendor-advisory",
            "x_refsource_SGI"
          ],
          "url": "ftp://patches.sgi.com/support/free/security/advisories/20030602-01-I"
        },
        {
          "name": "webmin-usermin-root-access(11390)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "http://www.iss.net/security_center/static/11390.php"
        },
        {
          "name": "6915",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/6915"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2003-0101",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "miniserv.pl in (1) Webmin before 1.070 and (2) Usermin before 1.000 does not properly handle metacharacters such as line feeds and carriage returns (CRLF) in Base-64 encoded strings during Basic authentication, which allows remote attackers to spoof a session ID and gain root privileges."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-319",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2003/dsa-319"
            },
            {
              "name": "http://www.linuxsecurity.com/advisories/gentoo_advisory-2886.html",
              "refsource": "CONFIRM",
              "url": "http://www.linuxsecurity.com/advisories/gentoo_advisory-2886.html"
            },
            {
              "name": "20030224 GLSA:  usermin (200302-14)",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=104610336226274\u0026w=2"
            },
            {
              "name": "N-058",
              "refsource": "CIAC",
              "url": "http://www.ciac.org/ciac/bulletins/n-058.shtml"
            },
            {
              "name": "8163",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/8163"
            },
            {
              "name": "MDKSA-2003:025",
              "refsource": "MANDRAKE",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:025"
            },
            {
              "name": "HPSBUX0303-250",
              "refsource": "HP",
              "url": "http://archives.neohapsis.com/archives/hp/2003-q1/0063.html"
            },
            {
              "name": "8115",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/8115"
            },
            {
              "name": "1006160",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1006160"
            },
            {
              "name": "20030224 [SNS Advisory No.62] Webmin/Usermin Session ID Spoofing Vulnerability \"Episode 2\"",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=104610300325629\u0026w=2"
            },
            {
              "name": "ESA-20030225-006",
              "refsource": "ENGARDE",
              "url": "http://archives.neohapsis.com/archives/linux/engarde/2003-q1/0008.html"
            },
            {
              "name": "http://marc.info/?l=webmin-announce\u0026m=104587858408101\u0026w=2",
              "refsource": "CONFIRM",
              "url": "http://marc.info/?l=webmin-announce\u0026m=104587858408101\u0026w=2"
            },
            {
              "name": "20030224 Webmin 1.050 - 1.060 remote exploit",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=104610245624895\u0026w=2"
            },
            {
              "name": "http://www.lac.co.jp/security/english/snsadv_e/62_e.html",
              "refsource": "MISC",
              "url": "http://www.lac.co.jp/security/english/snsadv_e/62_e.html"
            },
            {
              "name": "20030602-01-I",
              "refsource": "SGI",
              "url": "ftp://patches.sgi.com/support/free/security/advisories/20030602-01-I"
            },
            {
              "name": "webmin-usermin-root-access(11390)",
              "refsource": "XF",
              "url": "http://www.iss.net/security_center/static/11390.php"
            },
            {
              "name": "6915",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/6915"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2003-0101",
    "datePublished": "2003-02-26T05:00:00",
    "dateReserved": "2003-02-24T00:00:00",
    "dateUpdated": "2024-08-08T01:43:35.586Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2005-1177
Vulnerability from cvelistv5
Published
2005-04-19 04:00
Modified
2024-08-07 21:44
Severity ?
Summary
Unknown vulnerability in (1) Webmin and (2) Usermin before 1.200 causes Webmin to change permissions and ownership of configuration files, with unknown impact.
References
http://www.webmin.com/changes.htmlx_refsource_CONFIRM
http://securitytracker.com/id?1013723vdb-entry, x_refsource_SECTRACK
http://www.webmin.com/uchanges.htmlx_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/20607vdb-entry, x_refsource_XF
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T21:44:05.268Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.webmin.com/changes.html"
          },
          {
            "name": "1013723",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1013723"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.webmin.com/uchanges.html"
          },
          {
            "name": "webmin-config-file-permissions(20607)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20607"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2005-04-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unknown vulnerability in (1) Webmin and (2) Usermin before 1.200 causes Webmin to change permissions and ownership of configuration files, with unknown impact."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.webmin.com/changes.html"
        },
        {
          "name": "1013723",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1013723"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.webmin.com/uchanges.html"
        },
        {
          "name": "webmin-config-file-permissions(20607)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20607"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-1177",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unknown vulnerability in (1) Webmin and (2) Usermin before 1.200 causes Webmin to change permissions and ownership of configuration files, with unknown impact."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.webmin.com/changes.html",
              "refsource": "CONFIRM",
              "url": "http://www.webmin.com/changes.html"
            },
            {
              "name": "1013723",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1013723"
            },
            {
              "name": "http://www.webmin.com/uchanges.html",
              "refsource": "CONFIRM",
              "url": "http://www.webmin.com/uchanges.html"
            },
            {
              "name": "webmin-config-file-permissions(20607)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20607"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2005-1177",
    "datePublished": "2005-04-19T04:00:00",
    "dateReserved": "2005-04-19T00:00:00",
    "dateUpdated": "2024-08-07T21:44:05.268Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Vulnerability from fkie_nvd
Published
2002-08-12 04:00
Modified
2024-11-20 23:39
Severity ?
Summary
(1) Webmin 0.96 and (2) Usermin 0.90 with password timeouts enabled allow local and possibly remote attackers to bypass authentication and gain privileges via certain control characters in the authentication information, which can force Webmin or Usermin to accept arbitrary username/session ID combinations.
References
cve@mitre.orghttp://online.securityfocus.com/archive/1/271466Exploit, Patch, Vendor Advisory
cve@mitre.orghttp://www.iss.net/security_center/static/9037.phpPatch, Vendor Advisory
cve@mitre.orghttp://www.linux-mandrake.com/en/security/2002/MDKSA-2002-033.phpPatch
cve@mitre.orghttp://www.securityfocus.com/bid/4700Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://online.securityfocus.com/archive/1/271466Exploit, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.iss.net/security_center/static/9037.phpPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-033.phpPatch
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/4700Patch, Vendor Advisory
Impacted products
Vendor Product Version
usermin usermin 0.7
usermin usermin 0.8
usermin usermin 0.9
webmin webmin 0.91
webmin webmin 0.92
webmin webmin 0.92.1
webmin webmin 0.93
webmin webmin 0.94
webmin webmin 0.95
webmin webmin 0.96


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD343610-8BE2-4916-AF30-66B21330D84C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D54B4D9-5218-41F9-A701-F960199EE520",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "B352FF6B-989C-4540-B434-9452851F745C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.91:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B0813F3-1886-481E-8822-4BD199C4934F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.92:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D25A7CA-ED9D-4562-8965-D4906D1BE5FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.92.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5C38C77-246F-41A9-A3D5-99C2DDA1DAE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.93:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1F2D028-F2F9-4CE0-A24B-7DB44D488D4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.94:*:*:*:*:*:*:*",
              "matchCriteriaId": "82EE7A9B-5688-4933-95B9-476873D44A65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.95:*:*:*:*:*:*:*",
              "matchCriteriaId": "30A57D7A-B989-4D82-B667-029A245AA6D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.96:*:*:*:*:*:*:*",
              "matchCriteriaId": "C664186B-DD40-490B-B2DE-4279B00102F2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "(1) Webmin 0.96 and (2) Usermin 0.90 with password timeouts enabled allow local and possibly remote attackers to bypass authentication and gain privileges via certain control characters in the authentication information, which can force Webmin or Usermin to accept arbitrary username/session ID combinations."
    },
    {
      "lang": "es",
      "value": "Webmin 0.96 y Usermin 0.90 con tiempo de espera para contrase\u00f1as habilitado, permite a atacantes locales y posiblemente a remotos, evitar la autenticaci\u00f3n y obtener privilegios mediante ciertos caracteres de control en la informaci\u00f3n de autenticaci\u00f3n, que podr\u00eda forzar a Webmin o Usermin a aceptar combinaciones arbitrarias de usuario/sesi\u00f3n (username/session ID)."
    }
  ],
  "id": "CVE-2002-0757",
  "lastModified": "2024-11-20T23:39:48.003",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": true,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2002-08-12T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://online.securityfocus.com/archive/1/271466"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.iss.net/security_center/static/9037.php"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-033.php"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/4700"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://online.securityfocus.com/archive/1/271466"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.iss.net/security_center/static/9037.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-033.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/4700"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:56
Severity ?
Summary
Unknown vulnerability in (1) Webmin and (2) Usermin before 1.200 causes Webmin to change permissions and ownership of configuration files, with unknown impact.
References
cve@mitre.orghttp://securitytracker.com/id?1013723Patch
cve@mitre.orghttp://www.webmin.com/changes.html
cve@mitre.orghttp://www.webmin.com/uchanges.html
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/20607
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1013723Patch
af854a3a-2127-422b-91ae-364da2661108http://www.webmin.com/changes.html
af854a3a-2127-422b-91ae-364da2661108http://www.webmin.com/uchanges.html
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/20607
Impacted products
Vendor Product Version
usermin usermin 0.4
usermin usermin 0.5
usermin usermin 0.6
usermin usermin 0.7
usermin usermin 0.8
usermin usermin 0.9
usermin usermin 0.91
usermin usermin 0.92
usermin usermin 0.93
usermin usermin 0.94
usermin usermin 0.95
usermin usermin 0.96
usermin usermin 0.97
usermin usermin 0.98
usermin usermin 0.99
usermin usermin 1.000
usermin usermin 1.010
usermin usermin 1.020
usermin usermin 1.030
usermin usermin 1.040
usermin usermin 1.051
usermin usermin 1.060
usermin usermin 1.070
usermin usermin 1.080
usermin usermin 1.090
usermin usermin 1.100
usermin usermin 1.110
usermin usermin 1.120
usermin usermin 1.130
usermin usermin 1.140
webmin webmin 0.4
webmin webmin 0.5
webmin webmin 0.6
webmin webmin 0.7
webmin webmin 0.80
webmin webmin 0.90
webmin webmin 0.91
webmin webmin 0.92
webmin webmin 0.93
webmin webmin 0.94
webmin webmin 0.95
webmin webmin 0.96
webmin webmin 0.97
webmin webmin 0.98
webmin webmin 0.99
webmin webmin 1.0.00
webmin webmin 1.0.10
webmin webmin 1.0.20
webmin webmin 1.0.30
webmin webmin 1.0.40
webmin webmin 1.0.51
webmin webmin 1.0.60
webmin webmin 1.0.70
webmin webmin 1.0.80
webmin webmin 1.0.90
webmin webmin 1.1.00
webmin webmin 1.1.10
webmin webmin 1.1.20
webmin webmin 1.1.30
webmin webmin 1.1.40


