Search criteria
42 vulnerabilities found for usermin by usermin
CVE-2015-2079 (GCVE-0-2015-2079)
Vulnerability from cvelistv5 – Published: 2025-04-28 00:00 – Updated: 2025-04-28 15:26
VLAI?
Summary
Usermin 0.980 through 1.x before 1.660 allows uconfig_save.cgi sig_file_free remote code execution because it uses the two argument (not three argument) form of Perl open.
Severity ?
9.9 (Critical)
CWE
- CWE-96 - Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2015-2079",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-28T15:17:22.192383Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-28T15:26:11.894Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Usermin",
"vendor": "Usermin",
"versions": [
{
"lessThan": "1.660",
"status": "affected",
"version": "0.980",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:usermin:usermin:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.660",
"versionStartIncluding": "0.980",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Usermin 0.980 through 1.x before 1.660 allows uconfig_save.cgi sig_file_free remote code execution because it uses the two argument (not three argument) form of Perl open."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-96",
"description": "CWE-96 Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-28T14:45:13.615Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://code-white.com/public-vulnerability-list/"
},
{
"url": "https://code-white.com/blog/2015-05-cve-2015-2079-rce-usermin/"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-2079",
"datePublished": "2025-04-28T00:00:00.000Z",
"dateReserved": "2015-02-24T00:00:00.000Z",
"dateUpdated": "2025-04-28T15:26:11.894Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1276 (GCVE-0-2007-1276)
Vulnerability from cvelistv5 – Published: 2007-03-05 20:00 – Updated: 2024-08-07 12:50
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in chooser.cgi in Webmin before 1.330 and Usermin before 1.260 allow remote attackers to inject arbitrary web script or HTML via a crafted filename.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:50:34.879Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.webmin.com/security.html"
},
{
"name": "33832",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/33832"
},
{
"name": "24321",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24321"
},
{
"name": "ADV-2007-0780",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0780"
},
{
"name": "1017711",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017711"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.webmin.com/changes-1.330.html"
},
{
"name": "webmin-chooser-xss(32725)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32725"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-02-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in chooser.cgi in Webmin before 1.330 and Usermin before 1.260 allow remote attackers to inject arbitrary web script or HTML via a crafted filename."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.webmin.com/security.html"
},
{
"name": "33832",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/33832"
},
{
"name": "24321",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24321"
},
{
"name": "ADV-2007-0780",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0780"
},
{
"name": "1017711",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017711"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.webmin.com/changes-1.330.html"
},
{
"name": "webmin-chooser-xss(32725)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32725"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1276",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in chooser.cgi in Webmin before 1.330 and Usermin before 1.260 allow remote attackers to inject arbitrary web script or HTML via a crafted filename."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.webmin.com/security.html",
"refsource": "CONFIRM",
"url": "http://www.webmin.com/security.html"
},
{
"name": "33832",
"refsource": "OSVDB",
"url": "http://osvdb.org/33832"
},
{
"name": "24321",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24321"
},
{
"name": "ADV-2007-0780",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0780"
},
{
"name": "1017711",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017711"
},
{
"name": "http://www.webmin.com/changes-1.330.html",
"refsource": "CONFIRM",
"url": "http://www.webmin.com/changes-1.330.html"
},
{
"name": "webmin-chooser-xss(32725)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32725"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1276",
"datePublished": "2007-03-05T20:00:00",
"dateReserved": "2007-03-05T00:00:00",
"dateUpdated": "2024-08-07T12:50:34.879Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4246 (GCVE-0-2006-4246)
Vulnerability from cvelistv5 – Published: 2006-09-19 18:00 – Updated: 2024-08-07 19:06
VLAI?
Summary
Usermin before 1.220 (20060629) allows remote attackers to read arbitrary files, possibly related to chfn/save.cgi not properly handling an empty shell parameter, which results in changing root's shell instead of the shell of a specified user.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:06:07.026Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "21968",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21968"
},
{
"name": "21981",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21981"
},
{
"name": "18574",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18574"
},
{
"name": "usermin-shell-dos(29010)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29010"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.webmin.com/uchanges.html"
},
{
"name": "ADV-2006-3668",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3668"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.osreviews.net/reviews/admin/usermin"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1509145\u0026group_id=17457\u0026atid=485894"
},
{
"name": "DSA-1177",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1177"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Usermin before 1.220 (20060629) allows remote attackers to read arbitrary files, possibly related to chfn/save.cgi not properly handling an empty shell parameter, which results in changing root\u0027s shell instead of the shell of a specified user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "21968",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21968"
},
{
"name": "21981",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21981"
},
{
"name": "18574",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18574"
},
{
"name": "usermin-shell-dos(29010)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29010"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.webmin.com/uchanges.html"
},
{
"name": "ADV-2006-3668",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3668"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.osreviews.net/reviews/admin/usermin"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1509145\u0026group_id=17457\u0026atid=485894"
},
{
"name": "DSA-1177",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1177"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2006-4246",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Usermin before 1.220 (20060629) allows remote attackers to read arbitrary files, possibly related to chfn/save.cgi not properly handling an empty shell parameter, which results in changing root\u0027s shell instead of the shell of a specified user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21968",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21968"
},
{
"name": "21981",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21981"
},
{
"name": "18574",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18574"
},
{
"name": "usermin-shell-dos(29010)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29010"
},
{
"name": "http://www.webmin.com/uchanges.html",
"refsource": "CONFIRM",
"url": "http://www.webmin.com/uchanges.html"
},
{
"name": "ADV-2006-3668",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3668"
},
{
"name": "http://www.osreviews.net/reviews/admin/usermin",
"refsource": "MISC",
"url": "http://www.osreviews.net/reviews/admin/usermin"
},
{
"name": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1509145\u0026group_id=17457\u0026atid=485894",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1509145\u0026group_id=17457\u0026atid=485894"
},
{
"name": "DSA-1177",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1177"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2006-4246",
"datePublished": "2006-09-19T18:00:00",
"dateReserved": "2006-08-21T00:00:00",
"dateUpdated": "2024-08-07T19:06:07.026Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4542 (GCVE-0-2006-4542)
Vulnerability from cvelistv5 – Published: 2006-09-05 23:00 – Updated: 2024-08-07 19:14
VLAI?
Summary
Webmin before 1.296 and Usermin before 1.226 do not properly handle a URL with a null ("%00") character, which allows remote attackers to conduct cross-site scripting (XSS), read CGI program source code, list directories, and possibly execute programs.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:14:47.503Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#99776858",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/jp/JVN%2399776858/index.html"
},
{
"name": "19820",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19820"
},
{
"name": "22114",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22114"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/89_e.html"
},
{
"name": "ADV-2006-3424",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3424"
},
{
"name": "21690",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21690"
},
{
"name": "DSA-1199",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1199"
},
{
"name": "28338",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/28338"
},
{
"name": "22087",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22087"
},
{
"name": "28337",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/28337"
},
{
"name": "MDKSA-2006:170",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:170"
},
{
"name": "1016776",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016776"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://webmin.com/security.html"
},
{
"name": "22556",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22556"
},
{
"name": "1016777",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016777"
},
{
"name": "webmin-usermin-source-disclosure(28699)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28699"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Webmin before 1.296 and Usermin before 1.226 do not properly handle a URL with a null (\"%00\") character, which allows remote attackers to conduct cross-site scripting (XSS), read CGI program source code, list directories, and possibly execute programs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "JVN#99776858",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/jp/JVN%2399776858/index.html"
},
{
"name": "19820",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19820"
},
{
"name": "22114",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22114"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/89_e.html"
},
{
"name": "ADV-2006-3424",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3424"
},
{
"name": "21690",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21690"
},
{
"name": "DSA-1199",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1199"
},
{
"name": "28338",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/28338"
},
{
"name": "22087",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22087"
},
{
"name": "28337",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/28337"
},
{
"name": "MDKSA-2006:170",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:170"
},
{
"name": "1016776",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016776"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://webmin.com/security.html"
},
{
"name": "22556",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22556"
},
{
"name": "1016777",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016777"
},
{
"name": "webmin-usermin-source-disclosure(28699)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28699"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4542",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Webmin before 1.296 and Usermin before 1.226 do not properly handle a URL with a null (\"%00\") character, which allows remote attackers to conduct cross-site scripting (XSS), read CGI program source code, list directories, and possibly execute programs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#99776858",
"refsource": "JVN",
"url": "http://jvn.jp/jp/JVN%2399776858/index.html"
},
{
"name": "19820",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19820"
},
{
"name": "22114",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22114"
},
{
"name": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/89_e.html",
"refsource": "MISC",
"url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/89_e.html"
},
{
"name": "ADV-2006-3424",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3424"
},
{
"name": "21690",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21690"
},
{
"name": "DSA-1199",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1199"
},
{
"name": "28338",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28338"
},
{
"name": "22087",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22087"
},
{
"name": "28337",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28337"
},
{
"name": "MDKSA-2006:170",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:170"
},
{
"name": "1016776",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016776"
},
{
"name": "http://webmin.com/security.html",
"refsource": "CONFIRM",
"url": "http://webmin.com/security.html"
},
{
"name": "22556",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22556"
},
{
"name": "1016777",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016777"
},
{
"name": "webmin-usermin-source-disclosure(28699)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28699"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4542",
"datePublished": "2006-09-05T23:00:00",
"dateReserved": "2006-09-05T00:00:00",
"dateUpdated": "2024-08-07T19:14:47.503Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3392 (GCVE-0-2006-3392)
Vulnerability from cvelistv5 – Published: 2006-07-06 20:00 – Updated: 2024-08-07 18:30
VLAI?
Summary
Webmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML, which allows remote attackers to read arbitrary files, as demonstrated using "..%01" sequences, which bypass the removal of "../" sequences before bytes such as "%01" are removed from the filename. NOTE: This is a different issue than CVE-2006-3274.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:30:32.634Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "21365",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21365"
},
{
"name": "GLSA-200608-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200608-11.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.webmin.com/changes.html"
},
{
"name": "20060710 Re: Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/440125/100/0/threaded"
},
{
"name": "21105",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21105"
},
{
"name": "18744",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18744"
},
{
"name": "20060715 Webmin / Usermin Arbitrary File Disclosure Vulnerability Perl",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/440493/100/0/threaded"
},
{
"name": "20060715 Re: Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/440466/100/0/threaded"
},
{
"name": "VU#999601",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/999601"
},
{
"name": "DSA-1199",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1199"
},
{
"name": "20060630 Webmin traversal - changelog",
"tags": [
"mailing-list",
"x_refsource_VIM",
"x_transferred"
],
"url": "http://attrition.org/pipermail/vim/2006-June/000912.html"
},
{
"name": "20892",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20892"
},
{
"name": "MDKSA-2006:125",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:125"
},
{
"name": "ADV-2006-2612",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2612"
},
{
"name": "20060709 Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/439653/100/0/threaded"
},
{
"name": "26772",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/26772"
},
{
"name": "22556",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22556"
},
{
"name": "20060711 Re: Webmin traversal - changelog",
"tags": [
"mailing-list",
"x_refsource_VIM",
"x_transferred"
],
"url": "http://attrition.org/pipermail/vim/2006-July/000923.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Webmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML, which allows remote attackers to read arbitrary files, as demonstrated using \"..%01\" sequences, which bypass the removal of \"../\" sequences before bytes such as \"%01\" are removed from the filename. NOTE: This is a different issue than CVE-2006-3274."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "21365",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21365"
},
{
"name": "GLSA-200608-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200608-11.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.webmin.com/changes.html"
},
{
"name": "20060710 Re: Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/440125/100/0/threaded"
},
{
"name": "21105",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21105"
},
{
"name": "18744",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18744"
},
{
"name": "20060715 Webmin / Usermin Arbitrary File Disclosure Vulnerability Perl",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/440493/100/0/threaded"
},
{
"name": "20060715 Re: Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/440466/100/0/threaded"
},
{
"name": "VU#999601",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/999601"
},
{
"name": "DSA-1199",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1199"
},
{
"name": "20060630 Webmin traversal - changelog",
"tags": [
"mailing-list",
"x_refsource_VIM"
],
"url": "http://attrition.org/pipermail/vim/2006-June/000912.html"
},
{
"name": "20892",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20892"
},
{
"name": "MDKSA-2006:125",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:125"
},
{
"name": "ADV-2006-2612",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2612"
},
{
"name": "20060709 Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/439653/100/0/threaded"
},
{
"name": "26772",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/26772"
},
{
"name": "22556",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22556"
},
{
"name": "20060711 Re: Webmin traversal - changelog",
"tags": [
"mailing-list",
"x_refsource_VIM"
],
"url": "http://attrition.org/pipermail/vim/2006-July/000923.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3392",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Webmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML, which allows remote attackers to read arbitrary files, as demonstrated using \"..%01\" sequences, which bypass the removal of \"../\" sequences before bytes such as \"%01\" are removed from the filename. NOTE: This is a different issue than CVE-2006-3274."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21365",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21365"
},
{
"name": "GLSA-200608-11",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200608-11.xml"
},
{
"name": "http://www.webmin.com/changes.html",
"refsource": "CONFIRM",
"url": "http://www.webmin.com/changes.html"
},
{
"name": "20060710 Re: Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/440125/100/0/threaded"
},
{
"name": "21105",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21105"
},
{
"name": "18744",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18744"
},
{
"name": "20060715 Webmin / Usermin Arbitrary File Disclosure Vulnerability Perl",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/440493/100/0/threaded"
},
{
"name": "20060715 Re: Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/440466/100/0/threaded"
},
{
"name": "VU#999601",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/999601"
},
{
"name": "DSA-1199",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1199"
},
{
"name": "20060630 Webmin traversal - changelog",
"refsource": "VIM",
"url": "http://attrition.org/pipermail/vim/2006-June/000912.html"
},
{
"name": "20892",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20892"
},
{
"name": "MDKSA-2006:125",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:125"
},
{
"name": "ADV-2006-2612",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2612"
},
{
"name": "20060709 Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/439653/100/0/threaded"
},
{
"name": "26772",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26772"
},
{
"name": "22556",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22556"
},
{
"name": "20060711 Re: Webmin traversal - changelog",
"refsource": "VIM",
"url": "http://attrition.org/pipermail/vim/2006-July/000923.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3392",
"datePublished": "2006-07-06T20:00:00",
"dateReserved": "2006-07-06T00:00:00",
"dateUpdated": "2024-08-07T18:30:32.634Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3042 (GCVE-0-2005-3042)
Vulnerability from cvelistv5 – Published: 2005-09-22 04:00 – Updated: 2024-08-07 22:53
VLAI?
Summary
miniserv.pl in Webmin before 1.230 and Usermin before 1.160, when "full PAM conversations" is enabled, allows remote attackers to bypass authentication by spoofing session IDs via certain metacharacters (line feed or carriage return).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:53:30.475Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "16858",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16858"
},
{
"name": "17282",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17282"
},
{
"name": "GLSA-200509-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-17.xml"
},
{
"name": "19575",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/19575"
},
{
"name": "17",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/17"
},
{
"name": "14889",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14889"
},
{
"name": "ADV-2005-1791",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/1791"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/83_e.html"
},
{
"name": "MDKSA-2005:176",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:176"
},
{
"name": "SUSE-SR:2005:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_24_sr.html"
},
{
"name": "20050921 [SNS Advisory No.83] Webmin/Usermin PAM Authentication Bypass Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2005-09/0257.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.webmin.com/changes-1.230.html"
},
{
"name": "JVN#40940493",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/jp/JVN%2340940493/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.webmin.com/uchanges-1.160.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-09-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "miniserv.pl in Webmin before 1.230 and Usermin before 1.160, when \"full PAM conversations\" is enabled, allows remote attackers to bypass authentication by spoofing session IDs via certain metacharacters (line feed or carriage return)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-09-29T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "16858",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16858"
},
{
"name": "17282",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17282"
},
{
"name": "GLSA-200509-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-17.xml"
},
{
"name": "19575",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/19575"
},
{
"name": "17",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/17"
},
{
"name": "14889",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14889"
},
{
"name": "ADV-2005-1791",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/1791"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/83_e.html"
},
{
"name": "MDKSA-2005:176",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:176"
},
{
"name": "SUSE-SR:2005:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_24_sr.html"
},
{
"name": "20050921 [SNS Advisory No.83] Webmin/Usermin PAM Authentication Bypass Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2005-09/0257.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.webmin.com/changes-1.230.html"
},
{
"name": "JVN#40940493",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/jp/JVN%2340940493/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.webmin.com/uchanges-1.160.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3042",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "miniserv.pl in Webmin before 1.230 and Usermin before 1.160, when \"full PAM conversations\" is enabled, allows remote attackers to bypass authentication by spoofing session IDs via certain metacharacters (line feed or carriage return)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16858",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16858"
},
{
"name": "17282",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17282"
},
{
"name": "GLSA-200509-17",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-17.xml"
},
{
"name": "19575",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/19575"
},
{
"name": "17",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/17"
},
{
"name": "14889",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14889"
},
{
"name": "ADV-2005-1791",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/1791"
},
{
"name": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/83_e.html",
"refsource": "MISC",
"url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/83_e.html"
},
{
"name": "MDKSA-2005:176",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:176"
},
{
"name": "SUSE-SR:2005:024",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_24_sr.html"
},
{
"name": "20050921 [SNS Advisory No.83] Webmin/Usermin PAM Authentication Bypass Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2005-09/0257.html"
},
{
"name": "http://www.webmin.com/changes-1.230.html",
"refsource": "CONFIRM",
"url": "http://www.webmin.com/changes-1.230.html"
},
{
"name": "JVN#40940493",
"refsource": "JVN",
"url": "http://jvn.jp/jp/JVN%2340940493/index.html"
},
{
"name": "http://www.webmin.com/uchanges-1.160.html",
"refsource": "CONFIRM",
"url": "http://www.webmin.com/uchanges-1.160.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3042",
"datePublished": "2005-09-22T04:00:00",
"dateReserved": "2005-09-22T00:00:00",
"dateUpdated": "2024-08-07T22:53:30.475Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-1177 (GCVE-0-2005-1177)
Vulnerability from cvelistv5 – Published: 2005-04-19 04:00 – Updated: 2024-08-07 21:44
VLAI?
Summary
Unknown vulnerability in (1) Webmin and (2) Usermin before 1.200 causes Webmin to change permissions and ownership of configuration files, with unknown impact.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:44:05.268Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.webmin.com/changes.html"
},
{
"name": "1013723",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1013723"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.webmin.com/uchanges.html"
},
{
"name": "webmin-config-file-permissions(20607)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20607"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-04-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unknown vulnerability in (1) Webmin and (2) Usermin before 1.200 causes Webmin to change permissions and ownership of configuration files, with unknown impact."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.webmin.com/changes.html"
},
{
"name": "1013723",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1013723"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.webmin.com/uchanges.html"
},
{
"name": "webmin-config-file-permissions(20607)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20607"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1177",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unknown vulnerability in (1) Webmin and (2) Usermin before 1.200 causes Webmin to change permissions and ownership of configuration files, with unknown impact."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.webmin.com/changes.html",
"refsource": "CONFIRM",
"url": "http://www.webmin.com/changes.html"
},
{
"name": "1013723",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013723"
},
{
"name": "http://www.webmin.com/uchanges.html",
"refsource": "CONFIRM",
"url": "http://www.webmin.com/uchanges.html"
},
{
"name": "webmin-config-file-permissions(20607)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20607"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1177",
"datePublished": "2005-04-19T04:00:00",
"dateReserved": "2005-04-19T00:00:00",
"dateUpdated": "2024-08-07T21:44:05.268Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1468 (GCVE-0-2004-1468)
Vulnerability from cvelistv5 – Published: 2005-02-13 05:00 – Updated: 2024-08-08 00:53
VLAI?
Summary
The web mail functionality in Usermin 1.x and Webmin 1.x allows remote attackers to execute arbitrary commands via shell metacharacters in an e-mail message.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:53:23.804Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "11122",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11122"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/77_e.html"
},
{
"name": "12488",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12488/"
},
{
"name": "GLSA-200409-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-15.xml"
},
{
"name": "usermin-web-mail-command-execution(17293)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17293"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-09-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The web mail functionality in Usermin 1.x and Webmin 1.x allows remote attackers to execute arbitrary commands via shell metacharacters in an e-mail message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "11122",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11122"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/77_e.html"
},
{
"name": "12488",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12488/"
},
{
"name": "GLSA-200409-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-15.xml"
},
{
"name": "usermin-web-mail-command-execution(17293)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17293"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1468",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web mail functionality in Usermin 1.x and Webmin 1.x allows remote attackers to execute arbitrary commands via shell metacharacters in an e-mail message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11122",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11122"
},
{
"name": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/77_e.html",
"refsource": "MISC",
"url": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/77_e.html"
},
{
"name": "12488",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12488/"
},
{
"name": "GLSA-200409-15",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-15.xml"
},
{
"name": "usermin-web-mail-command-execution(17293)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17293"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1468",
"datePublished": "2005-02-13T05:00:00",
"dateReserved": "2005-02-13T00:00:00",
"dateUpdated": "2024-08-08T00:53:23.804Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0559 (GCVE-0-2004-0559)
Vulnerability from cvelistv5 – Published: 2004-09-24 04:00 – Updated: 2024-08-08 00:24
VLAI?