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AD41B8B-72C0-411F-83E7-A82E1642FA26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "65A99166-28DF-4651-985F-922DBB06687E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F9EACC7-1464-4476-9AA1-50DD902A3489",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD343610-8BE2-4916-AF30-66B21330D84C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D54B4D9-5218-41F9-A701-F960199EE520",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "B352FF6B-989C-4540-B434-9452851F745C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.91:*:*:*:*:*:*:*",
              "matchCriteriaId": "F83F9841-49C7-410A-891F-365BBA043D2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.92:*:*:*:*:*:*:*",
              "matchCriteriaId": "711485C5-F16A-4481-AEE3-E2AF1BAA09DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.93:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD5B9395-DCEA-4615-825E-1C4B42F25E2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.94:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B7162DD-DFE1-478D-B87C-28C393E20941",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.95:*:*:*:*:*:*:*",
              "matchCriteriaId": "A01D1150-FCDE-47F5-BFE6-F06A294D7B29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.96:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D673B88-A9D9-4D22-9531-7F06791BC551",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.97:*:*:*:*:*:*:*",
              "matchCriteriaId": "538021A3-2A6E-446F-B14D-4DCC7A470E55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.98:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB1A2A26-1187-46BE-8EFC-F3C325679245",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.99:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E70B0A6-31C9-4D78-B4B9-E75B45B6368C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.000:*:*:*:*:*:*:*",
              "matchCriteriaId": "C70274C3-7CA0-49A2-B63C-7DAF492CCD0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.010:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7C4A319-0EA6-47E0-831A-27530DCF714E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.020:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1009D90-9851-441B-A2E2-FA5B676E8182",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.030:*:*:*:*:*:*:*",
              "matchCriteriaId": "934A3D3F-CF10-478C-9206-DB468BCA4702",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.040:*:*:*:*:*:*:*",
              "matchCriteriaId": "77B42570-F094-4C25-B246-6439D3FF4B30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.051:*:*:*:*:*:*:*",
              "matchCriteriaId": "69A30BB5-2C3F-4C39-8CDC-CC0CC280384C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.060:*:*:*:*:*:*:*",
              "matchCriteriaId": "753BF8DE-D225-4301-A6A6-50CD60B34234",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.070:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC37A972-11D7-4C85-A8DC-5EDE808629F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.080:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA7131C0-4FE1-4D69-9B21-8A9BFADE2A2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.090:*:*:*:*:*:*:*",
              "matchCriteriaId": "6499BF74-CA64-4192-A45F-0D8B30C1FF37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.100:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0E9BC53-C2EC-43B8-9B5D-40675CF4C335",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.110:*:*:*:*:*:*:*",
              "matchCriteriaId": "4702AEBE-E774-4015-974C-761901D50697",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.120:*:*:*:*:*:*:*",
              "matchCriteriaId": "9AC9875A-3D23-4E4B-9A18-F8F86A62E5DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.130:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AED1941-33C5-4C29-BC85-F43B0BE3920B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.140:*:*:*:*:*:*:*",
              "matchCriteriaId": "D05ED34F-0D69-4A4F-B59B-15437E991075",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "EDACA626-1687-4192-A2E8-C74823B715A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9641C23-B30A-4CB2-A348-BD708F68F90A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0852A462-22ED-422D-A454-0A6E026D9AD0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "97FEF73D-767D-4BF2-AA12-67268719A404",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.80:*:*:*:*:*:*:*",
              "matchCriteriaId": "23522A64-FD03-4C5B-9A8A-5E7CDDC65CEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.90:*:*:*:*:*:*:*",
              "matchCriteriaId": "957C7CA1-DD36-409C-B7E5-01B719B4695E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.91:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B0813F3-1886-481E-8822-4BD199C4934F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.92:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D25A7CA-ED9D-4562-8965-D4906D1BE5FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.93:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1F2D028-F2F9-4CE0-A24B-7DB44D488D4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.94:*:*:*:*:*:*:*",
              "matchCriteriaId": "82EE7A9B-5688-4933-95B9-476873D44A65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.95:*:*:*:*:*:*:*",
              "matchCriteriaId": "30A57D7A-B989-4D82-B667-029A245AA6D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.96:*:*:*:*:*:*:*",
              "matchCriteriaId": "C664186B-DD40-490B-B2DE-4279B00102F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.97:*:*:*:*:*:*:*",
              "matchCriteriaId": "88E1D6C5-20FE-4514-B618-312BB19E5F6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.98:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5017EA5-7188-4293-9FDF-5D23DCB40B12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.99:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF6C5F07-330D-46C5-8A8B-8DF734F4640F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B4A574A-5B2A-4769-B932-E1736564160A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "C644D728-1DD4-48E0-9E42-35E836006F41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9425C1F-5E6A-489A-9A8B-9156E79FEAA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B8347DA-13F8-40E9-B9EA-2703C049AFA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.40:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD9C3443-526E-4D68-9C7E-F3432BECE6C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.51:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC77E1B6-E368-4ECD-8459-69C718CE5409",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.60:*:*:*:*:*:*:*",
              "matchCriteriaId": "D89047FD-39F0-4614-B1EC-D13BAF57405E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.70:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CDF2120-F341-4C2E-88C1-A6C76626BFF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.80:*:*:*:*:*:*:*",
              "matchCriteriaId": "01DFC15C-3513-4E94-B46D-94FEA0D627FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.90:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4E068D3-F6B5-4102-B9FA-949E2FAA33D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.1.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E6BD551-EC6A-4C77-B9E7-B9CF3DC21021",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "01B0FE2D-02BC-4081-B172-64A74389C5F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.1.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "43433ECE-8225-43EE-9F5E-FBB170B60CFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.1.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5ABAE43-0EEF-44D5-AB36-44DA54290122",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.1.40:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD33CE40-DFC9-4BDC-BF4F-9E0B268B8503",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unknown vulnerability in (1) Webmin and (2) Usermin before 1.200 causes Webmin to change permissions and ownership of configuration files, with unknown impact."
    }
  ],
  "id": "CVE-2005-1177",
  "lastModified": "2024-11-20T23:56:47.107",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2005-05-02T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://securitytracker.com/id?1013723"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.webmin.com/changes.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.webmin.com/uchanges.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20607"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://securitytracker.com/id?1013723"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.webmin.com/changes.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.webmin.com/uchanges.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20607"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2004-08-06 04:00
Modified
2024-11-20 23:48
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the web mail module for Usermin 1.070 allows remote attackers to insert arbitrary HTML and script via e-mail messages.
References
cve@mitre.orghttp://marc.info/?l=bugtraq&m=108781564518287&w=2
cve@mitre.orghttp://www.gentoo.org/security/en/glsa/glsa-200406-15.xmlPatch, Vendor Advisory
cve@mitre.orghttp://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/73_e.html
cve@mitre.orghttp://www.securityfocus.com/bid/10521Patch
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/16494
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=108781564518287&w=2
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-200406-15.xmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/73_e.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/10521Patch
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/16494
Impacted products
Vendor Product Version
usermin usermin 1.070


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.070:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC37A972-11D7-4C85-A8DC-5EDE808629F8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in the web mail module for Usermin 1.070 allows remote attackers to insert arbitrary HTML and script via e-mail messages."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el m\u00f3dulo de correo web de Usermin 1.070 permite a atacantes remotos insertar HTML y scrpit de su elecci\u00f3n mediante mensajes de correo electr\u00f3nico."
    }
  ],
  "evaluatorSolution": "This vulnerability is addressed in the following product update:\r\nUsermin, Usermin, 1.080",
  "id": "CVE-2004-0588",
  "lastModified": "2024-11-20T23:48:55.223",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2004-08-06T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=108781564518287\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200406-15.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/73_e.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/10521"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16494"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=108781564518287\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200406-15.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/73_e.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/10521"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16494"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:50
Severity ?
Summary
The web mail functionality in Usermin 1.x and Webmin 1.x allows remote attackers to execute arbitrary commands via shell metacharacters in an e-mail message.
References
cve@mitre.orghttp://secunia.com/advisories/12488/Patch
cve@mitre.orghttp://www.gentoo.org/security/en/glsa/glsa-200409-15.xmlPatch
cve@mitre.orghttp://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/77_e.html
cve@mitre.orghttp://www.securityfocus.com/bid/11122Exploit, Patch
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/17293
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/12488/Patch
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-200409-15.xmlPatch
af854a3a-2127-422b-91ae-364da2661108http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/77_e.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/11122Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/17293
Impacted products
Vendor Product Version
usermin usermin 1.000
usermin usermin 1.010
usermin usermin 1.020
usermin usermin 1.030
usermin usermin 1.040
usermin usermin 1.051
usermin usermin 1.060
usermin usermin 1.070
usermin usermin 1.080
webmin webmin 1.0.00
webmin webmin 1.0.20
webmin webmin 1.0.50
webmin webmin 1.0.60
webmin webmin 1.0.70
webmin webmin 1.0.80
webmin webmin 1.0.90
webmin webmin 1.1.00
webmin webmin 1.1.10
webmin webmin 1.1.21
webmin webmin 1.1.30
webmin webmin 1.1.40
webmin webmin 1.1.50


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.000:*:*:*:*:*:*:*",
              "matchCriteriaId": "C70274C3-7CA0-49A2-B63C-7DAF492CCD0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.010:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7C4A319-0EA6-47E0-831A-27530DCF714E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.020:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1009D90-9851-441B-A2E2-FA5B676E8182",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.030:*:*:*:*:*:*:*",
              "matchCriteriaId": "934A3D3F-CF10-478C-9206-DB468BCA4702",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.040:*:*:*:*:*:*:*",
              "matchCriteriaId": "77B42570-F094-4C25-B246-6439D3FF4B30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.051:*:*:*:*:*:*:*",
              "matchCriteriaId": "69A30BB5-2C3F-4C39-8CDC-CC0CC280384C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.060:*:*:*:*:*:*:*",
              "matchCriteriaId": "753BF8DE-D225-4301-A6A6-50CD60B34234",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.070:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC37A972-11D7-4C85-A8DC-5EDE808629F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.080:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA7131C0-4FE1-4D69-9B21-8A9BFADE2A2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B4A574A-5B2A-4769-B932-E1736564160A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9425C1F-5E6A-489A-9A8B-9156E79FEAA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.50:*:*:*:*:*:*:*",
              "matchCriteriaId": "C968FBE9-191A-40B1-9A69-BF24511E40B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.60:*:*:*:*:*:*:*",
              "matchCriteriaId": "D89047FD-39F0-4614-B1EC-D13BAF57405E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.70:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CDF2120-F341-4C2E-88C1-A6C76626BFF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.80:*:*:*:*:*:*:*",
              "matchCriteriaId": "01DFC15C-3513-4E94-B46D-94FEA0D627FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.90:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4E068D3-F6B5-4102-B9FA-949E2FAA33D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.1.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E6BD551-EC6A-4C77-B9E7-B9CF3DC21021",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "01B0FE2D-02BC-4081-B172-64A74389C5F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.1.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "1615ACA2-32CC-48B7-AB5A-0BB0FDA7F190",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.1.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5ABAE43-0EEF-44D5-AB36-44DA54290122",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.1.40:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD33CE40-DFC9-4BDC-BF4F-9E0B268B8503",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.1.50:*:*:*:*:*:*:*",
              "matchCriteriaId": "8608F5A2-B6FA-43C6-9862-43DBAF01EB1C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The web mail functionality in Usermin 1.x and Webmin 1.x allows remote attackers to execute arbitrary commands via shell metacharacters in an e-mail message."
    }
  ],
  "id": "CVE-2004-1468",
  "lastModified": "2024-11-20T23:50:57.420",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": true,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2004-12-31T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://secunia.com/advisories/12488/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200409-15.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/77_e.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/11122"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17293"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://secunia.com/advisories/12488/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200409-15.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/77_e.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/11122"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17293"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2004-08-06 04:00
Modified
2024-11-20 23:48
Severity ?
Summary
The account lockout functionality in (1) Webmin 1.140 and (2) Usermin 1.070 does not parse certain character strings, which allows remote attackers to conduct a brute force attack to guess user IDs and passwords.
References
cve@mitre.orghttp://marc.info/?l=bugtraq&m=108737059313829&w=2
cve@mitre.orghttp://www.debian.org/security/2004/dsa-526
cve@mitre.orghttp://www.gentoo.org/security/en/glsa/glsa-200406-12.xml
cve@mitre.orghttp://www.gentoo.org/security/en/glsa/glsa-200406-15.xml
cve@mitre.orghttp://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/75_e.html
cve@mitre.orghttp://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:074
cve@mitre.orghttp://www.securityfocus.com/bid/10474Patch, Vendor Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/10523Patch, Vendor Advisory
cve@mitre.orghttp://www.webmin.com/changes-1.150.html
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/16334
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=108737059313829&w=2
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2004/dsa-526
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-200406-12.xml
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-200406-15.xml
af854a3a-2127-422b-91ae-364da2661108http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/75_e.html
af854a3a-2127-422b-91ae-364da2661108http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:074
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/10474Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/10523Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.webmin.com/changes-1.150.html
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/16334
Impacted products
Vendor Product Version
usermin usermin 1.070
webmin webmin 1.1.40
debian debian_linux 3.0
debian debian_linux 3.0
debian debian_linux 3.0
debian debian_linux 3.0
debian debian_linux 3.0
debian debian_linux 3.0
debian debian_linux 3.0
debian debian_linux 3.0
debian debian_linux 3.0
debian debian_linux 3.0
debian debian_linux 3.0
debian debian_linux 3.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.070:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC37A972-11D7-4C85-A8DC-5EDE808629F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.1.40:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD33CE40-DFC9-4BDC-BF4F-9E0B268B8503",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CAE037F-111C-4A76-8FFE-716B74D65EF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:alpha:*:*:*:*:*",
              "matchCriteriaId": "A6B060E4-B5A6-4469-828E-211C52542547",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:arm:*:*:*:*:*",
              "matchCriteriaId": "974C3541-990C-4CD4-A05A-38FA74A84632",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:hppa:*:*:*:*:*",
              "matchCriteriaId": "6CBF1E0F-C7F3-4F83-9E60-6E63FA7D2775",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:ia-32:*:*:*:*:*",
              "matchCriteriaId": "58792F77-B06F-4780-BA25-FE1EE6C3FDD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:ia-64:*:*:*:*:*",
              "matchCriteriaId": "C9419322-572F-4BB6-8416-C5E96541CF33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:m68k:*:*:*:*:*",
              "matchCriteriaId": "BFC50555-C084-46A3-9C9F-949C5E3BB448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:mips:*:*:*:*:*",
              "matchCriteriaId": "9C25D6E1-D283-4CEA-B47B-60C47A5C0797",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:mipsel:*:*:*:*:*",
              "matchCriteriaId": "AD18A446-C634-417E-86AC-B19B6DDDC856",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:ppc:*:*:*:*:*",
              "matchCriteriaId": "E4BB852E-61B2-4842-989F-C6C0C901A8D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:s-390:*:*:*:*:*",
              "matchCriteriaId": "24DD9D59-E2A2-4116-A887-39E8CC2004FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:sparc:*:*:*:*:*",
              "matchCriteriaId": "F28D7457-607E-4E0C-909A-413F91CFCD82",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The account lockout functionality in (1) Webmin 1.140 and (2) Usermin 1.070 does not parse certain character strings, which allows remote attackers to conduct a brute force attack to guess user IDs and passwords."
    },
    {
      "lang": "es",
      "value": "La funcionalidad lockout en (1)Webmin 1.140 y (2) Usermin 1.070 no process ciertas cadenas de caract\u00e9reis, lo que permite a atacanetes remotos conducir un ataque de fuerza bruta para averiguar IDs de usuario y contrase\u00f1as."
    }
  ],
  "id": "CVE-2004-0583",
  "lastModified": "2024-11-20T23:48:54.647",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2004-08-06T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=108737059313829\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2004/dsa-526"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200406-12.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200406-15.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/75_e.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:074"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/10474"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/10523"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.webmin.com/changes-1.150.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16334"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=108737059313829\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2004/dsa-526"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200406-12.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200406-15.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/75_e.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:074"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/10474"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/10523"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.webmin.com/changes-1.150.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16334"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2006-09-19 18:07
Modified
2024-11-21 00:15
Severity ?
Summary
Usermin before 1.220 (20060629) allows remote attackers to read arbitrary files, possibly related to chfn/save.cgi not properly handling an empty shell parameter, which results in changing root's shell instead of the shell of a specified user.
References
security@debian.orghttp://secunia.com/advisories/21968Vendor Advisory
security@debian.orghttp://secunia.com/advisories/21981Patch, Vendor Advisory
security@debian.orghttp://sourceforge.net/tracker/index.php?func=detail&aid=1509145&group_id=17457&atid=485894Patch
security@debian.orghttp://www.debian.org/security/2006/dsa-1177Patch
security@debian.orghttp://www.osreviews.net/reviews/admin/usermin
security@debian.orghttp://www.securityfocus.com/bid/18574Patch
security@debian.orghttp://www.vupen.com/english/advisories/2006/3668
security@debian.orghttp://www.webmin.com/uchanges.htmlPatch
security@debian.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/29010
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/21968Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/21981Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://sourceforge.net/tracker/index.php?func=detail&aid=1509145&group_id=17457&atid=485894Patch
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2006/dsa-1177Patch
af854a3a-2127-422b-91ae-364da2661108http://www.osreviews.net/reviews/admin/usermin
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/18574Patch
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/3668
af854a3a-2127-422b-91ae-364da2661108http://www.webmin.com/uchanges.htmlPatch
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/29010
Impacted products
Vendor Product Version
usermin usermin *
usermin usermin 0.4
usermin usermin 0.5
usermin usermin 0.6
usermin usermin 0.7
usermin usermin 0.8
usermin usermin 0.9
usermin usermin 0.91
usermin usermin 0.92
usermin usermin 0.93
usermin usermin 0.94
usermin usermin 0.95
usermin usermin 0.96
usermin usermin 0.97
usermin usermin 0.98
usermin usermin 0.99
usermin usermin 1.000
usermin usermin 1.010
usermin usermin 1.020
usermin usermin 1.030
usermin usermin 1.040
usermin usermin 1.051
usermin usermin 1.060
usermin usermin 1.070
usermin usermin 1.080
usermin usermin 1.090
usermin usermin 1.100
usermin usermin 1.110
usermin usermin 1.120
usermin usermin 1.130
usermin usermin 1.140
usermin usermin 1.150


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:usermin:usermin:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "26B92F53-3598-44F5-8CE1-A04A28EFF92E",
              "versionEndIncluding": "1.210",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AD41B8B-72C0-411F-83E7-A82E1642FA26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "65A99166-28DF-4651-985F-922DBB06687E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F9EACC7-1464-4476-9AA1-50DD902A3489",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD343610-8BE2-4916-AF30-66B21330D84C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D54B4D9-5218-41F9-A701-F960199EE520",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "B352FF6B-989C-4540-B434-9452851F745C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.91:*:*:*:*:*:*:*",
              "matchCriteriaId": "F83F9841-49C7-410A-891F-365BBA043D2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.92:*:*:*:*:*:*:*",
              "matchCriteriaId": "711485C5-F16A-4481-AEE3-E2AF1BAA09DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.93:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD5B9395-DCEA-4615-825E-1C4B42F25E2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.94:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B7162DD-DFE1-478D-B87C-28C393E20941",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.95:*:*:*:*:*:*:*",
              "matchCriteriaId": "A01D1150-FCDE-47F5-BFE6-F06A294D7B29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.96:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D673B88-A9D9-4D22-9531-7F06791BC551",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.97:*:*:*:*:*:*:*",
              "matchCriteriaId": "538021A3-2A6E-446F-B14D-4DCC7A470E55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.98:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB1A2A26-1187-46BE-8EFC-F3C325679245",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.99:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E70B0A6-31C9-4D78-B4B9-E75B45B6368C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.000:*:*:*:*:*:*:*",
              "matchCriteriaId": "C70274C3-7CA0-49A2-B63C-7DAF492CCD0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.010:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7C4A319-0EA6-47E0-831A-27530DCF714E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.020:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1009D90-9851-441B-A2E2-FA5B676E8182",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.030:*:*:*:*:*:*:*",
              "matchCriteriaId": "934A3D3F-CF10-478C-9206-DB468BCA4702",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.040:*:*:*:*:*:*:*",
              "matchCriteriaId": "77B42570-F094-4C25-B246-6439D3FF4B30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.051:*:*:*:*:*:*:*",
              "matchCriteriaId": "69A30BB5-2C3F-4C39-8CDC-CC0CC280384C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.060:*:*:*:*:*:*:*",
              "matchCriteriaId": "753BF8DE-D225-4301-A6A6-50CD60B34234",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.070:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC37A972-11D7-4C85-A8DC-5EDE808629F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.080:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA7131C0-4FE1-4D69-9B21-8A9BFADE2A2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.090:*:*:*:*:*:*:*",
              "matchCriteriaId": "6499BF74-CA64-4192-A45F-0D8B30C1FF37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.100:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0E9BC53-C2EC-43B8-9B5D-40675CF4C335",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.110:*:*:*:*:*:*:*",
              "matchCriteriaId": "4702AEBE-E774-4015-974C-761901D50697",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.120:*:*:*:*:*:*:*",
              "matchCriteriaId": "9AC9875A-3D23-4E4B-9A18-F8F86A62E5DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.130:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AED1941-33C5-4C29-BC85-F43B0BE3920B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.140:*:*:*:*:*:*:*",
              "matchCriteriaId": "D05ED34F-0D69-4A4F-B59B-15437E991075",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.150:*:*:*:*:*:*:*",
              "matchCriteriaId": "B443FCF7-5949-4084-BA55-74F45A8ADB66",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Usermin before 1.220 (20060629) allows remote attackers to read arbitrary files, possibly related to chfn/save.cgi not properly handling an empty shell parameter, which results in changing root\u0027s shell instead of the shell of a specified user."
    },
    {
      "lang": "es",
      "value": "Usermin anterior a 1.220 (20060629) permite a atacantes remotos leer ficheros de su elecci\u00f3n, posiblemente relacionado con que chfn/save.cgi no est\u00e1 manejando adecuadamente un par\u00e1metro shell vac\u00edo, lo cual provoca un cambio al shell de root en vez de al shell del usuario especificado."
    }
  ],
  "evaluatorSolution": "This vulnerability is addressed in the following product release:\r\nWebmin, Usermin, 1.220",
  "id": "CVE-2006-4246",
  "lastModified": "2024-11-21T00:15:29.027",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 3.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-09-19T18:07:00.000",
  "references": [
    {
      "source": "security@debian.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21968"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21981"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Patch"
      ],
      "url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1509145\u0026group_id=17457\u0026atid=485894"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.debian.org/security/2006/dsa-1177"
    },
    {
      "source": "security@debian.org",
      "url": "http://www.osreviews.net/reviews/admin/usermin"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/18574"
    },
    {
      "source": "security@debian.org",
      "url": "http://www.vupen.com/english/advisories/2006/3668"
    },
    {
      "source": "security@debian.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.webmin.com/uchanges.html"
    },
    {
      "source": "security@debian.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29010"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21968"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21981"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1509145\u0026group_id=17457\u0026atid=485894"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.debian.org/security/2006/dsa-1177"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osreviews.net/reviews/admin/usermin"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/18574"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/3668"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.webmin.com/uchanges.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29010"
    }
  ],
  "sourceIdentifier": "security@debian.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2007-03-05 20:19
Modified
2024-11-21 00:27
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in chooser.cgi in Webmin before 1.330 and Usermin before 1.260 allow remote attackers to inject arbitrary web script or HTML via a crafted filename.
References
cve@mitre.orghttp://osvdb.org/33832
cve@mitre.orghttp://secunia.com/advisories/24321Vendor Advisory
cve@mitre.orghttp://www.securitytracker.com/id?1017711
cve@mitre.orghttp://www.vupen.com/english/advisories/2007/0780Vendor Advisory
cve@mitre.orghttp://www.webmin.com/changes-1.330.html
cve@mitre.orghttp://www.webmin.com/security.html
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/32725
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/33832
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/24321Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1017711
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/0780Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.webmin.com/changes-1.330.html
af854a3a-2127-422b-91ae-364da2661108http://www.webmin.com/security.html
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/32725
Impacted products
Vendor Product Version
usermin usermin 1.000
usermin usermin 1.010
usermin usermin 1.020
usermin usermin 1.030
usermin usermin 1.040
usermin usermin 1.051
usermin usermin 1.060
usermin usermin 1.070
usermin usermin 1.080
usermin usermin 1.090
usermin usermin 1.100
usermin usermin 1.110
usermin usermin 1.120
usermin usermin 1.130
usermin usermin 1.140
usermin usermin 1.150
usermin usermin 1.210
usermin usermin 1.220
usermin usermin 1.230
usermin usermin 1.240
usermin usermin 1.250
webmin webmin 1.0.00
webmin webmin 1.0.10
webmin webmin 1.0.20
webmin webmin 1.0.30
webmin webmin 1.0.40
webmin webmin 1.0.50
webmin webmin 1.0.51
webmin webmin 1.0.60
webmin webmin 1.0.70
webmin webmin 1.0.80
webmin webmin 1.0.90
webmin webmin 1.1.00
webmin webmin 1.1.10
webmin webmin 1.1.20
webmin webmin 1.1.21
webmin webmin 1.1.30
webmin webmin 1.1.40
webmin webmin 1.1.50
webmin webmin 1.2.20
webmin webmin 1.2.30
webmin webmin 1.2.40
webmin webmin 1.2.50
webmin webmin 1.3.20