Summary
The maketemp.pl script in Usermin 1.070 and 1.080 allows local users to overwrite arbitrary files at install time via a symlink attack on the /tmp/.usermin directory.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:24:25.802Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.webmin.com/uchanges-1.089.html"
},
{
"name": "11153",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11153"
},
{
"name": "12488",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12488/"
},
{
"name": "GLSA-200409-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-15.xml"
},
{
"name": "usermin-installation-unspecified(17299)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17299"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-09-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The maketemp.pl script in Usermin 1.070 and 1.080 allows local users to overwrite arbitrary files at install time via a symlink attack on the /tmp/.usermin directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.webmin.com/uchanges-1.089.html"
},
{
"name": "11153",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11153"
},
{
"name": "12488",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12488/"
},
{
"name": "GLSA-200409-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-15.xml"
},
{
"name": "usermin-installation-unspecified(17299)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17299"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0559",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The maketemp.pl script in Usermin 1.070 and 1.080 allows local users to overwrite arbitrary files at install time via a symlink attack on the /tmp/.usermin directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.webmin.com/uchanges-1.089.html",
"refsource": "CONFIRM",
"url": "http://www.webmin.com/uchanges-1.089.html"
},
{
"name": "11153",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11153"
},
{
"name": "12488",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12488/"
},
{
"name": "GLSA-200409-15",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-15.xml"
},
{
"name": "usermin-installation-unspecified(17299)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17299"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0559",
"datePublished": "2004-09-24T04:00:00",
"dateReserved": "2004-06-14T00:00:00",
"dateUpdated": "2024-08-08T00:24:25.802Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0583 (GCVE-0-2004-0583)
Vulnerability from cvelistv5 – Published: 2004-06-23 04:00 – Updated: 2024-08-08 00:24
VLAI?
Summary
The account lockout functionality in (1) Webmin 1.140 and (2) Usermin 1.070 does not parse certain character strings, which allows remote attackers to conduct a brute force attack to guess user IDs and passwords.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:24:26.063Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "10474",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10474"
},
{
"name": "DSA-526",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2004/dsa-526"
},
{
"name": "webmin-username-password-dos(16334)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16334"
},
{
"name": "10523",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10523"
},
{
"name": "MDKSA-2004:074",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:074"
},
{
"name": "20040611 [SNS Advisory No.75] Webmin/Usermin Account Lockout Bypass Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108737059313829\u0026w=2"
},
{
"name": "GLSA-200406-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200406-15.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.webmin.com/changes-1.150.html"
},
{
"name": "GLSA-200406-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200406-12.xml"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/75_e.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-06-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The account lockout functionality in (1) Webmin 1.140 and (2) Usermin 1.070 does not parse certain character strings, which allows remote attackers to conduct a brute force attack to guess user IDs and passwords."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "10474",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10474"
},
{
"name": "DSA-526",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2004/dsa-526"
},
{
"name": "webmin-username-password-dos(16334)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16334"
},
{
"name": "10523",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10523"
},
{
"name": "MDKSA-2004:074",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:074"
},
{
"name": "20040611 [SNS Advisory No.75] Webmin/Usermin Account Lockout Bypass Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108737059313829\u0026w=2"
},
{
"name": "GLSA-200406-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200406-15.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.webmin.com/changes-1.150.html"
},
{
"name": "GLSA-200406-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200406-12.xml"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/75_e.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0583",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The account lockout functionality in (1) Webmin 1.140 and (2) Usermin 1.070 does not parse certain character strings, which allows remote attackers to conduct a brute force attack to guess user IDs and passwords."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "10474",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10474"
},
{
"name": "DSA-526",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-526"
},
{
"name": "webmin-username-password-dos(16334)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16334"
},
{
"name": "10523",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10523"
},
{
"name": "MDKSA-2004:074",
"refsource": "MANDRAKE",
"url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:074"
},
{
"name": "20040611 [SNS Advisory No.75] Webmin/Usermin Account Lockout Bypass Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108737059313829\u0026w=2"
},
{
"name": "GLSA-200406-15",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200406-15.xml"
},
{
"name": "http://www.webmin.com/changes-1.150.html",
"refsource": "CONFIRM",
"url": "http://www.webmin.com/changes-1.150.html"
},
{
"name": "GLSA-200406-12",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200406-12.xml"
},
{
"name": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/75_e.html",
"refsource": "MISC",
"url": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/75_e.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0583",
"datePublished": "2004-06-23T04:00:00",
"dateReserved": "2004-06-18T00:00:00",
"dateUpdated": "2024-08-08T00:24:26.063Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-2079 (GCVE-0-2015-2079)
Vulnerability from nvd – Published: 2025-04-28 00:00 – Updated: 2025-04-28 15:26
VLAI?
Summary
Usermin 0.980 through 1.x before 1.660 allows uconfig_save.cgi sig_file_free remote code execution because it uses the two argument (not three argument) form of Perl open.
Severity ?
9.9 (Critical)
CWE
- CWE-96 - Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection')
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2015-2079",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-28T15:17:22.192383Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-28T15:26:11.894Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Usermin",
"vendor": "Usermin",
"versions": [
{
"lessThan": "1.660",
"status": "affected",
"version": "0.980",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:usermin:usermin:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.660",
"versionStartIncluding": "0.980",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Usermin 0.980 through 1.x before 1.660 allows uconfig_save.cgi sig_file_free remote code execution because it uses the two argument (not three argument) form of Perl open."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-96",
"description": "CWE-96 Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-28T14:45:13.615Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://code-white.com/public-vulnerability-list/"
},
{
"url": "https://code-white.com/blog/2015-05-cve-2015-2079-rce-usermin/"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-2079",
"datePublished": "2025-04-28T00:00:00.000Z",
"dateReserved": "2015-02-24T00:00:00.000Z",
"dateUpdated": "2025-04-28T15:26:11.894Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1276 (GCVE-0-2007-1276)
Vulnerability from nvd – Published: 2007-03-05 20:00 – Updated: 2024-08-07 12:50
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in chooser.cgi in Webmin before 1.330 and Usermin before 1.260 allow remote attackers to inject arbitrary web script or HTML via a crafted filename.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:50:34.879Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.webmin.com/security.html"
},
{
"name": "33832",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/33832"
},
{
"name": "24321",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24321"
},
{
"name": "ADV-2007-0780",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0780"
},
{
"name": "1017711",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017711"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.webmin.com/changes-1.330.html"
},
{
"name": "webmin-chooser-xss(32725)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32725"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-02-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in chooser.cgi in Webmin before 1.330 and Usermin before 1.260 allow remote attackers to inject arbitrary web script or HTML via a crafted filename."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.webmin.com/security.html"
},
{
"name": "33832",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/33832"
},
{
"name": "24321",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24321"
},
{
"name": "ADV-2007-0780",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0780"
},
{
"name": "1017711",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017711"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.webmin.com/changes-1.330.html"
},
{
"name": "webmin-chooser-xss(32725)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32725"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1276",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in chooser.cgi in Webmin before 1.330 and Usermin before 1.260 allow remote attackers to inject arbitrary web script or HTML via a crafted filename."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.webmin.com/security.html",
"refsource": "CONFIRM",
"url": "http://www.webmin.com/security.html"
},
{
"name": "33832",
"refsource": "OSVDB",
"url": "http://osvdb.org/33832"
},
{
"name": "24321",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24321"
},
{
"name": "ADV-2007-0780",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0780"
},
{
"name": "1017711",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017711"
},
{
"name": "http://www.webmin.com/changes-1.330.html",
"refsource": "CONFIRM",
"url": "http://www.webmin.com/changes-1.330.html"
},
{
"name": "webmin-chooser-xss(32725)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32725"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1276",
"datePublished": "2007-03-05T20:00:00",
"dateReserved": "2007-03-05T00:00:00",
"dateUpdated": "2024-08-07T12:50:34.879Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4246 (GCVE-0-2006-4246)
Vulnerability from nvd – Published: 2006-09-19 18:00 – Updated: 2024-08-07 19:06
VLAI?
Summary
Usermin before 1.220 (20060629) allows remote attackers to read arbitrary files, possibly related to chfn/save.cgi not properly handling an empty shell parameter, which results in changing root's shell instead of the shell of a specified user.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:06:07.026Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "21968",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21968"
},
{
"name": "21981",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21981"
},
{
"name": "18574",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18574"
},
{
"name": "usermin-shell-dos(29010)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29010"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.webmin.com/uchanges.html"
},
{
"name": "ADV-2006-3668",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3668"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.osreviews.net/reviews/admin/usermin"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1509145\u0026group_id=17457\u0026atid=485894"
},
{
"name": "DSA-1177",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1177"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Usermin before 1.220 (20060629) allows remote attackers to read arbitrary files, possibly related to chfn/save.cgi not properly handling an empty shell parameter, which results in changing root\u0027s shell instead of the shell of a specified user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "21968",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21968"
},
{
"name": "21981",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21981"
},
{
"name": "18574",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18574"
},
{
"name": "usermin-shell-dos(29010)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29010"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.webmin.com/uchanges.html"
},
{
"name": "ADV-2006-3668",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3668"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.osreviews.net/reviews/admin/usermin"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1509145\u0026group_id=17457\u0026atid=485894"
},
{
"name": "DSA-1177",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1177"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2006-4246",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Usermin before 1.220 (20060629) allows remote attackers to read arbitrary files, possibly related to chfn/save.cgi not properly handling an empty shell parameter, which results in changing root\u0027s shell instead of the shell of a specified user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21968",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21968"
},
{
"name": "21981",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21981"
},
{
"name": "18574",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18574"
},
{
"name": "usermin-shell-dos(29010)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29010"
},
{
"name": "http://www.webmin.com/uchanges.html",
"refsource": "CONFIRM",
"url": "http://www.webmin.com/uchanges.html"
},
{
"name": "ADV-2006-3668",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3668"
},
{
"name": "http://www.osreviews.net/reviews/admin/usermin",
"refsource": "MISC",
"url": "http://www.osreviews.net/reviews/admin/usermin"
},
{
"name": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1509145\u0026group_id=17457\u0026atid=485894",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1509145\u0026group_id=17457\u0026atid=485894"
},
{
"name": "DSA-1177",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1177"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2006-4246",
"datePublished": "2006-09-19T18:00:00",
"dateReserved": "2006-08-21T00:00:00",
"dateUpdated": "2024-08-07T19:06:07.026Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4542 (GCVE-0-2006-4542)
Vulnerability from nvd – Published: 2006-09-05 23:00 – Updated: 2024-08-07 19:14
VLAI?