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.000:*:*:*:*:*:*:*",
              "matchCriteriaId": "C70274C3-7CA0-49A2-B63C-7DAF492CCD0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.010:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7C4A319-0EA6-47E0-831A-27530DCF714E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.020:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1009D90-9851-441B-A2E2-FA5B676E8182",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.030:*:*:*:*:*:*:*",
              "matchCriteriaId": "934A3D3F-CF10-478C-9206-DB468BCA4702",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.040:*:*:*:*:*:*:*",
              "matchCriteriaId": "77B42570-F094-4C25-B246-6439D3FF4B30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.051:*:*:*:*:*:*:*",
              "matchCriteriaId": "69A30BB5-2C3F-4C39-8CDC-CC0CC280384C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.060:*:*:*:*:*:*:*",
              "matchCriteriaId": "753BF8DE-D225-4301-A6A6-50CD60B34234",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.070:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC37A972-11D7-4C85-A8DC-5EDE808629F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.080:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA7131C0-4FE1-4D69-9B21-8A9BFADE2A2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.090:*:*:*:*:*:*:*",
              "matchCriteriaId": "6499BF74-CA64-4192-A45F-0D8B30C1FF37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.100:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0E9BC53-C2EC-43B8-9B5D-40675CF4C335",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.110:*:*:*:*:*:*:*",
              "matchCriteriaId": "4702AEBE-E774-4015-974C-761901D50697",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.120:*:*:*:*:*:*:*",
              "matchCriteriaId": "9AC9875A-3D23-4E4B-9A18-F8F86A62E5DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.130:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AED1941-33C5-4C29-BC85-F43B0BE3920B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.140:*:*:*:*:*:*:*",
              "matchCriteriaId": "D05ED34F-0D69-4A4F-B59B-15437E991075",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.150:*:*:*:*:*:*:*",
              "matchCriteriaId": "B443FCF7-5949-4084-BA55-74F45A8ADB66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.210:*:*:*:*:*:*:*",
              "matchCriteriaId": "D42C312D-82DE-48A5-9FDE-00D547A57416",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.220:*:*:*:*:*:*:*",
              "matchCriteriaId": "278FE0A3-D3F2-4C36-BD87-CE3E349B6D0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.230:*:*:*:*:*:*:*",
              "matchCriteriaId": "5083E992-E844-4101-ADE2-123FAA1E35BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.240:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B322237-AA34-4D87-ADB4-7AF4EB01E71E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.250:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F399AAA-68FC-41AF-B701-219D1D5373CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B4A574A-5B2A-4769-B932-E1736564160A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "C644D728-1DD4-48E0-9E42-35E836006F41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9425C1F-5E6A-489A-9A8B-9156E79FEAA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B8347DA-13F8-40E9-B9EA-2703C049AFA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.40:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD9C3443-526E-4D68-9C7E-F3432BECE6C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.50:*:*:*:*:*:*:*",
              "matchCriteriaId": "C968FBE9-191A-40B1-9A69-BF24511E40B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.51:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC77E1B6-E368-4ECD-8459-69C718CE5409",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.60:*:*:*:*:*:*:*",
              "matchCriteriaId": "D89047FD-39F0-4614-B1EC-D13BAF57405E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.70:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CDF2120-F341-4C2E-88C1-A6C76626BFF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.80:*:*:*:*:*:*:*",
              "matchCriteriaId": "01DFC15C-3513-4E94-B46D-94FEA0D627FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.90:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4E068D3-F6B5-4102-B9FA-949E2FAA33D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.1.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E6BD551-EC6A-4C77-B9E7-B9CF3DC21021",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "01B0FE2D-02BC-4081-B172-64A74389C5F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.1.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "43433ECE-8225-43EE-9F5E-FBB170B60CFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.1.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "1615ACA2-32CC-48B7-AB5A-0BB0FDA7F190",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.1.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5ABAE43-0EEF-44D5-AB36-44DA54290122",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.1.40:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD33CE40-DFC9-4BDC-BF4F-9E0B268B8503",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.1.50:*:*:*:*:*:*:*",
              "matchCriteriaId": "8608F5A2-B6FA-43C6-9862-43DBAF01EB1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.2.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "E815171B-B054-450F-A9B3-2D522161DD02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.2.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD941A62-A41E-41CB-80C0-8B780AC39FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.2.40:*:*:*:*:*:*:*",
              "matchCriteriaId": "786287DD-2565-4931-BBA0-2CACD7671352",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.2.50:*:*:*:*:*:*:*",
              "matchCriteriaId": "4784DC04-D2C5-46C6-831F-23D69B4B0513",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.3.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C02919F-4201-4D1E-8395-04C6A7193077",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in chooser.cgi in Webmin before 1.330 and Usermin before 1.260 allow remote attackers to inject arbitrary web script or HTML via a crafted filename."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de tipo cross-site scripting (XSS) en el archivo chooser.cgi en Webmin versiones anteriores a 1.330 y Usermin versiones anteriores a 1.260, permite a atacantes remotos inyectar script web o HTML arbitrario por medio de un nombre de archivo dise\u00f1ado."
    }
  ],
  "id": "CVE-2007-1276",
  "lastModified": "2024-11-21T00:27:56.040",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2007-03-05T20:19:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/33832"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/24321"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1017711"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/0780"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.webmin.com/changes-1.330.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.webmin.com/security.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32725"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/33832"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/24321"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1017711"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/0780"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.webmin.com/changes-1.330.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.webmin.com/security.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32725"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2002-08-12 04:00
Modified
2024-11-20 23:39
Severity ?
Summary
Cross-site scripting vulnerability in the authentication page for (1) Webmin 0.96 and (2) Usermin 0.90 allows remote attackers to insert script into an error page and possibly steal cookies.
References
cve@mitre.orghttp://archives.neohapsis.com/archives/bugtraq/2002-05/0040.htmlPatch, Vendor Advisory
cve@mitre.orghttp://www.iss.net/security_center/static/9036.phpPatch, Vendor Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/4694Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://archives.neohapsis.com/archives/bugtraq/2002-05/0040.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.iss.net/security_center/static/9036.phpPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/4694Patch, Vendor Advisory
Impacted products
Vendor Product Version
usermin usermin 0.7
usermin usermin 0.8
usermin usermin 0.9
webmin webmin 0.91
webmin webmin 0.92
webmin webmin 0.92.1
webmin webmin 0.93
webmin webmin 0.94
webmin webmin 0.95
webmin webmin 0.96


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD343610-8BE2-4916-AF30-66B21330D84C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D54B4D9-5218-41F9-A701-F960199EE520",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "B352FF6B-989C-4540-B434-9452851F745C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.91:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B0813F3-1886-481E-8822-4BD199C4934F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.92:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D25A7CA-ED9D-4562-8965-D4906D1BE5FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.92.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5C38C77-246F-41A9-A3D5-99C2DDA1DAE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.93:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1F2D028-F2F9-4CE0-A24B-7DB44D488D4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.94:*:*:*:*:*:*:*",
              "matchCriteriaId": "82EE7A9B-5688-4933-95B9-476873D44A65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.95:*:*:*:*:*:*:*",
              "matchCriteriaId": "30A57D7A-B989-4D82-B667-029A245AA6D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.96:*:*:*:*:*:*:*",
              "matchCriteriaId": "C664186B-DD40-490B-B2DE-4279B00102F2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting vulnerability in the authentication page for (1) Webmin 0.96 and (2) Usermin 0.90 allows remote attackers to insert script into an error page and possibly steal cookies."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados en la p\u00e1gina de autenticaci\u00f3n de:\r\n\r\n Webmin 0.96\r\n Usermin 0.90\r\n\r\nque permite  a atacantes remotos la inserci\u00f3n de c\u00f3digo en una p\u00e1gina de error y posiblemente el robo de cookies."
    }
  ],
  "id": "CVE-2002-0756",
  "lastModified": "2024-11-20T23:39:47.873",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": true,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2002-08-12T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://archives.neohapsis.com/archives/bugtraq/2002-05/0040.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.iss.net/security_center/static/9036.php"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/4694"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://archives.neohapsis.com/archives/bugtraq/2002-05/0040.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.iss.net/security_center/static/9036.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/4694"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2005-09-22 10:03
Modified
2024-11-21 00:00
Severity ?
Summary
miniserv.pl in Webmin before 1.230 and Usermin before 1.160, when "full PAM conversations" is enabled, allows remote attackers to bypass authentication by spoofing session IDs via certain metacharacters (line feed or carriage return).
References
cve@mitre.orghttp://archives.neohapsis.com/archives/bugtraq/2005-09/0257.htmlPatch, Vendor Advisory
cve@mitre.orghttp://jvn.jp/jp/JVN%2340940493/index.html
cve@mitre.orghttp://secunia.com/advisories/16858Patch, Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/17282
cve@mitre.orghttp://securityreason.com/securityalert/17
cve@mitre.orghttp://www.gentoo.org/security/en/glsa/glsa-200509-17.xml
cve@mitre.orghttp://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/83_e.htmlPatch, Vendor Advisory
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDKSA-2005:176
cve@mitre.orghttp://www.novell.com/linux/security/advisories/2005_24_sr.html
cve@mitre.orghttp://www.osvdb.org/19575
cve@mitre.orghttp://www.securityfocus.com/bid/14889
cve@mitre.orghttp://www.vupen.com/english/advisories/2005/1791
cve@mitre.orghttp://www.webmin.com/changes-1.230.htmlPatch
cve@mitre.orghttp://www.webmin.com/uchanges-1.160.html
af854a3a-2127-422b-91ae-364da2661108http://archives.neohapsis.com/archives/bugtraq/2005-09/0257.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://jvn.jp/jp/JVN%2340940493/index.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/16858Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/17282
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/17
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-200509-17.xml
af854a3a-2127-422b-91ae-364da2661108http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/83_e.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2005:176
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2005_24_sr.html
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/19575
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/14889
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2005/1791
af854a3a-2127-422b-91ae-364da2661108http://www.webmin.com/changes-1.230.htmlPatch
af854a3a-2127-422b-91ae-364da2661108http://www.webmin.com/uchanges-1.160.html
Impacted products
Vendor Product Version
usermin usermin 1.150
webmin webmin 1.2.20


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.150:*:*:*:*:*:*:*",
              "matchCriteriaId": "B443FCF7-5949-4084-BA55-74F45A8ADB66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.2.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "E815171B-B054-450F-A9B3-2D522161DD02",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "miniserv.pl in Webmin before 1.230 and Usermin before 1.160, when \"full PAM conversations\" is enabled, allows remote attackers to bypass authentication by spoofing session IDs via certain metacharacters (line feed or carriage return)."
    }
  ],
  "id": "CVE-2005-3042",
  "lastModified": "2024-11-21T00:00:59.760",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2005-09-22T10:03:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://archives.neohapsis.com/archives/bugtraq/2005-09/0257.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://jvn.jp/jp/JVN%2340940493/index.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/16858"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/17282"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/17"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200509-17.xml"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/83_e.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:176"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.novell.com/linux/security/advisories/2005_24_sr.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/19575"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/14889"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2005/1791"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.webmin.com/changes-1.230.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.webmin.com/uchanges-1.160.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://archives.neohapsis.com/archives/bugtraq/2005-09/0257.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://jvn.jp/jp/JVN%2340940493/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/16858"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/17282"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/17"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200509-17.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/83_e.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:176"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2005_24_sr.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/19575"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/14889"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2005/1791"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.webmin.com/changes-1.230.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.webmin.com/uchanges-1.160.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2006-07-06 20:05
Modified
2024-11-21 00:13
Severity ?
Summary
Webmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML, which allows remote attackers to read arbitrary files, as demonstrated using "..%01" sequences, which bypass the removal of "../" sequences before bytes such as "%01" are removed from the filename. NOTE: This is a different issue than CVE-2006-3274.
References
cve@mitre.orghttp://attrition.org/pipermail/vim/2006-July/000923.html
cve@mitre.orghttp://attrition.org/pipermail/vim/2006-June/000912.html
cve@mitre.orghttp://secunia.com/advisories/20892Patch, Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/21105Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/21365Patch, Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/22556Vendor Advisory
cve@mitre.orghttp://security.gentoo.org/glsa/glsa-200608-11.xml
cve@mitre.orghttp://www.debian.org/security/2006/dsa-1199
cve@mitre.orghttp://www.kb.cert.org/vuls/id/999601US Government Resource
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDKSA-2006:125
cve@mitre.orghttp://www.osvdb.org/26772Patch
cve@mitre.orghttp://www.securityfocus.com/archive/1/439653/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/440125/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/440466/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/archive/1/440493/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/18744
cve@mitre.orghttp://www.vupen.com/english/advisories/2006/2612Vendor Advisory
cve@mitre.orghttp://www.webmin.com/changes.html
af854a3a-2127-422b-91ae-364da2661108http://attrition.org/pipermail/vim/2006-July/000923.html
af854a3a-2127-422b-91ae-364da2661108http://attrition.org/pipermail/vim/2006-June/000912.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/20892Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/21105Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/21365Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/22556Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://security.gentoo.org/glsa/glsa-200608-11.xml
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2006/dsa-1199
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/999601US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2006:125
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/26772Patch
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/439653/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/440125/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/440466/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/440493/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/18744
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/2612Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.webmin.com/changes.html
Impacted products
Vendor Product Version
usermin usermin *
webmin webmin *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:usermin:usermin:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "26B92F53-3598-44F5-8CE1-A04A28EFF92E",
              "versionEndIncluding": "1.210",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A061012-19EE-4A9E-9AFC-75DF24D316C5",
              "versionEndIncluding": "1.2.80",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Webmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML, which allows remote attackers to read arbitrary files, as demonstrated using \"..%01\" sequences, which bypass the removal of \"../\" sequences before bytes such as \"%01\" are removed from the filename.  NOTE: This is a different issue than CVE-2006-3274."
    },
    {
      "lang": "es",
      "value": "Las aplicaciones Webmin antes de su versi\u00f3n 1.290 y Usermin antes de la 1.220 llaman a la funci\u00f3n simplify_path antes de decodificar HTML, lo que permite a atacantes remotos leer ficheros arbitrarios, como se ha demostrado utilizando secuencias \"..% 01\", evitando de esta manera la supresi\u00f3n del nombre de fichero de las secuencias \"../\" anteriores a octetos del estilo de \"%01\". NOTA: Se trata de una vulnerabilidad diferente a CVE-2006-3274."
    }
  ],
  "id": "CVE-2006-3392",
  "lastModified": "2024-11-21T00:13:31.093",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-07-06T20:05:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://attrition.org/pipermail/vim/2006-July/000923.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://attrition.org/pipermail/vim/2006-June/000912.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/20892"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21105"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21365"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22556"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-200608-11.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2006/dsa-1199"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/999601"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:125"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.osvdb.org/26772"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/439653/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/440125/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/440466/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/440493/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/18744"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/2612"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.webmin.com/changes.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://attrition.org/pipermail/vim/2006-July/000923.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://attrition.org/pipermail/vim/2006-June/000912.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/20892"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21105"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21365"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/22556"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200608-11.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2006/dsa-1199"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/999601"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:125"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.osvdb.org/26772"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/439653/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/440125/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/440466/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/440493/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/18744"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/2612"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.webmin.com/changes.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2004-10-20 04:00
Modified
2024-11-20 23:48
Severity ?
Summary
The maketemp.pl script in Usermin 1.070 and 1.080 allows local users to overwrite arbitrary files at install time via a symlink attack on the /tmp/.usermin directory.
References
cve@mitre.orghttp://secunia.com/advisories/12488/Patch, Vendor Advisory
cve@mitre.orghttp://www.gentoo.org/security/en/glsa/glsa-200409-15.xmlPatch, Vendor Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/11153Patch, Vendor Advisory
cve@mitre.orghttp://www.webmin.com/uchanges-1.089.html
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/17299
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/12488/Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.gentoo.org/security/en/glsa/glsa-200409-15.xmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/11153Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.webmin.com/uchanges-1.089.html
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/17299
Impacted products
Vendor Product Version
usermin usermin 1.000
usermin usermin 1.010
usermin usermin 1.020
usermin usermin 1.030
usermin usermin 1.040
usermin usermin 1.051
usermin usermin 1.060
usermin usermin 1.070
usermin usermin 1.080
webmin webmin 1.0.00
webmin webmin 1.0.20
webmin webmin 1.0.50
webmin webmin 1.0.60
webmin webmin 1.0.70
webmin webmin 1.0.80
webmin webmin 1.0.90
webmin webmin 1.1.00
webmin webmin 1.1.10
webmin webmin 1.1.21
webmin webmin 1.1.30
webmin webmin 1.1.40
webmin webmin 1.1.50
mandrakesoft mandrake_linux 9.2
mandrakesoft mandrake_linux 9.2
mandrakesoft mandrake_linux 10.0
mandrakesoft mandrake_linux 10.0
mandrakesoft mandrake_linux_corporate_server 2.1
mandrakesoft mandrake_linux_corporate_server 2.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.000:*:*:*:*:*:*:*",
              "matchCriteriaId": "C70274C3-7CA0-49A2-B63C-7DAF492CCD0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.010:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7C4A319-0EA6-47E0-831A-27530DCF714E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.020:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1009D90-9851-441B-A2E2-FA5B676E8182",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.030:*:*:*:*:*:*:*",
              "matchCriteriaId": "934A3D3F-CF10-478C-9206-DB468BCA4702",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.040:*:*:*:*:*:*:*",
              "matchCriteriaId": "77B42570-F094-4C25-B246-6439D3FF4B30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.051:*:*:*:*:*:*:*",
              "matchCriteriaId": "69A30BB5-2C3F-4C39-8CDC-CC0CC280384C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.060:*:*:*:*:*:*:*",
              "matchCriteriaId": "753BF8DE-D225-4301-A6A6-50CD60B34234",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.070:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC37A972-11D7-4C85-A8DC-5EDE808629F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.080:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA7131C0-4FE1-4D69-9B21-8A9BFADE2A2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B4A574A-5B2A-4769-B932-E1736564160A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9425C1F-5E6A-489A-9A8B-9156E79FEAA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.50:*:*:*:*:*:*:*",
              "matchCriteriaId": "C968FBE9-191A-40B1-9A69-BF24511E40B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.60:*:*:*:*:*:*:*",
              "matchCriteriaId": "D89047FD-39F0-4614-B1EC-D13BAF57405E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.70:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CDF2120-F341-4C2E-88C1-A6C76626BFF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.80:*:*:*:*:*:*:*",
              "matchCriteriaId": "01DFC15C-3513-4E94-B46D-94FEA0D627FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.90:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4E068D3-F6B5-4102-B9FA-949E2FAA33D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.1.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E6BD551-EC6A-4C77-B9E7-B9CF3DC21021",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "01B0FE2D-02BC-4081-B172-64A74389C5F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.1.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "1615ACA2-32CC-48B7-AB5A-0BB0FDA7F190",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.1.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5ABAE43-0EEF-44D5-AB36-44DA54290122",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.1.40:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD33CE40-DFC9-4BDC-BF4F-9E0B268B8503",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.1.50:*:*:*:*:*:*:*",
              "matchCriteriaId": "8608F5A2-B6FA-43C6-9862-43DBAF01EB1C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4177C378-7729-46AB-B49B-C6DAED3200E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:9.2:*:amd64:*:*:*:*:*",
              "matchCriteriaId": "2164D10D-D1A4-418A-A9C8-CA8FAB1E90A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A06E5CD0-8BEC-4F4C-9E11-1FEE0563946C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:amd64:*:*:*:*:*",
              "matchCriteriaId": "A3BDD466-84C9-4CFC-A3A8-7AC0F752FB53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0F0D201-B1DC-4024-AF77-A284673618F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:x86_64:*:*:*:*:*",
              "matchCriteriaId": "052E3862-BFB7-42E7-889D-8590AFA8EF37",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The maketemp.pl script in Usermin 1.070 and 1.080 allows local users to overwrite arbitrary files at install time via a symlink attack on the /tmp/.usermin directory."
    },
    {
      "lang": "es",
      "value": "El script maketemp.pl en Usermin 1.070 y 1.080 permite a usuarios locales sobreescribir ficheros de su elecci\u00f3n durante la instalaci\u00f3n mediante un ataque de enlaces simb\u00f3licos en el directorio /tmp/.usermin"
    }
  ],
  "id": "CVE-2004-0559",
  "lastModified": "2024-11-20T23:48:51.420",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2004-10-20T04:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/12488/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200409-15.xml"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/11153"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.webmin.com/uchanges-1.089.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17299"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/12488/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200409-15.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/11153"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.webmin.com/uchanges-1.089.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17299"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2006-09-05 23:04
Modified
2024-11-21 00:16
Severity ?
Summary
Webmin before 1.296 and Usermin before 1.226 do not properly handle a URL with a null ("%00") character, which allows remote attackers to conduct cross-site scripting (XSS), read CGI program source code, list directories, and possibly execute programs.
References
cve@mitre.orghttp://jvn.jp/jp/JVN%2399776858/index.htmlPatch
cve@mitre.orghttp://secunia.com/advisories/21690Patch, Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/22087
cve@mitre.orghttp://secunia.com/advisories/22114
cve@mitre.orghttp://secunia.com/advisories/22556
cve@mitre.orghttp://securitytracker.com/id?1016776
cve@mitre.orghttp://securitytracker.com/id?1016777
cve@mitre.orghttp://webmin.com/security.htmlPatch
cve@mitre.orghttp://www.debian.org/security/2006/dsa-1199
cve@mitre.orghttp://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/89_e.htmlPatch, Vendor Advisory
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDKSA-2006:170
cve@mitre.orghttp://www.osvdb.org/28337
cve@mitre.orghttp://www.osvdb.org/28338
cve@mitre.orghttp://www.securityfocus.com/bid/19820
cve@mitre.orghttp://www.vupen.com/english/advisories/2006/3424Vendor Advisory
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/28699
af854a3a-2127-422b-91ae-364da2661108http://jvn.jp/jp/JVN%2399776858/index.htmlPatch
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/21690Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/22087
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/22114
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/22556
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1016776
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1016777
af854a3a-2127-422b-91ae-364da2661108http://webmin.com/security.htmlPatch
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2006/dsa-1199
af854a3a-2127-422b-91ae-364da2661108http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/89_e.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2006:170
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/28337
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/28338
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/19820
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/3424Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/28699
Impacted products
Vendor Product Version
usermin usermin *
usermin usermin 0.4
usermin usermin 0.5
usermin usermin 0.6
usermin usermin 0.7
usermin usermin 0.8
usermin usermin 0.9
usermin usermin 0.91
usermin usermin 0.92
usermin usermin 0.93
usermin usermin 0.94
usermin usermin 0.95
usermin usermin 0.96
usermin usermin 0.97
usermin usermin 0.98
usermin usermin 0.99
usermin usermin 1.000
usermin usermin 1.010
usermin usermin 1.020
usermin usermin 1.030
usermin usermin 1.040
usermin usermin 1.051
usermin usermin 1.060
usermin usermin 1.070
usermin usermin 1.080
usermin usermin 1.090
usermin usermin 1.100
usermin usermin 1.110
usermin usermin 1.120
usermin usermin 1.130
usermin usermin 1.140
usermin usermin 1.150
usermin usermin 1.210
webmin webmin *
webmin webmin 0.1
webmin webmin 0.2
webmin webmin 0.3
webmin webmin 0.4
webmin webmin 0.5
webmin webmin 0.6
webmin webmin 0.7
webmin webmin 0.21
webmin webmin 0.22
webmin webmin 0.31
webmin webmin 0.41
webmin webmin 0.42
webmin webmin 0.51
webmin webmin 0.76
webmin webmin 0.77
webmin webmin 0.78
webmin webmin 0.79
webmin webmin 0.80
webmin webmin 0.83
webmin webmin 0.84
webmin webmin 0.85
webmin webmin 0.88
webmin webmin 0.90
webmin webmin 0.91
webmin webmin 0.92
webmin webmin 0.92.1
webmin webmin 0.93
webmin webmin 0.94
webmin webmin 0.95
webmin webmin 0.96
webmin webmin 0.97
webmin webmin 0.98
webmin webmin 0.99
webmin webmin 1.0.00
webmin webmin 1.0.10
webmin webmin 1.0.20
webmin webmin 1.0.30
webmin webmin 1.0.40
webmin webmin 1.0.50
webmin webmin 1.0.51
webmin webmin 1.0.60
webmin webmin 1.0.70
webmin webmin 1.0.80
webmin webmin 1.0.90
webmin webmin 1.1.00
webmin webmin 1.1.10
webmin webmin 1.1.20
webmin webmin 1.1.21
webmin webmin 1.1.30
webmin webmin 1.1.40
webmin webmin 1.1.50
webmin webmin 1.2.20
webmin webmin 1.2.30
webmin webmin 1.2.40
webmin webmin 1.2.50
webmin webmin 1.2.60
webmin webmin 1.2.70
webmin webmin 1.2.80