Summary
Webmin before 1.296 and Usermin before 1.226 do not properly handle a URL with a null ("%00") character, which allows remote attackers to conduct cross-site scripting (XSS), read CGI program source code, list directories, and possibly execute programs.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:14:47.503Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#99776858",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/jp/JVN%2399776858/index.html"
},
{
"name": "19820",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19820"
},
{
"name": "22114",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22114"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/89_e.html"
},
{
"name": "ADV-2006-3424",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3424"
},
{
"name": "21690",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21690"
},
{
"name": "DSA-1199",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1199"
},
{
"name": "28338",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/28338"
},
{
"name": "22087",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22087"
},
{
"name": "28337",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/28337"
},
{
"name": "MDKSA-2006:170",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:170"
},
{
"name": "1016776",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016776"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://webmin.com/security.html"
},
{
"name": "22556",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22556"
},
{
"name": "1016777",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016777"
},
{
"name": "webmin-usermin-source-disclosure(28699)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28699"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Webmin before 1.296 and Usermin before 1.226 do not properly handle a URL with a null (\"%00\") character, which allows remote attackers to conduct cross-site scripting (XSS), read CGI program source code, list directories, and possibly execute programs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "JVN#99776858",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/jp/JVN%2399776858/index.html"
},
{
"name": "19820",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19820"
},
{
"name": "22114",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22114"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/89_e.html"
},
{
"name": "ADV-2006-3424",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3424"
},
{
"name": "21690",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21690"
},
{
"name": "DSA-1199",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1199"
},
{
"name": "28338",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/28338"
},
{
"name": "22087",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22087"
},
{
"name": "28337",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/28337"
},
{
"name": "MDKSA-2006:170",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:170"
},
{
"name": "1016776",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016776"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://webmin.com/security.html"
},
{
"name": "22556",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22556"
},
{
"name": "1016777",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016777"
},
{
"name": "webmin-usermin-source-disclosure(28699)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28699"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4542",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Webmin before 1.296 and Usermin before 1.226 do not properly handle a URL with a null (\"%00\") character, which allows remote attackers to conduct cross-site scripting (XSS), read CGI program source code, list directories, and possibly execute programs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#99776858",
"refsource": "JVN",
"url": "http://jvn.jp/jp/JVN%2399776858/index.html"
},
{
"name": "19820",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19820"
},
{
"name": "22114",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22114"
},
{
"name": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/89_e.html",
"refsource": "MISC",
"url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/89_e.html"
},
{
"name": "ADV-2006-3424",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3424"
},
{
"name": "21690",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21690"
},
{
"name": "DSA-1199",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1199"
},
{
"name": "28338",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28338"
},
{
"name": "22087",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22087"
},
{
"name": "28337",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28337"
},
{
"name": "MDKSA-2006:170",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:170"
},
{
"name": "1016776",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016776"
},
{
"name": "http://webmin.com/security.html",
"refsource": "CONFIRM",
"url": "http://webmin.com/security.html"
},
{
"name": "22556",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22556"
},
{
"name": "1016777",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016777"
},
{
"name": "webmin-usermin-source-disclosure(28699)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28699"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4542",
"datePublished": "2006-09-05T23:00:00",
"dateReserved": "2006-09-05T00:00:00",
"dateUpdated": "2024-08-07T19:14:47.503Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-3392 (GCVE-0-2006-3392)
Vulnerability from nvd – Published: 2006-07-06 20:00 – Updated: 2024-08-07 18:30
VLAI?
Summary
Webmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML, which allows remote attackers to read arbitrary files, as demonstrated using "..%01" sequences, which bypass the removal of "../" sequences before bytes such as "%01" are removed from the filename. NOTE: This is a different issue than CVE-2006-3274.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:30:32.634Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "21365",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21365"
},
{
"name": "GLSA-200608-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200608-11.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.webmin.com/changes.html"
},
{
"name": "20060710 Re: Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/440125/100/0/threaded"
},
{
"name": "21105",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21105"
},
{
"name": "18744",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18744"
},
{
"name": "20060715 Webmin / Usermin Arbitrary File Disclosure Vulnerability Perl",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/440493/100/0/threaded"
},
{
"name": "20060715 Re: Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/440466/100/0/threaded"
},
{
"name": "VU#999601",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/999601"
},
{
"name": "DSA-1199",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1199"
},
{
"name": "20060630 Webmin traversal - changelog",
"tags": [
"mailing-list",
"x_refsource_VIM",
"x_transferred"
],
"url": "http://attrition.org/pipermail/vim/2006-June/000912.html"
},
{
"name": "20892",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20892"
},
{
"name": "MDKSA-2006:125",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:125"
},
{
"name": "ADV-2006-2612",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2612"
},
{
"name": "20060709 Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/439653/100/0/threaded"
},
{
"name": "26772",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/26772"
},
{
"name": "22556",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22556"
},
{
"name": "20060711 Re: Webmin traversal - changelog",
"tags": [
"mailing-list",
"x_refsource_VIM",
"x_transferred"
],
"url": "http://attrition.org/pipermail/vim/2006-July/000923.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Webmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML, which allows remote attackers to read arbitrary files, as demonstrated using \"..%01\" sequences, which bypass the removal of \"../\" sequences before bytes such as \"%01\" are removed from the filename. NOTE: This is a different issue than CVE-2006-3274."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "21365",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21365"
},
{
"name": "GLSA-200608-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200608-11.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.webmin.com/changes.html"
},
{
"name": "20060710 Re: Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/440125/100/0/threaded"
},
{
"name": "21105",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21105"
},
{
"name": "18744",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18744"
},
{
"name": "20060715 Webmin / Usermin Arbitrary File Disclosure Vulnerability Perl",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/440493/100/0/threaded"
},
{
"name": "20060715 Re: Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/440466/100/0/threaded"
},
{
"name": "VU#999601",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/999601"
},
{
"name": "DSA-1199",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1199"
},
{
"name": "20060630 Webmin traversal - changelog",
"tags": [
"mailing-list",
"x_refsource_VIM"
],
"url": "http://attrition.org/pipermail/vim/2006-June/000912.html"
},
{
"name": "20892",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20892"
},
{
"name": "MDKSA-2006:125",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:125"
},
{
"name": "ADV-2006-2612",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2612"
},
{
"name": "20060709 Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/439653/100/0/threaded"
},
{
"name": "26772",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/26772"
},
{
"name": "22556",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22556"
},
{
"name": "20060711 Re: Webmin traversal - changelog",
"tags": [
"mailing-list",
"x_refsource_VIM"
],
"url": "http://attrition.org/pipermail/vim/2006-July/000923.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3392",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Webmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML, which allows remote attackers to read arbitrary files, as demonstrated using \"..%01\" sequences, which bypass the removal of \"../\" sequences before bytes such as \"%01\" are removed from the filename. NOTE: This is a different issue than CVE-2006-3274."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21365",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21365"
},
{
"name": "GLSA-200608-11",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200608-11.xml"
},
{
"name": "http://www.webmin.com/changes.html",
"refsource": "CONFIRM",
"url": "http://www.webmin.com/changes.html"
},
{
"name": "20060710 Re: Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/440125/100/0/threaded"
},
{
"name": "21105",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21105"
},
{
"name": "18744",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18744"
},
{
"name": "20060715 Webmin / Usermin Arbitrary File Disclosure Vulnerability Perl",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/440493/100/0/threaded"
},
{
"name": "20060715 Re: Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/440466/100/0/threaded"
},
{
"name": "VU#999601",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/999601"
},
{
"name": "DSA-1199",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1199"
},
{
"name": "20060630 Webmin traversal - changelog",
"refsource": "VIM",
"url": "http://attrition.org/pipermail/vim/2006-June/000912.html"
},
{
"name": "20892",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20892"
},
{
"name": "MDKSA-2006:125",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:125"
},
{
"name": "ADV-2006-2612",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2612"
},
{
"name": "20060709 Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/439653/100/0/threaded"
},
{
"name": "26772",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26772"
},
{
"name": "22556",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22556"
},
{
"name": "20060711 Re: Webmin traversal - changelog",
"refsource": "VIM",
"url": "http://attrition.org/pipermail/vim/2006-July/000923.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3392",
"datePublished": "2006-07-06T20:00:00",
"dateReserved": "2006-07-06T00:00:00",
"dateUpdated": "2024-08-07T18:30:32.634Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3042 (GCVE-0-2005-3042)
Vulnerability from nvd – Published: 2005-09-22 04:00 – Updated: 2024-08-07 22:53
VLAI?
Summary
miniserv.pl in Webmin before 1.230 and Usermin before 1.160, when "full PAM conversations" is enabled, allows remote attackers to bypass authentication by spoofing session IDs via certain metacharacters (line feed or carriage return).
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:53:30.475Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "16858",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16858"
},
{
"name": "17282",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17282"
},
{
"name": "GLSA-200509-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-17.xml"
},
{
"name": "19575",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/19575"
},
{
"name": "17",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/17"
},
{
"name": "14889",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14889"
},
{
"name": "ADV-2005-1791",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/1791"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/83_e.html"
},
{
"name": "MDKSA-2005:176",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:176"
},
{
"name": "SUSE-SR:2005:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_24_sr.html"
},
{
"name": "20050921 [SNS Advisory No.83] Webmin/Usermin PAM Authentication Bypass Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2005-09/0257.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.webmin.com/changes-1.230.html"
},
{
"name": "JVN#40940493",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/jp/JVN%2340940493/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.webmin.com/uchanges-1.160.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-09-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "miniserv.pl in Webmin before 1.230 and Usermin before 1.160, when \"full PAM conversations\" is enabled, allows remote attackers to bypass authentication by spoofing session IDs via certain metacharacters (line feed or carriage return)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-09-29T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "16858",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16858"
},
{
"name": "17282",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17282"
},
{
"name": "GLSA-200509-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-17.xml"
},
{
"name": "19575",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/19575"
},
{
"name": "17",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/17"
},
{
"name": "14889",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14889"
},
{
"name": "ADV-2005-1791",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/1791"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/83_e.html"
},
{
"name": "MDKSA-2005:176",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:176"
},
{
"name": "SUSE-SR:2005:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_24_sr.html"
},
{
"name": "20050921 [SNS Advisory No.83] Webmin/Usermin PAM Authentication Bypass Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2005-09/0257.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.webmin.com/changes-1.230.html"
},
{
"name": "JVN#40940493",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/jp/JVN%2340940493/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.webmin.com/uchanges-1.160.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3042",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "miniserv.pl in Webmin before 1.230 and Usermin before 1.160, when \"full PAM conversations\" is enabled, allows remote attackers to bypass authentication by spoofing session IDs via certain metacharacters (line feed or carriage return)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16858",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16858"
},
{
"name": "17282",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17282"
},
{
"name": "GLSA-200509-17",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-17.xml"
},
{
"name": "19575",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/19575"
},
{
"name": "17",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/17"
},
{
"name": "14889",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14889"
},
{
"name": "ADV-2005-1791",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/1791"
},
{
"name": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/83_e.html",
"refsource": "MISC",
"url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/83_e.html"
},
{
"name": "MDKSA-2005:176",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:176"
},
{
"name": "SUSE-SR:2005:024",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_24_sr.html"
},
{
"name": "20050921 [SNS Advisory No.83] Webmin/Usermin PAM Authentication Bypass Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2005-09/0257.html"
},
{
"name": "http://www.webmin.com/changes-1.230.html",
"refsource": "CONFIRM",
"url": "http://www.webmin.com/changes-1.230.html"
},
{
"name": "JVN#40940493",
"refsource": "JVN",
"url": "http://jvn.jp/jp/JVN%2340940493/index.html"
},
{
"name": "http://www.webmin.com/uchanges-1.160.html",
"refsource": "CONFIRM",
"url": "http://www.webmin.com/uchanges-1.160.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3042",
"datePublished": "2005-09-22T04:00:00",
"dateReserved": "2005-09-22T00:00:00",
"dateUpdated": "2024-08-07T22:53:30.475Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-1177 (GCVE-0-2005-1177)
Vulnerability from nvd – Published: 2005-04-19 04:00 – Updated: 2024-08-07 21:44
VLAI?