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:usermin:usermin:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "876EE957-11A6-4B93-9EE5-820FD954324F",
              "versionEndIncluding": "1.220",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AD41B8B-72C0-411F-83E7-A82E1642FA26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "65A99166-28DF-4651-985F-922DBB06687E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F9EACC7-1464-4476-9AA1-50DD902A3489",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD343610-8BE2-4916-AF30-66B21330D84C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D54B4D9-5218-41F9-A701-F960199EE520",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "B352FF6B-989C-4540-B434-9452851F745C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.91:*:*:*:*:*:*:*",
              "matchCriteriaId": "F83F9841-49C7-410A-891F-365BBA043D2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.92:*:*:*:*:*:*:*",
              "matchCriteriaId": "711485C5-F16A-4481-AEE3-E2AF1BAA09DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.93:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD5B9395-DCEA-4615-825E-1C4B42F25E2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.94:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B7162DD-DFE1-478D-B87C-28C393E20941",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.95:*:*:*:*:*:*:*",
              "matchCriteriaId": "A01D1150-FCDE-47F5-BFE6-F06A294D7B29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.96:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D673B88-A9D9-4D22-9531-7F06791BC551",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.97:*:*:*:*:*:*:*",
              "matchCriteriaId": "538021A3-2A6E-446F-B14D-4DCC7A470E55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.98:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB1A2A26-1187-46BE-8EFC-F3C325679245",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.99:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E70B0A6-31C9-4D78-B4B9-E75B45B6368C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.000:*:*:*:*:*:*:*",
              "matchCriteriaId": "C70274C3-7CA0-49A2-B63C-7DAF492CCD0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.010:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7C4A319-0EA6-47E0-831A-27530DCF714E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.020:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1009D90-9851-441B-A2E2-FA5B676E8182",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.030:*:*:*:*:*:*:*",
              "matchCriteriaId": "934A3D3F-CF10-478C-9206-DB468BCA4702",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.040:*:*:*:*:*:*:*",
              "matchCriteriaId": "77B42570-F094-4C25-B246-6439D3FF4B30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.051:*:*:*:*:*:*:*",
              "matchCriteriaId": "69A30BB5-2C3F-4C39-8CDC-CC0CC280384C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.060:*:*:*:*:*:*:*",
              "matchCriteriaId": "753BF8DE-D225-4301-A6A6-50CD60B34234",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.070:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC37A972-11D7-4C85-A8DC-5EDE808629F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.080:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA7131C0-4FE1-4D69-9B21-8A9BFADE2A2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.090:*:*:*:*:*:*:*",
              "matchCriteriaId": "6499BF74-CA64-4192-A45F-0D8B30C1FF37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.100:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0E9BC53-C2EC-43B8-9B5D-40675CF4C335",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.110:*:*:*:*:*:*:*",
              "matchCriteriaId": "4702AEBE-E774-4015-974C-761901D50697",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.120:*:*:*:*:*:*:*",
              "matchCriteriaId": "9AC9875A-3D23-4E4B-9A18-F8F86A62E5DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.130:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AED1941-33C5-4C29-BC85-F43B0BE3920B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.140:*:*:*:*:*:*:*",
              "matchCriteriaId": "D05ED34F-0D69-4A4F-B59B-15437E991075",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.150:*:*:*:*:*:*:*",
              "matchCriteriaId": "B443FCF7-5949-4084-BA55-74F45A8ADB66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:1.210:*:*:*:*:*:*:*",
              "matchCriteriaId": "D42C312D-82DE-48A5-9FDE-00D547A57416",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "63F9D04D-D42B-47E1-B63A-BD7C943EB03D",
              "versionEndIncluding": "1.2.90",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "30E3CF12-D0B7-4C7F-96C8-36A3FAFA8EDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C808C470-F0A1-4338-A988-3968EABE78E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C16685C0-94E9-4AE6-8221-1D32112808F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "EDACA626-1687-4192-A2E8-C74823B715A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9641C23-B30A-4CB2-A348-BD708F68F90A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0852A462-22ED-422D-A454-0A6E026D9AD0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "97FEF73D-767D-4BF2-AA12-67268719A404",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "84B5A02C-96AB-46FD-A958-86AC0DFD1F2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB1B8073-C512-4ACA-8E3F-92D46D63FBCF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.31:*:*:*:*:*:*:*",
              "matchCriteriaId": "B368FAD0-39A7-4115-9327-1D32BECF2F7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.41:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B3D7B7A-0426-4176-A759-E96024DC492D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.42:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E3EFDEE-A99B-4D0E-B6A7-E7C285A5DFBC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.51:*:*:*:*:*:*:*",
              "matchCriteriaId": "50C3D4D4-246A-4287-AA42-CFDD0C1AE22A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.76:*:*:*:*:*:*:*",
              "matchCriteriaId": "F05CF0BA-0606-42E5-A631-D302FF1D59F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.77:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A79B7B3-708A-42E4-B4EF-7746F6292DB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.78:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2F06BC0-0418-4A1C-BD4A-B7429A6CEA39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.79:*:*:*:*:*:*:*",
              "matchCriteriaId": "1817FDA9-31F4-4D4A-A867-386D2F1CDB1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.80:*:*:*:*:*:*:*",
              "matchCriteriaId": "23522A64-FD03-4C5B-9A8A-5E7CDDC65CEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.83:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFD94AA9-CABA-4FC8-8367-D5D9D8B4F623",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.84:*:*:*:*:*:*:*",
              "matchCriteriaId": "35B136CA-47BF-46DE-885A-9E74EBDE5306",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.85:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9A3F522-6E6D-446C-8694-7AE91F19F1C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.88:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBB86BC7-4A99-4C5B-9460-CDDA7C4E4041",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.90:*:*:*:*:*:*:*",
              "matchCriteriaId": "957C7CA1-DD36-409C-B7E5-01B719B4695E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.91:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B0813F3-1886-481E-8822-4BD199C4934F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.92:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D25A7CA-ED9D-4562-8965-D4906D1BE5FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.92.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5C38C77-246F-41A9-A3D5-99C2DDA1DAE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.93:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1F2D028-F2F9-4CE0-A24B-7DB44D488D4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.94:*:*:*:*:*:*:*",
              "matchCriteriaId": "82EE7A9B-5688-4933-95B9-476873D44A65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.95:*:*:*:*:*:*:*",
              "matchCriteriaId": "30A57D7A-B989-4D82-B667-029A245AA6D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.96:*:*:*:*:*:*:*",
              "matchCriteriaId": "C664186B-DD40-490B-B2DE-4279B00102F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.97:*:*:*:*:*:*:*",
              "matchCriteriaId": "88E1D6C5-20FE-4514-B618-312BB19E5F6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.98:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5017EA5-7188-4293-9FDF-5D23DCB40B12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:0.99:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF6C5F07-330D-46C5-8A8B-8DF734F4640F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B4A574A-5B2A-4769-B932-E1736564160A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "C644D728-1DD4-48E0-9E42-35E836006F41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9425C1F-5E6A-489A-9A8B-9156E79FEAA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B8347DA-13F8-40E9-B9EA-2703C049AFA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.40:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD9C3443-526E-4D68-9C7E-F3432BECE6C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.50:*:*:*:*:*:*:*",
              "matchCriteriaId": "C968FBE9-191A-40B1-9A69-BF24511E40B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.51:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC77E1B6-E368-4ECD-8459-69C718CE5409",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.60:*:*:*:*:*:*:*",
              "matchCriteriaId": "D89047FD-39F0-4614-B1EC-D13BAF57405E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.70:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CDF2120-F341-4C2E-88C1-A6C76626BFF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.80:*:*:*:*:*:*:*",
              "matchCriteriaId": "01DFC15C-3513-4E94-B46D-94FEA0D627FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.90:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4E068D3-F6B5-4102-B9FA-949E2FAA33D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.1.00:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E6BD551-EC6A-4C77-B9E7-B9CF3DC21021",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "01B0FE2D-02BC-4081-B172-64A74389C5F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.1.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "43433ECE-8225-43EE-9F5E-FBB170B60CFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.1.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "1615ACA2-32CC-48B7-AB5A-0BB0FDA7F190",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.1.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5ABAE43-0EEF-44D5-AB36-44DA54290122",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.1.40:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD33CE40-DFC9-4BDC-BF4F-9E0B268B8503",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.1.50:*:*:*:*:*:*:*",
              "matchCriteriaId": "8608F5A2-B6FA-43C6-9862-43DBAF01EB1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.2.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "E815171B-B054-450F-A9B3-2D522161DD02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.2.30:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD941A62-A41E-41CB-80C0-8B780AC39FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.2.40:*:*:*:*:*:*:*",
              "matchCriteriaId": "786287DD-2565-4931-BBA0-2CACD7671352",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.2.50:*:*:*:*:*:*:*",
              "matchCriteriaId": "4784DC04-D2C5-46C6-831F-23D69B4B0513",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.2.60:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C219DAB-C13C-4232-8B98-2D7A9ED16E30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.2.70:*:*:*:*:*:*:*",
              "matchCriteriaId": "F88507A8-6143-4FB7-8027-EFB0C981ED8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.2.80:*:*:*:*:*:*:*",
              "matchCriteriaId": "E35C0772-8265-415F-A390-530640DB9599",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Webmin before 1.296 and Usermin before 1.226 do not properly handle a URL with a null (\"%00\") character, which allows remote attackers to conduct cross-site scripting (XSS), read CGI program source code, list directories, and possibly execute programs."
    },
    {
      "lang": "es",
      "value": "Webmin anterior a 1.296 y Usermin anterior a  1.226 no dirigidas adecuadamente una URL con un caracter nulo (\"%00\"), lo cual permite a un atacante remoto dirigir una secuencia de comandos de sitios cruzados (XSS), leer el c\u00f3digo fuente del programa CGI, lista de directorios, y posiblemente ejecutar programas."
    }
  ],
  "evaluatorSolution": "This vulnerability is addressed in the following product releases:\r\nWebmin, Webmin, 1.296\r\nUsermin, Usermin, 1.226",
  "id": "CVE-2006-4542",
  "lastModified": "2024-11-21T00:16:12.620",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-09-05T23:04:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://jvn.jp/jp/JVN%2399776858/index.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21690"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/22087"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/22114"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/22556"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1016776"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1016777"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://webmin.com/security.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2006/dsa-1199"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/89_e.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:170"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/28337"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/28338"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/19820"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/3424"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28699"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://jvn.jp/jp/JVN%2399776858/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21690"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/22087"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/22114"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/22556"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1016776"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1016777"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://webmin.com/security.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2006/dsa-1199"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/89_e.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:170"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/28337"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/28338"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/19820"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/3424"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28699"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2003-03-03 05:00
Modified
2024-11-20 23:43
Severity ?
Summary
miniserv.pl in (1) Webmin before 1.070 and (2) Usermin before 1.000 does not properly handle metacharacters such as line feeds and carriage returns (CRLF) in Base-64 encoded strings during Basic authentication, which allows remote attackers to spoof a session ID and gain root privileges.
References
cve@mitre.orgftp://patches.sgi.com/support/free/security/advisories/20030602-01-I
cve@mitre.orghttp://archives.neohapsis.com/archives/hp/2003-q1/0063.html
cve@mitre.orghttp://archives.neohapsis.com/archives/linux/engarde/2003-q1/0008.html
cve@mitre.orghttp://marc.info/?l=bugtraq&m=104610245624895&w=2
cve@mitre.orghttp://marc.info/?l=bugtraq&m=104610300325629&w=2
cve@mitre.orghttp://marc.info/?l=bugtraq&m=104610336226274&w=2
cve@mitre.orghttp://marc.info/?l=webmin-announce&m=104587858408101&w=2
cve@mitre.orghttp://secunia.com/advisories/8115
cve@mitre.orghttp://secunia.com/advisories/8163
cve@mitre.orghttp://www.ciac.org/ciac/bulletins/n-058.shtml
cve@mitre.orghttp://www.debian.org/security/2003/dsa-319
cve@mitre.orghttp://www.iss.net/security_center/static/11390.phpVendor Advisory
cve@mitre.orghttp://www.lac.co.jp/security/english/snsadv_e/62_e.html
cve@mitre.orghttp://www.linuxsecurity.com/advisories/gentoo_advisory-2886.html
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDKSA-2003:025
cve@mitre.orghttp://www.securityfocus.com/bid/6915
cve@mitre.orghttp://www.securitytracker.com/id?1006160
af854a3a-2127-422b-91ae-364da2661108ftp://patches.sgi.com/support/free/security/advisories/20030602-01-I
af854a3a-2127-422b-91ae-364da2661108http://archives.neohapsis.com/archives/hp/2003-q1/0063.html
af854a3a-2127-422b-91ae-364da2661108http://archives.neohapsis.com/archives/linux/engarde/2003-q1/0008.html
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=104610245624895&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=104610300325629&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=104610336226274&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=webmin-announce&m=104587858408101&w=2
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/8115
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/8163
af854a3a-2127-422b-91ae-364da2661108http://www.ciac.org/ciac/bulletins/n-058.shtml
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2003/dsa-319
af854a3a-2127-422b-91ae-364da2661108http://www.iss.net/security_center/static/11390.phpVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.lac.co.jp/security/english/snsadv_e/62_e.html
af854a3a-2127-422b-91ae-364da2661108http://www.linuxsecurity.com/advisories/gentoo_advisory-2886.html
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2003:025
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/6915
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1006160
Impacted products
Vendor Product Version
engardelinux guardian_digital_webtool 1.2
usermin usermin 0.4
usermin usermin 0.5
usermin usermin 0.6
usermin usermin 0.7
usermin usermin 0.8
usermin usermin 0.9
usermin usermin 0.91
usermin usermin 0.92
usermin usermin 0.93
usermin usermin 0.94
usermin usermin 0.95
usermin usermin 0.96
usermin usermin 0.97
usermin usermin 0.98
usermin usermin 0.99
webmin webmin 1.0.50
webmin webmin 1.0.60