Summary
Unknown vulnerability in (1) Webmin and (2) Usermin before 1.200 causes Webmin to change permissions and ownership of configuration files, with unknown impact.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:44:05.268Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.webmin.com/changes.html"
},
{
"name": "1013723",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1013723"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.webmin.com/uchanges.html"
},
{
"name": "webmin-config-file-permissions(20607)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20607"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-04-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unknown vulnerability in (1) Webmin and (2) Usermin before 1.200 causes Webmin to change permissions and ownership of configuration files, with unknown impact."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.webmin.com/changes.html"
},
{
"name": "1013723",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1013723"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.webmin.com/uchanges.html"
},
{
"name": "webmin-config-file-permissions(20607)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20607"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1177",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unknown vulnerability in (1) Webmin and (2) Usermin before 1.200 causes Webmin to change permissions and ownership of configuration files, with unknown impact."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.webmin.com/changes.html",
"refsource": "CONFIRM",
"url": "http://www.webmin.com/changes.html"
},
{
"name": "1013723",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013723"
},
{
"name": "http://www.webmin.com/uchanges.html",
"refsource": "CONFIRM",
"url": "http://www.webmin.com/uchanges.html"
},
{
"name": "webmin-config-file-permissions(20607)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20607"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1177",
"datePublished": "2005-04-19T04:00:00",
"dateReserved": "2005-04-19T00:00:00",
"dateUpdated": "2024-08-07T21:44:05.268Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1468 (GCVE-0-2004-1468)
Vulnerability from nvd – Published: 2005-02-13 05:00 – Updated: 2024-08-08 00:53
VLAI?
Summary
The web mail functionality in Usermin 1.x and Webmin 1.x allows remote attackers to execute arbitrary commands via shell metacharacters in an e-mail message.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:53:23.804Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "11122",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11122"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/77_e.html"
},
{
"name": "12488",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12488/"
},
{
"name": "GLSA-200409-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-15.xml"
},
{
"name": "usermin-web-mail-command-execution(17293)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17293"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-09-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The web mail functionality in Usermin 1.x and Webmin 1.x allows remote attackers to execute arbitrary commands via shell metacharacters in an e-mail message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "11122",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11122"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/77_e.html"
},
{
"name": "12488",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12488/"
},
{
"name": "GLSA-200409-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-15.xml"
},
{
"name": "usermin-web-mail-command-execution(17293)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17293"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1468",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web mail functionality in Usermin 1.x and Webmin 1.x allows remote attackers to execute arbitrary commands via shell metacharacters in an e-mail message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11122",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11122"
},
{
"name": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/77_e.html",
"refsource": "MISC",
"url": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/77_e.html"
},
{
"name": "12488",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12488/"
},
{
"name": "GLSA-200409-15",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-15.xml"
},
{
"name": "usermin-web-mail-command-execution(17293)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17293"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1468",
"datePublished": "2005-02-13T05:00:00",
"dateReserved": "2005-02-13T00:00:00",
"dateUpdated": "2024-08-08T00:53:23.804Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0559 (GCVE-0-2004-0559)
Vulnerability from nvd – Published: 2004-09-24 04:00 – Updated: 2024-08-08 00:24
VLAI?
Summary
The maketemp.pl script in Usermin 1.070 and 1.080 allows local users to overwrite arbitrary files at install time via a symlink attack on the /tmp/.usermin directory.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:24:25.802Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.webmin.com/uchanges-1.089.html"
},
{
"name": "11153",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11153"
},
{
"name": "12488",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12488/"
},
{
"name": "GLSA-200409-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-15.xml"
},
{
"name": "usermin-installation-unspecified(17299)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17299"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-09-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The maketemp.pl script in Usermin 1.070 and 1.080 allows local users to overwrite arbitrary files at install time via a symlink attack on the /tmp/.usermin directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.webmin.com/uchanges-1.089.html"
},
{
"name": "11153",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11153"
},
{
"name": "12488",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12488/"
},
{
"name": "GLSA-200409-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-15.xml"
},
{
"name": "usermin-installation-unspecified(17299)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17299"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0559",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The maketemp.pl script in Usermin 1.070 and 1.080 allows local users to overwrite arbitrary files at install time via a symlink attack on the /tmp/.usermin directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.webmin.com/uchanges-1.089.html",
"refsource": "CONFIRM",
"url": "http://www.webmin.com/uchanges-1.089.html"
},
{
"name": "11153",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11153"
},
{
"name": "12488",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12488/"
},
{
"name": "GLSA-200409-15",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-15.xml"
},
{
"name": "usermin-installation-unspecified(17299)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17299"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0559",
"datePublished": "2004-09-24T04:00:00",
"dateReserved": "2004-06-14T00:00:00",
"dateUpdated": "2024-08-08T00:24:25.802Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
VAR-200412-0165
Vulnerability from variot - Updated: 2023-12-18 12:13The web mail functionality in Usermin 1.x and Webmin 1.x allows remote attackers to execute arbitrary commands via shell metacharacters in an e-mail message. Usermin Is Web The module that sends and receives emails via the interface is incomplete and received HTML Another in the email Usermin A vulnerability exists that does not properly remove links to modules.An arbitrary command may be executed with the authority of the user who received and viewed the email. Webmin / Usermin are reportedly affected by a command execution vulnerability when rendering HTML email messages. This issue is reported to affect Usermin versions 1.080 and prior. Under certain versions of the Cisco Catalyst a user who already has access to the device can elevate their current access to 'enable' mode without a password. Once 'enable' mode is obtained the user can access the configuration mode and commit unauthorized configuration changes on a Catalyst switch. This can be done either from the console itself or via a remote Telnet session
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200412-0165",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "usermin",
"scope": "eq",
"trust": 1.9,
"vendor": "usermin",
"version": "1.080"
},
{
"model": "usermin",
"scope": "eq",
"trust": 1.9,
"vendor": "usermin",
"version": "1.070"
},
{
"model": "usermin",
"scope": "eq",
"trust": 1.9,
"vendor": "usermin",
"version": "1.060"
},
{
"model": "usermin",
"scope": "eq",
"trust": 1.9,
"vendor": "usermin",
"version": "1.051"
},
{
"model": "usermin",
"scope": "eq",
"trust": 1.9,
"vendor": "usermin",
"version": "1.040"
},
{
"model": "usermin",
"scope": "eq",
"trust": 1.9,
"vendor": "usermin",
"version": "1.030"
},
{
"model": "usermin",
"scope": "eq",
"trust": 1.9,
"vendor": "usermin",
"version": "1.020"
},
{
"model": "usermin",
"scope": "eq",
"trust": 1.9,
"vendor": "usermin",
"version": "1.010"
},
{
"model": "usermin",
"scope": "eq",
"trust": 1.9,
"vendor": "usermin",
"version": "1.000"
},
{
"model": "webmin",
"scope": "eq",
"trust": 1.0,
"vendor": "webmin",
"version": "1.0.50"
},
{
"model": "webmin",
"scope": "eq",
"trust": 1.0,
"vendor": "webmin",
"version": "1.0.70"
},
{
"model": "webmin",
"scope": "eq",
"trust": 1.0,
"vendor": "webmin",
"version": "1.1.10"
},
{
"model": "webmin",
"scope": "eq",
"trust": 1.0,
"vendor": "webmin",
"version": "1.1.30"
},
{
"model": "webmin",
"scope": "eq",
"trust": 1.0,
"vendor": "webmin",
"version": "1.0.00"
},
{
"model": "webmin",
"scope": "eq",
"trust": 1.0,
"vendor": "webmin",
"version": "1.0.80"
},
{
"model": "webmin",
"scope": "eq",
"trust": 1.0,
"vendor": "webmin",
"version": "1.1.50"
},
{
"model": "webmin",
"scope": "eq",
"trust": 1.0,
"vendor": "webmin",
"version": "1.1.00"
},
{
"model": "webmin",
"scope": "eq",
"trust": 1.0,
"vendor": "webmin",
"version": "1.0.90"
},
{
"model": "webmin",
"scope": "eq",
"trust": 1.0,
"vendor": "webmin",
"version": "1.0.60"
},
{
"model": "webmin",
"scope": "eq",
"trust": 1.0,
"vendor": "webmin",
"version": "1.1.21"
},
{
"model": "webmin",
"scope": "eq",
"trust": 1.0,
"vendor": "webmin",
"version": "1.0.20"
},
{
"model": "webmin",
"scope": "eq",
"trust": 1.0,
"vendor": "webmin",
"version": "1.1.40"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "2.0"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "2.1"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3.0"
},
{
"model": "webmin",
"scope": "eq",
"trust": 0.3,
"vendor": "webmin",
"version": "1.150"
},
{
"model": "webmin",
"scope": "eq",
"trust": 0.3,
"vendor": "webmin",
"version": "1.140"
},
{
"model": "webmin",
"scope": "eq",
"trust": 0.3,
"vendor": "webmin",
"version": "1.130"
},
{
"model": "webmin",
"scope": "eq",
"trust": 0.3,
"vendor": "webmin",
"version": "1.121"
},
{
"model": "webmin",
"scope": "eq",
"trust": 0.3,
"vendor": "webmin",
"version": "1.110"
},
{
"model": "webmin",
"scope": "eq",
"trust": 0.3,
"vendor": "webmin",
"version": "1.100"
},
{
"model": "webmin",
"scope": "eq",
"trust": 0.3,
"vendor": "webmin",
"version": "1.090"
},
{
"model": "webmin",
"scope": "eq",
"trust": 0.3,
"vendor": "webmin",
"version": "1.080"
},
{
"model": "webmin",
"scope": "eq",
"trust": 0.3,
"vendor": "webmin",
"version": "1.070"
},
{
"model": "webmin",
"scope": "eq",
"trust": 0.3,
"vendor": "webmin",
"version": "1.060"
},
{
"model": "webmin",
"scope": "eq",
"trust": 0.3,
"vendor": "webmin",
"version": "1.050"
},
{
"model": "webmin",
"scope": "eq",
"trust": 0.3,
"vendor": "webmin",
"version": "1.020"
},
{
"model": "webmin",
"scope": "eq",
"trust": 0.3,
"vendor": "webmin",
"version": "1.000"
},
{
"model": "webmin",
"scope": "ne",
"trust": 0.3,
"vendor": "webmin",
"version": "1.160"
},
{
"model": "usermin",
"scope": "ne",
"trust": 0.3,
"vendor": "usermin",
"version": "1.090"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "65005.4.1"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "60005.4.1"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "55005.4.1"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "50005.4.1"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "40005.4.1"
}
],
"sources": [
{
"db": "BID",
"id": "11122"
},
{
"db": "BID",
"id": "1122"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000116"
},
{
"db": "NVD",
"id": "CVE-2004-1468"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-1201"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:usermin:usermin:1.000:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:usermin:usermin:1.080:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:webmin:webmin:1.0.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:webmin:webmin:1.1.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:webmin:webmin:1.1.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:usermin:usermin:1.030:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:usermin:usermin:1.040:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:webmin:webmin:1.0.60:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:webmin:webmin:1.0.70:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:webmin:webmin:1.1.40:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:webmin:webmin:1.1.50:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:usermin:usermin:1.010:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:usermin:usermin:1.020:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:webmin:webmin:1.0.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:webmin:webmin:1.0.50:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:webmin:webmin:1.1.21:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:webmin:webmin:1.1.30:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:usermin:usermin:1.051:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:usermin:usermin:1.060:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:usermin:usermin:1.070:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:webmin:webmin:1.0.80:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:webmin:webmin:1.0.90:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-1468"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "This vulnerability was announced by Cisco in a security advisory posted to the Bugtraq mailing list on April 19, 2000.\n\n The Cisco BugID for this issue is:\n\nCSCdr10025",
"sources": [
{
"db": "BID",
"id": "1122"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-1201"
}
],
"trust": 0.9
},
"cve": "CVE-2004-1468",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2004-1468",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2004-1468",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200412-1201",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2004-1468",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2004-1468"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000116"
},
{
"db": "NVD",
"id": "CVE-2004-1468"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-1201"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The web mail functionality in Usermin 1.x and Webmin 1.x allows remote attackers to execute arbitrary commands via shell metacharacters in an e-mail message. Usermin Is Web The module that sends and receives emails via the interface is incomplete and received HTML Another in the email Usermin A vulnerability exists that does not properly remove links to modules.An arbitrary command may be executed with the authority of the user who received and viewed the email. Webmin / Usermin are reportedly affected by a command execution vulnerability when rendering HTML email messages. \nThis issue is reported to affect Usermin versions 1.080 and prior. Under certain versions of the Cisco Catalyst a user who already has access to the device can elevate their current access to \u0027enable\u0027 mode without a password. Once \u0027enable\u0027 mode is obtained the user can access the configuration mode and commit unauthorized configuration changes on a Catalyst switch. \nThis can be done either from the console itself or via a remote Telnet session",
"sources": [
{
"db": "NVD",
"id": "CVE-2004-1468"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000116"
},
{
"db": "BID",
"id": "11122"
},
{
"db": "BID",
"id": "1122"
},
{
"db": "VULMON",
"id": "CVE-2004-1468"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "11122",
"trust": 2.8
},
{
"db": "NVD",
"id": "CVE-2004-1468",
"trust": 2.5
},
{
"db": "SECUNIA",
"id": "12488",
"trust": 1.7
},
{
"db": "BID",
"id": "1122",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000116",
"trust": 0.8
},
{
"db": "GENTOO",
"id": "GLSA-200409-15",
"trust": 0.6
},
{
"db": "XF",
"id": "17293",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200412-1201",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2004-1468",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2004-1468"
},
{
"db": "BID",
"id": "11122"
},
{
"db": "BID",
"id": "1122"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000116"
},
{
"db": "NVD",
"id": "CVE-2004-1468"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-1201"
}
]
},
"id": "VAR-200412-0165",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.3056849
},
"last_update_date": "2023-12-18T12:13:45.454000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "usermin (V2.x/V3.0)",
"trust": 0.8,
"url": "http://www.miraclelinux.com/update/linux/list.php?errata_id=19"
},
{
"title": "usermin (V2.x)",
"trust": 0.8,
"url": "http://www.miraclelinux.com/support/update/list.php?errata_id=990"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2004-000116"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-1468"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/11122"
},
{
"trust": 1.7,
"url": "http://www.lac.co.jp/security/csl/intelligence/snsadvisory_e/77_e.html"
},
{
"trust": 1.7,
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-15.xml"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/12488/"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17293"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2004-1468"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2004-1468"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/17293"
},
{
"trust": 0.3,
"url": "http://www.webmin.com/index6.html"
},
{
"trust": 0.3,
"url": "/archive/1/374439"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/warp/public/707/sec_incident_response.shtml"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=8115"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2004-1468"
},
{
"db": "BID",
"id": "11122"
},
{
"db": "BID",
"id": "1122"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000116"
},
{
"db": "NVD",
"id": "CVE-2004-1468"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-1201"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2004-1468"
},
{
"db": "BID",
"id": "11122"
},
{
"db": "BID",
"id": "1122"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000116"
},
{
"db": "NVD",
"id": "CVE-2004-1468"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-1201"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-12-31T00:00:00",
"db": "VULMON",
"id": "CVE-2004-1468"
},
{
"date": "2004-09-07T00:00:00",
"db": "BID",
"id": "11122"
},
{
"date": "2000-04-20T00:00:00",
"db": "BID",
"id": "1122"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2004-000116"
},
{
"date": "2004-12-31T05:00:00",
"db": "NVD",
"id": "CVE-2004-1468"
},
{
"date": "2004-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200412-1201"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-11T00:00:00",
"db": "VULMON",
"id": "CVE-2004-1468"
},
{
"date": "2004-09-07T00:00:00",
"db": "BID",
"id": "11122"
},
{
"date": "2000-04-20T00:00:00",
"db": "BID",
"id": "1122"
},
{
"date": "2007-05-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2004-000116"
},
{
"date": "2017-07-11T01:31:03.577000",
"db": "NVD",
"id": "CVE-2004-1468"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200412-1201"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "11122"
},
{
"db": "BID",
"id": "1122"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Catalyst Enable Password Bypass Vulnerability",
"sources": [
{
"db": "BID",
"id": "1122"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-1201"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access verification error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200412-1201"
}
],
"trust": 0.6
}
}
FKIE_CVE-2007-1276
Vulnerability from fkie_nvd - Published: 2007-03-05 20:19 - Updated: 2025-04-09 00:30
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in chooser.cgi in Webmin before 1.330 and Usermin before 1.260 allow remote attackers to inject arbitrary web script or HTML via a crafted filename.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://osvdb.org/33832 | ||
| cve@mitre.org | http://secunia.com/advisories/24321 | Vendor Advisory | |
| cve@mitre.org | http://www.securitytracker.com/id?1017711 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2007/0780 | Vendor Advisory | |
| cve@mitre.org | http://www.webmin.com/changes-1.330.html | ||
| cve@mitre.org | http://www.webmin.com/security.html | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/32725 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/33832 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/24321 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1017711 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2007/0780 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.webmin.com/changes-1.330.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.webmin.com/security.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/32725 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| usermin | usermin | 1.000 | |
| usermin | usermin | 1.010 | |
| usermin | usermin | 1.020 | |
| usermin | usermin | 1.030 | |
| usermin | usermin | 1.040 | |
| usermin | usermin | 1.051 | |
| usermin | usermin | 1.060 | |
| usermin | usermin | 1.070 | |
| usermin | usermin | 1.080 | |
| usermin | usermin | 1.090 | |
| usermin | usermin | 1.100 | |
| usermin | usermin | 1.110 | |
| usermin | usermin | 1.120 | |
| usermin | usermin | 1.130 | |
| usermin | usermin | 1.140 | |
| usermin | usermin | 1.150 | |
| usermin | usermin | 1.210 | |
| usermin | usermin | 1.220 | |
| usermin | usermin | 1.230 | |
| usermin | usermin | 1.240 | |
| usermin | usermin | 1.250 | |
| webmin | webmin | 1.0.00 | |
| webmin | webmin | 1.0.10 | |
| webmin | webmin | 1.0.20 | |
| webmin | webmin | 1.0.30 | |
| webmin | webmin | 1.0.40 | |
| webmin | webmin | 1.0.50 | |
| webmin | webmin | 1.0.51 | |
| webmin | webmin | 1.0.60 | |
| webmin | webmin | 1.0.70 | |
| webmin | webmin | 1.0.80 | |
| webmin | webmin | 1.0.90 | |
| webmin | webmin | 1.1.00 | |
| webmin | webmin | 1.1.10 | |
| webmin | webmin | 1.1.20 | |
| webmin | webmin | 1.1.21 | |
| webmin | webmin | 1.1.30 | |
| webmin | webmin | 1.1.40 | |
| webmin | webmin | 1.1.50 | |
| webmin | webmin | 1.2.20 | |
| webmin | webmin | 1.2.30 | |
| webmin | webmin | 1.2.40 | |
| webmin | webmin | 1.2.50 | |
| webmin | webmin | 1.3.20 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:usermin:usermin:1.000:*:*:*:*:*:*:*",
"matchCriteriaId": "C70274C3-7CA0-49A2-B63C-7DAF492CCD0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.010:*:*:*:*:*:*:*",
"matchCriteriaId": "A7C4A319-0EA6-47E0-831A-27530DCF714E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.020:*:*:*:*:*:*:*",
"matchCriteriaId": "D1009D90-9851-441B-A2E2-FA5B676E8182",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.030:*:*:*:*:*:*:*",
"matchCriteriaId": "934A3D3F-CF10-478C-9206-DB468BCA4702",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.040:*:*:*:*:*:*:*",
"matchCriteriaId": "77B42570-F094-4C25-B246-6439D3FF4B30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.051:*:*:*:*:*:*:*",
"matchCriteriaId": "69A30BB5-2C3F-4C39-8CDC-CC0CC280384C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.060:*:*:*:*:*:*:*",
"matchCriteriaId": "753BF8DE-D225-4301-A6A6-50CD60B34234",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.070:*:*:*:*:*:*:*",
"matchCriteriaId": "FC37A972-11D7-4C85-A8DC-5EDE808629F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.080:*:*:*:*:*:*:*",
"matchCriteriaId": "EA7131C0-4FE1-4D69-9B21-8A9BFADE2A2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.090:*:*:*:*:*:*:*",
"matchCriteriaId": "6499BF74-CA64-4192-A45F-0D8B30C1FF37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.100:*:*:*:*:*:*:*",
"matchCriteriaId": "C0E9BC53-C2EC-43B8-9B5D-40675CF4C335",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.110:*:*:*:*:*:*:*",
"matchCriteriaId": "4702AEBE-E774-4015-974C-761901D50697",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.120:*:*:*:*:*:*:*",