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:engardelinux:guardian_digital_webtool:1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "91EB3988-0BFD-4BE8-A170-A99A32222540",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AD41B8B-72C0-411F-83E7-A82E1642FA26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "65A99166-28DF-4651-985F-922DBB06687E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F9EACC7-1464-4476-9AA1-50DD902A3489",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD343610-8BE2-4916-AF30-66B21330D84C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D54B4D9-5218-41F9-A701-F960199EE520",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "B352FF6B-989C-4540-B434-9452851F745C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.91:*:*:*:*:*:*:*",
              "matchCriteriaId": "F83F9841-49C7-410A-891F-365BBA043D2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.92:*:*:*:*:*:*:*",
              "matchCriteriaId": "711485C5-F16A-4481-AEE3-E2AF1BAA09DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.93:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD5B9395-DCEA-4615-825E-1C4B42F25E2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.94:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B7162DD-DFE1-478D-B87C-28C393E20941",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.95:*:*:*:*:*:*:*",
              "matchCriteriaId": "A01D1150-FCDE-47F5-BFE6-F06A294D7B29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.96:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D673B88-A9D9-4D22-9531-7F06791BC551",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.97:*:*:*:*:*:*:*",
              "matchCriteriaId": "538021A3-2A6E-446F-B14D-4DCC7A470E55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.98:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB1A2A26-1187-46BE-8EFC-F3C325679245",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:usermin:usermin:0.99:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E70B0A6-31C9-4D78-B4B9-E75B45B6368C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.50:*:*:*:*:*:*:*",
              "matchCriteriaId": "C968FBE9-191A-40B1-9A69-BF24511E40B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:webmin:webmin:1.0.60:*:*:*:*:*:*:*",
              "matchCriteriaId": "D89047FD-39F0-4614-B1EC-D13BAF57405E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "miniserv.pl in (1) Webmin before 1.070 and (2) Usermin before 1.000 does not properly handle metacharacters such as line feeds and carriage returns (CRLF) in Base-64 encoded strings during Basic authentication, which allows remote attackers to spoof a session ID and gain root privileges."
    },
    {
      "lang": "es",
      "value": "miniserv.pl en Webmin anterior a 1.070 y Usermin antes de 1.000 no maneja adecuadamente metacaract\u00e9res como avance de l\u00ednea y retorno de carro (CRLF) en cadenas codificadas en Base-64 durante la autenticaci\u00f3n b\u00e1sica, lo que permite a atacantes remotos suplantar un ID de sesi\u00f3n y ganar privilegios de root."
    }
  ],
  "id": "CVE-2003-0101",
  "lastModified": "2024-11-20T23:43:57.447",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2003-03-03T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "ftp://patches.sgi.com/support/free/security/advisories/20030602-01-I"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://archives.neohapsis.com/archives/hp/2003-q1/0063.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://archives.neohapsis.com/archives/linux/engarde/2003-q1/0008.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=104610245624895\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=104610300325629\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=104610336226274\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=webmin-announce\u0026m=104587858408101\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/8115"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/8163"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ciac.org/ciac/bulletins/n-058.shtml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2003/dsa-319"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.iss.net/security_center/static/11390.php"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.lac.co.jp/security/english/snsadv_e/62_e.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.linuxsecurity.com/advisories/gentoo_advisory-2886.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:025"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/6915"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1006160"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://patches.sgi.com/support/free/security/advisories/20030602-01-I"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archives.neohapsis.com/archives/hp/2003-q1/0063.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archives.neohapsis.com/archives/linux/engarde/2003-q1/0008.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=104610245624895\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=104610300325629\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=104610336226274\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=webmin-announce\u0026m=104587858408101\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/8115"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/8163"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ciac.org/ciac/bulletins/n-058.shtml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2003/dsa-319"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.iss.net/security_center/static/11390.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.lac.co.jp/security/english/snsadv_e/62_e.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.linuxsecurity.com/advisories/gentoo_advisory-2886.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:025"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/6915"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1006160"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

var-200412-0165
Vulnerability from variot

The web mail functionality in Usermin 1.x and Webmin 1.x allows remote attackers to execute arbitrary commands via shell metacharacters in an e-mail message. Usermin Is Web The module that sends and receives emails via the interface is incomplete and received HTML Another in the email Usermin A vulnerability exists that does not properly remove links to modules.An arbitrary command may be executed with the authority of the user who received and viewed the email. Webmin / Usermin are reportedly affected by a command execution vulnerability when rendering HTML email messages. This issue is reported to affect Usermin versions 1.080 and prior. Under certain versions of the Cisco Catalyst a user who already has access to the device can elevate their current access to 'enable' mode without a password. Once 'enable' mode is obtained the user can access the configuration mode and commit unauthorized configuration changes on a Catalyst switch. This can be done either from the console itself or via a remote Telnet session

Show details on source website

To clipboard 

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200412-0165",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "usermin",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "usermin",
        "version": "1.080"
      },
      {
        "model": "usermin",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "usermin",
        "version": "1.070"
      },
      {
        "model": "usermin",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "usermin",
        "version": "1.060"
      },
      {
        "model": "usermin",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "usermin",
        "version": "1.051"
      },
      {
        "model": "usermin",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "usermin",
        "version": "1.040"
      },
      {
        "model": "usermin",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "usermin",
        "version": "1.030"
      },
      {
        "model": "usermin",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "usermin",
        "version": "1.020"
      },
      {
        "model": "usermin",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "usermin",
        "version": "1.010"
      },
      {
        "model": "usermin",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "usermin",
        "version": "1.000"
      },
      {
        "model": "webmin",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "webmin",
        "version": "1.0.50"
      },
      {
        "model": "webmin",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "webmin",
        "version": "1.0.70"
      },
      {
        "model": "webmin",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "webmin",
        "version": "1.1.10"
      },
      {
        "model": "webmin",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "webmin",
        "version": "1.1.30"
      },
      {
        "model": "webmin",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "webmin",
        "version": "1.0.00"
      },
      {
        "model": "webmin",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "webmin",
        "version": "1.0.80"
      },
      {
        "model": "webmin",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "webmin",
        "version": "1.1.50"
      },
      {
        "model": "webmin",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "webmin",
        "version": "1.1.00"
      },
      {
        "model": "webmin",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "webmin",
        "version": "1.0.90"
      },
      {
        "model": "webmin",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "webmin",
        "version": "1.0.60"
      },
      {
        "model": "webmin",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "webmin",
        "version": "1.1.21"
      },
      {
        "model": "webmin",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "webmin",
        "version": "1.0.20"
      },
      {
        "model": "webmin",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "webmin",
        "version": "1.1.40"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "2.0"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "2.1"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "3.0"
      },
      {
        "model": "webmin",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "webmin",
        "version": "1.150"
      },
      {
        "model": "webmin",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "webmin",
        "version": "1.140"
      },
      {
        "model": "webmin",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "webmin",
        "version": "1.130"
      },
      {
        "model": "webmin",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "webmin",
        "version": "1.121"
      },
      {
        "model": "webmin",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "webmin",
        "version": "1.110"
      },
      {
        "model": "webmin",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "webmin",
        "version": "1.100"
      },
      {
        "model": "webmin",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "webmin",
        "version": "1.090"
      },
      {
        "model": "webmin",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "webmin",
        "version": "1.080"
      },
      {
        "model": "webmin",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "webmin",
        "version": "1.070"
      },
      {
        "model": "webmin",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "webmin",
        "version": "1.060"
      },
      {
        "model": "webmin",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "webmin",
        "version": "1.050"
      },
      {
        "model": "webmin",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "webmin",
        "version": "1.020"
      },
      {
        "model": "webmin",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "webmin",
        "version": "1.000"
      },
      {
        "model": "webmin",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "webmin",
        "version": "1.160"
      },
      {
        "model": "usermin",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "usermin",
        "version": "1.090"
      },
      {
        "model": "catalyst",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "65005.4.1"
      },
      {
        "model": "catalyst",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "60005.4.1"
      },
      {
        "model": "catalyst",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "55005.4.1"
      },
      {
        "model": "catalyst",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "50005.4.1"
      },
      {
        "model": "catalyst",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "40005.4.1"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "11122"
      },
      {
        "db": "BID",
        "id": "1122"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000116"
      },
      {
        "db": "NVD",
        "id": "CVE-2004-1468"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200412-1201"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:usermin:usermin:1.000:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:usermin:usermin:1.080:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:webmin:webmin:1.0.00:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:webmin:webmin:1.1.00:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:webmin:webmin:1.1.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:usermin:usermin:1.030:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:usermin:usermin:1.040:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:webmin:webmin:1.0.60:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:webmin:webmin:1.0.70:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:webmin:webmin:1.1.40:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:webmin:webmin:1.1.50:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:usermin:usermin:1.010:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:usermin:usermin:1.020:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:webmin:webmin:1.0.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:webmin:webmin:1.0.50:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:webmin:webmin:1.1.21:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:webmin:webmin:1.1.30:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:usermin:usermin:1.051:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:usermin:usermin:1.060:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:usermin:usermin:1.070:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:webmin:webmin:1.0.80:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:webmin:webmin:1.0.90:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2004-1468"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "This vulnerability was announced by Cisco in a security advisory posted to the Bugtraq mailing list on April 19, 2000.\n\n The Cisco BugID for this issue is:\n\nCSCdr10025",
    "sources": [
      {
        "db": "BID",
        "id": "1122"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200412-1201"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2004-1468",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": true,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 7.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2004-1468",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2004-1468",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200412-1201",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2004-1468",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2004-1468"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000116"
      },
      {
        "db": "NVD",
        "id": "CVE-2004-1468"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200412-1201"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The web mail functionality in Usermin 1.x and Webmin 1.x allows remote attackers to execute arbitrary commands via shell metacharacters in an e-mail message. Usermin Is Web The module that sends and receives emails via the interface is incomplete and received HTML Another in the email Usermin A vulnerability exists that does not properly remove links to modules.An arbitrary command may be executed with the authority of the user who received and viewed the email. Webmin / Usermin are reportedly affected by a command execution vulnerability when rendering HTML email messages. \nThis issue is reported to affect Usermin versions 1.080 and prior. Under certain versions of the Cisco Catalyst a user who already has access to the device can elevate their current access to \u0027enable\u0027 mode without a password. Once \u0027enable\u0027 mode is obtained the user can access the configuration mode and commit unauthorized configuration changes on a Catalyst switch. \nThis can be done either from the console itself or via a remote Telnet session",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2004-1468"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000116"
      },
      {
        "db": "BID",
        "id": "11122"
      },
      {
        "db": "BID",
        "id": "1122"
      },
      {
        "db": "VULMON",
        "id": "CVE-2004-1468"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "11122",
        "trust": 2.8
      },
      {
        "db": "NVD",
        "id": "CVE-2004-1468",
        "trust": 2.5
      },
      {
        "db": "SECUNIA",
        "id": "12488",
        "trust": 1.7
      },
      {
        "db": "BID",
        "id": "1122",
        "trust": 0.9
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000116",
        "trust": 0.8
      },
      {
        "db": "GENTOO",
        "id": "GLSA-200409-15",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "17293",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200412-1201",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2004-1468",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2004-1468"
      },
      {
        "db": "BID",
        "id": "11122"
      },
      {
        "db": "BID",
        "id": "1122"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000116"
      },
      {
        "db": "NVD",
        "id": "CVE-2004-1468"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200412-1201"
      }
    ]
  },
  "id": "VAR-200412-0165",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.3056849
  },
  "last_update_date": "2023-12-18T12:13:45.454000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "usermin (V2.x/V3.0)",
        "trust": 0.8,
        "url": "http://www.miraclelinux.com/update/linux/list.php?errata_id=19"
      },
      {
        "title": "usermin (V2.x)",
        "trust": 0.8,
        "url": "http://www.miraclelinux.com/support/update/list.php?errata_id=990"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000116"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2004-1468"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://www.securityfocus.com/bid/11122"
      },
      {
        "trust": 1.7,
        "url": "http://www.lac.co.jp/security/csl/intelligence/snsadvisory_e/77_e.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.gentoo.org/security/en/glsa/glsa-200409-15.xml"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/12488/"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17293"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2004-1468"
      },
      {
        "trust": 0.8,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2004-1468"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/17293"
      },
      {
        "trust": 0.3,
        "url": "http://www.webmin.com/index6.html"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/374439"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/warp/public/707/sec_incident_response.shtml"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/.html"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=8115"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2004-1468"
      },
      {
        "db": "BID",
        "id": "11122"
      },
      {
        "db": "BID",
        "id": "1122"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000116"
      },
      {
        "db": "NVD",
        "id": "CVE-2004-1468"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200412-1201"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2004-1468"
      },
      {
        "db": "BID",
        "id": "11122"
      },
      {
        "db": "BID",
        "id": "1122"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2004-000116"
      },
      {
        "db": "NVD",
        "id": "CVE-2004-1468"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200412-1201"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2004-12-31T00:00:00",
        "db": "VULMON",
        "id": "CVE-2004-1468"
      },
      {
        "date": "2004-09-07T00:00:00",
        "db": "BID",
        "id": "11122"
      },
      {
        "date": "2000-04-20T00:00:00",
        "db": "BID",
        "id": "1122"
      },
      {
        "date": "2007-04-01T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2004-000116"
      },
      {
        "date": "2004-12-31T05:00:00",
        "db": "NVD",
        "id": "CVE-2004-1468"
      },
      {
        "date": "2004-12-31T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200412-1201"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-07-11T00:00:00",
        "db": "VULMON",
        "id": "CVE-2004-1468"
      },
      {
        "date": "2004-09-07T00:00:00",
        "db": "BID",
        "id": "11122"
      },
      {
        "date": "2000-04-20T00:00:00",
        "db": "BID",
        "id": "1122"
      },
      {
        "date": "2007-05-14T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2004-000116"
      },
      {
        "date": "2017-07-11T01:31:03.577000",
        "db": "NVD",
        "id": "CVE-2004-1468"
      },
      {
        "date": "2005-10-20T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200412-1201"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "network",
    "sources": [
      {
        "db": "BID",
        "id": "11122"
      },
      {
        "db": "BID",
        "id": "1122"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Catalyst Enable Password Bypass Vulnerability",
    "sources": [
      {
        "db": "BID",
        "id": "1122"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200412-1201"
      }
    ],
    "trust": 0.9
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "access verification error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200412-1201"
      }
    ],
    "trust": 0.6
  }
}