"matchCriteriaId": "9AC9875A-3D23-4E4B-9A18-F8F86A62E5DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.130:*:*:*:*:*:*:*",
"matchCriteriaId": "8AED1941-33C5-4C29-BC85-F43B0BE3920B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.140:*:*:*:*:*:*:*",
"matchCriteriaId": "D05ED34F-0D69-4A4F-B59B-15437E991075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.150:*:*:*:*:*:*:*",
"matchCriteriaId": "B443FCF7-5949-4084-BA55-74F45A8ADB66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.210:*:*:*:*:*:*:*",
"matchCriteriaId": "D42C312D-82DE-48A5-9FDE-00D547A57416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.220:*:*:*:*:*:*:*",
"matchCriteriaId": "278FE0A3-D3F2-4C36-BD87-CE3E349B6D0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.230:*:*:*:*:*:*:*",
"matchCriteriaId": "5083E992-E844-4101-ADE2-123FAA1E35BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.240:*:*:*:*:*:*:*",
"matchCriteriaId": "0B322237-AA34-4D87-ADB4-7AF4EB01E71E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.250:*:*:*:*:*:*:*",
"matchCriteriaId": "4F399AAA-68FC-41AF-B701-219D1D5373CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.00:*:*:*:*:*:*:*",
"matchCriteriaId": "2B4A574A-5B2A-4769-B932-E1736564160A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C644D728-1DD4-48E0-9E42-35E836006F41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "D9425C1F-5E6A-489A-9A8B-9156E79FEAA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.30:*:*:*:*:*:*:*",
"matchCriteriaId": "8B8347DA-13F8-40E9-B9EA-2703C049AFA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.40:*:*:*:*:*:*:*",
"matchCriteriaId": "BD9C3443-526E-4D68-9C7E-F3432BECE6C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.50:*:*:*:*:*:*:*",
"matchCriteriaId": "C968FBE9-191A-40B1-9A69-BF24511E40B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.51:*:*:*:*:*:*:*",
"matchCriteriaId": "FC77E1B6-E368-4ECD-8459-69C718CE5409",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.60:*:*:*:*:*:*:*",
"matchCriteriaId": "D89047FD-39F0-4614-B1EC-D13BAF57405E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.70:*:*:*:*:*:*:*",
"matchCriteriaId": "6CDF2120-F341-4C2E-88C1-A6C76626BFF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.80:*:*:*:*:*:*:*",
"matchCriteriaId": "01DFC15C-3513-4E94-B46D-94FEA0D627FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.90:*:*:*:*:*:*:*",
"matchCriteriaId": "F4E068D3-F6B5-4102-B9FA-949E2FAA33D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.00:*:*:*:*:*:*:*",
"matchCriteriaId": "7E6BD551-EC6A-4C77-B9E7-B9CF3DC21021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "01B0FE2D-02BC-4081-B172-64A74389C5F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "43433ECE-8225-43EE-9F5E-FBB170B60CFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "1615ACA2-32CC-48B7-AB5A-0BB0FDA7F190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.30:*:*:*:*:*:*:*",
"matchCriteriaId": "F5ABAE43-0EEF-44D5-AB36-44DA54290122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.40:*:*:*:*:*:*:*",
"matchCriteriaId": "AD33CE40-DFC9-4BDC-BF4F-9E0B268B8503",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.50:*:*:*:*:*:*:*",
"matchCriteriaId": "8608F5A2-B6FA-43C6-9862-43DBAF01EB1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "E815171B-B054-450F-A9B3-2D522161DD02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "CD941A62-A41E-41CB-80C0-8B780AC39FB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "786287DD-2565-4931-BBA0-2CACD7671352",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.2.50:*:*:*:*:*:*:*",
"matchCriteriaId": "4784DC04-D2C5-46C6-831F-23D69B4B0513",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.3.20:*:*:*:*:*:*:*",
"matchCriteriaId": "4C02919F-4201-4D1E-8395-04C6A7193077",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in chooser.cgi in Webmin before 1.330 and Usermin before 1.260 allow remote attackers to inject arbitrary web script or HTML via a crafted filename."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de tipo cross-site scripting (XSS) en el archivo chooser.cgi en Webmin versiones anteriores a 1.330 y Usermin versiones anteriores a 1.260, permite a atacantes remotos inyectar script web o HTML arbitrario por medio de un nombre de archivo dise\u00f1ado."
}
],
"id": "CVE-2007-1276",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-03-05T20:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/33832"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24321"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1017711"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/0780"
},
{
"source": "cve@mitre.org",
"url": "http://www.webmin.com/changes-1.330.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.webmin.com/security.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32725"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/33832"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24321"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1017711"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/0780"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.webmin.com/changes-1.330.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.webmin.com/security.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32725"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-4246
Vulnerability from fkie_nvd - Published: 2006-09-19 18:07 - Updated: 2025-04-03 01:03
Severity ?
Summary
Usermin before 1.220 (20060629) allows remote attackers to read arbitrary files, possibly related to chfn/save.cgi not properly handling an empty shell parameter, which results in changing root's shell instead of the shell of a specified user.
References
| URL | Tags | ||
|---|---|---|---|
| security@debian.org | http://secunia.com/advisories/21968 | Vendor Advisory | |
| security@debian.org | http://secunia.com/advisories/21981 | Patch, Vendor Advisory | |
| security@debian.org | http://sourceforge.net/tracker/index.php?func=detail&aid=1509145&group_id=17457&atid=485894 | Patch | |
| security@debian.org | http://www.debian.org/security/2006/dsa-1177 | Patch | |
| security@debian.org | http://www.osreviews.net/reviews/admin/usermin | ||
| security@debian.org | http://www.securityfocus.com/bid/18574 | Patch | |
| security@debian.org | http://www.vupen.com/english/advisories/2006/3668 | ||
| security@debian.org | http://www.webmin.com/uchanges.html | Patch | |
| security@debian.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/29010 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/21968 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/21981 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://sourceforge.net/tracker/index.php?func=detail&aid=1509145&group_id=17457&atid=485894 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2006/dsa-1177 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.osreviews.net/reviews/admin/usermin | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/18574 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2006/3668 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.webmin.com/uchanges.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/29010 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| usermin | usermin | * | |
| usermin | usermin | 0.4 | |
| usermin | usermin | 0.5 | |
| usermin | usermin | 0.6 | |
| usermin | usermin | 0.7 | |
| usermin | usermin | 0.8 | |
| usermin | usermin | 0.9 | |
| usermin | usermin | 0.91 | |
| usermin | usermin | 0.92 | |
| usermin | usermin | 0.93 | |
| usermin | usermin | 0.94 | |
| usermin | usermin | 0.95 | |
| usermin | usermin | 0.96 | |
| usermin | usermin | 0.97 | |
| usermin | usermin | 0.98 | |
| usermin | usermin | 0.99 | |
| usermin | usermin | 1.000 | |
| usermin | usermin | 1.010 | |
| usermin | usermin | 1.020 | |
| usermin | usermin | 1.030 | |
| usermin | usermin | 1.040 | |
| usermin | usermin | 1.051 | |
| usermin | usermin | 1.060 | |
| usermin | usermin | 1.070 | |
| usermin | usermin | 1.080 | |
| usermin | usermin | 1.090 | |
| usermin | usermin | 1.100 | |
| usermin | usermin | 1.110 | |
| usermin | usermin | 1.120 | |
| usermin | usermin | 1.130 | |
| usermin | usermin | 1.140 | |
| usermin | usermin | 1.150 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:usermin:usermin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26B92F53-3598-44F5-8CE1-A04A28EFF92E",
"versionEndIncluding": "1.210",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1AD41B8B-72C0-411F-83E7-A82E1642FA26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "65A99166-28DF-4651-985F-922DBB06687E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0F9EACC7-1464-4476-9AA1-50DD902A3489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CD343610-8BE2-4916-AF30-66B21330D84C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0D54B4D9-5218-41F9-A701-F960199EE520",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B352FF6B-989C-4540-B434-9452851F745C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.91:*:*:*:*:*:*:*",
"matchCriteriaId": "F83F9841-49C7-410A-891F-365BBA043D2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.92:*:*:*:*:*:*:*",
"matchCriteriaId": "711485C5-F16A-4481-AEE3-E2AF1BAA09DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.93:*:*:*:*:*:*:*",
"matchCriteriaId": "FD5B9395-DCEA-4615-825E-1C4B42F25E2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.94:*:*:*:*:*:*:*",
"matchCriteriaId": "0B7162DD-DFE1-478D-B87C-28C393E20941",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.95:*:*:*:*:*:*:*",
"matchCriteriaId": "A01D1150-FCDE-47F5-BFE6-F06A294D7B29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.96:*:*:*:*:*:*:*",
"matchCriteriaId": "2D673B88-A9D9-4D22-9531-7F06791BC551",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.97:*:*:*:*:*:*:*",
"matchCriteriaId": "538021A3-2A6E-446F-B14D-4DCC7A470E55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.98:*:*:*:*:*:*:*",
"matchCriteriaId": "BB1A2A26-1187-46BE-8EFC-F3C325679245",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.99:*:*:*:*:*:*:*",
"matchCriteriaId": "6E70B0A6-31C9-4D78-B4B9-E75B45B6368C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.000:*:*:*:*:*:*:*",
"matchCriteriaId": "C70274C3-7CA0-49A2-B63C-7DAF492CCD0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.010:*:*:*:*:*:*:*",
"matchCriteriaId": "A7C4A319-0EA6-47E0-831A-27530DCF714E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.020:*:*:*:*:*:*:*",
"matchCriteriaId": "D1009D90-9851-441B-A2E2-FA5B676E8182",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.030:*:*:*:*:*:*:*",
"matchCriteriaId": "934A3D3F-CF10-478C-9206-DB468BCA4702",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.040:*:*:*:*:*:*:*",
"matchCriteriaId": "77B42570-F094-4C25-B246-6439D3FF4B30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.051:*:*:*:*:*:*:*",
"matchCriteriaId": "69A30BB5-2C3F-4C39-8CDC-CC0CC280384C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.060:*:*:*:*:*:*:*",
"matchCriteriaId": "753BF8DE-D225-4301-A6A6-50CD60B34234",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.070:*:*:*:*:*:*:*",
"matchCriteriaId": "FC37A972-11D7-4C85-A8DC-5EDE808629F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.080:*:*:*:*:*:*:*",
"matchCriteriaId": "EA7131C0-4FE1-4D69-9B21-8A9BFADE2A2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.090:*:*:*:*:*:*:*",
"matchCriteriaId": "6499BF74-CA64-4192-A45F-0D8B30C1FF37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.100:*:*:*:*:*:*:*",
"matchCriteriaId": "C0E9BC53-C2EC-43B8-9B5D-40675CF4C335",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.110:*:*:*:*:*:*:*",
"matchCriteriaId": "4702AEBE-E774-4015-974C-761901D50697",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.120:*:*:*:*:*:*:*",
"matchCriteriaId": "9AC9875A-3D23-4E4B-9A18-F8F86A62E5DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.130:*:*:*:*:*:*:*",
"matchCriteriaId": "8AED1941-33C5-4C29-BC85-F43B0BE3920B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.140:*:*:*:*:*:*:*",
"matchCriteriaId": "D05ED34F-0D69-4A4F-B59B-15437E991075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.150:*:*:*:*:*:*:*",
"matchCriteriaId": "B443FCF7-5949-4084-BA55-74F45A8ADB66",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Usermin before 1.220 (20060629) allows remote attackers to read arbitrary files, possibly related to chfn/save.cgi not properly handling an empty shell parameter, which results in changing root\u0027s shell instead of the shell of a specified user."
},
{
"lang": "es",
"value": "Usermin anterior a 1.220 (20060629) permite a atacantes remotos leer ficheros de su elecci\u00f3n, posiblemente relacionado con que chfn/save.cgi no est\u00e1 manejando adecuadamente un par\u00e1metro shell vac\u00edo, lo cual provoca un cambio al shell de root en vez de al shell del usuario especificado."
}
],
"evaluatorSolution": "This vulnerability is addressed in the following product release:\r\nWebmin, Usermin, 1.220",
"id": "CVE-2006-4246",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-09-19T18:07:00.000",
"references": [
{
"source": "security@debian.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21968"
},
{
"source": "security@debian.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21981"
},
{
"source": "security@debian.org",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1509145\u0026group_id=17457\u0026atid=485894"
},
{
"source": "security@debian.org",
"tags": [
"Patch"
],
"url": "http://www.debian.org/security/2006/dsa-1177"
},
{
"source": "security@debian.org",
"url": "http://www.osreviews.net/reviews/admin/usermin"
},
{
"source": "security@debian.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/18574"
},
{
"source": "security@debian.org",
"url": "http://www.vupen.com/english/advisories/2006/3668"
},
{
"source": "security@debian.org",
"tags": [
"Patch"
],
"url": "http://www.webmin.com/uchanges.html"
},
{
"source": "security@debian.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29010"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21968"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21981"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/tracker/index.php?func=detail\u0026aid=1509145\u0026group_id=17457\u0026atid=485894"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.debian.org/security/2006/dsa-1177"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osreviews.net/reviews/admin/usermin"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/18574"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/3668"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.webmin.com/uchanges.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29010"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-4542
Vulnerability from fkie_nvd - Published: 2006-09-05 23:04 - Updated: 2025-04-03 01:03
Severity ?
Summary
Webmin before 1.296 and Usermin before 1.226 do not properly handle a URL with a null ("%00") character, which allows remote attackers to conduct cross-site scripting (XSS), read CGI program source code, list directories, and possibly execute programs.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://jvn.jp/jp/JVN%2399776858/index.html | Patch | |
| cve@mitre.org | http://secunia.com/advisories/21690 | Patch, Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/22087 | ||
| cve@mitre.org | http://secunia.com/advisories/22114 | ||
| cve@mitre.org | http://secunia.com/advisories/22556 | ||
| cve@mitre.org | http://securitytracker.com/id?1016776 | ||
| cve@mitre.org | http://securitytracker.com/id?1016777 | ||
| cve@mitre.org | http://webmin.com/security.html | Patch | |
| cve@mitre.org | http://www.debian.org/security/2006/dsa-1199 | ||
| cve@mitre.org | http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/89_e.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDKSA-2006:170 | ||
| cve@mitre.org | http://www.osvdb.org/28337 | ||
| cve@mitre.org | http://www.osvdb.org/28338 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/19820 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2006/3424 | Vendor Advisory | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/28699 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/jp/JVN%2399776858/index.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/21690 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/22087 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/22114 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/22556 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1016776 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1016777 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://webmin.com/security.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2006/dsa-1199 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/89_e.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDKSA-2006:170 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/28337 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/28338 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/19820 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2006/3424 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/28699 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| usermin | usermin | * | |
| usermin | usermin | 0.4 | |
| usermin | usermin | 0.5 | |
| usermin | usermin | 0.6 | |
| usermin | usermin | 0.7 | |
| usermin | usermin | 0.8 | |
| usermin | usermin | 0.9 | |
| usermin | usermin | 0.91 | |
| usermin | usermin | 0.92 | |
| usermin | usermin | 0.93 | |
| usermin | usermin | 0.94 | |
| usermin | usermin | 0.95 | |
| usermin | usermin | 0.96 | |
| usermin | usermin | 0.97 | |
| usermin | usermin | 0.98 | |
| usermin | usermin | 0.99 | |
| usermin | usermin | 1.000 | |
| usermin | usermin | 1.010 | |
| usermin | usermin | 1.020 | |
| usermin | usermin | 1.030 | |
| usermin | usermin | 1.040 | |
| usermin | usermin | 1.051 | |
| usermin | usermin | 1.060 | |
| usermin | usermin | 1.070 | |
| usermin | usermin | 1.080 | |
| usermin | usermin | 1.090 | |
| usermin | usermin | 1.100 | |
| usermin | usermin | 1.110 | |
| usermin | usermin | 1.120 | |
| usermin | usermin | 1.130 | |
| usermin | usermin | 1.140 | |
| usermin | usermin | 1.150 | |
| usermin | usermin | 1.210 | |
| webmin | webmin | * | |
| webmin | webmin | 0.1 | |
| webmin | webmin | 0.2 | |
| webmin | webmin | 0.3 | |
| webmin | webmin | 0.4 | |
| webmin | webmin | 0.5 | |
| webmin | webmin | 0.6 | |
| webmin | webmin | 0.7 | |
| webmin | webmin | 0.21 | |
| webmin | webmin | 0.22 | |
| webmin | webmin | 0.31 | |
| webmin | webmin | 0.41 | |
| webmin | webmin | 0.42 | |
| webmin | webmin | 0.51 | |
| webmin | webmin | 0.76 | |
| webmin | webmin | 0.77 | |
| webmin | webmin | 0.78 | |
| webmin | webmin | 0.79 | |
| webmin | webmin | 0.80 | |
| webmin | webmin | 0.83 | |
| webmin | webmin | 0.84 | |
| webmin | webmin | 0.85 | |
| webmin | webmin | 0.88 | |
| webmin | webmin | 0.90 | |
| webmin | webmin | 0.91 | |
| webmin | webmin | 0.92 | |
| webmin | webmin | 0.92.1 | |
| webmin | webmin | 0.93 | |
| webmin | webmin | 0.94 | |
| webmin | webmin | 0.95 | |
| webmin | webmin | 0.96 | |
| webmin | webmin | 0.97 | |
| webmin | webmin | 0.98 | |
| webmin | webmin | 0.99 | |
| webmin | webmin | 1.0.00 | |
| webmin | webmin | 1.0.10 | |
| webmin | webmin | 1.0.20 | |
| webmin | webmin | 1.0.30 | |
| webmin | webmin | 1.0.40 | |
| webmin | webmin | 1.0.50 | |
| webmin | webmin | 1.0.51 | |
| webmin | webmin | 1.0.60 | |
| webmin | webmin | 1.0.70 | |
| webmin | webmin | 1.0.80 | |
| webmin | webmin | 1.0.90 | |
| webmin | webmin | 1.1.00 | |
| webmin | webmin | 1.1.10 | |
| webmin | webmin | 1.1.20 | |
| webmin | webmin | 1.1.21 | |
| webmin | webmin | 1.1.30 | |
| webmin | webmin | 1.1.40 | |
| webmin | webmin | 1.1.50 | |
| webmin | webmin | 1.2.20 | |
| webmin | webmin | 1.2.30 | |
| webmin | webmin | 1.2.40 | |
| webmin | webmin | 1.2.50 | |
| webmin | webmin | 1.2.60 | |
| webmin | webmin | 1.2.70 | |
| webmin | webmin | 1.2.80 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:usermin:usermin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "876EE957-11A6-4B93-9EE5-820FD954324F",
"versionEndIncluding": "1.220",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1AD41B8B-72C0-411F-83E7-A82E1642FA26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "65A99166-28DF-4651-985F-922DBB06687E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0F9EACC7-1464-4476-9AA1-50DD902A3489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CD343610-8BE2-4916-AF30-66B21330D84C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0D54B4D9-5218-41F9-A701-F960199EE520",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B352FF6B-989C-4540-B434-9452851F745C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.91:*:*:*:*:*:*:*",
"matchCriteriaId": "F83F9841-49C7-410A-891F-365BBA043D2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.92:*:*:*:*:*:*:*",
"matchCriteriaId": "711485C5-F16A-4481-AEE3-E2AF1BAA09DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.93:*:*:*:*:*:*:*",
"matchCriteriaId": "FD5B9395-DCEA-4615-825E-1C4B42F25E2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.94:*:*:*:*:*:*:*",
"matchCriteriaId": "0B7162DD-DFE1-478D-B87C-28C393E20941",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.95:*:*:*:*:*:*:*",
"matchCriteriaId": "A01D1150-FCDE-47F5-BFE6-F06A294D7B29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.96:*:*:*:*:*:*:*",
"matchCriteriaId": "2D673B88-A9D9-4D22-9531-7F06791BC551",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.97:*:*:*:*:*:*:*",
"matchCriteriaId": "538021A3-2A6E-446F-B14D-4DCC7A470E55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.98:*:*:*:*:*:*:*",
"matchCriteriaId": "BB1A2A26-1187-46BE-8EFC-F3C325679245",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.99:*:*:*:*:*:*:*",
"matchCriteriaId": "6E70B0A6-31C9-4D78-B4B9-E75B45B6368C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.000:*:*:*:*:*:*:*",
"matchCriteriaId": "C70274C3-7CA0-49A2-B63C-7DAF492CCD0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.010:*:*:*:*:*:*:*",
"matchCriteriaId": "A7C4A319-0EA6-47E0-831A-27530DCF714E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.020:*:*:*:*:*:*:*",
"matchCriteriaId": "D1009D90-9851-441B-A2E2-FA5B676E8182",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.030:*:*:*:*:*:*:*",
"matchCriteriaId": "934A3D3F-CF10-478C-9206-DB468BCA4702",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.040:*:*:*:*:*:*:*",
"matchCriteriaId": "77B42570-F094-4C25-B246-6439D3FF4B30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.051:*:*:*:*:*:*:*",
"matchCriteriaId": "69A30BB5-2C3F-4C39-8CDC-CC0CC280384C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.060:*:*:*:*:*:*:*",
"matchCriteriaId": "753BF8DE-D225-4301-A6A6-50CD60B34234",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.070:*:*:*:*:*:*:*",
"matchCriteriaId": "FC37A972-11D7-4C85-A8DC-5EDE808629F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.080:*:*:*:*:*:*:*",
"matchCriteriaId": "EA7131C0-4FE1-4D69-9B21-8A9BFADE2A2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.090:*:*:*:*:*:*:*",
"matchCriteriaId": "6499BF74-CA64-4192-A45F-0D8B30C1FF37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.100:*:*:*:*:*:*:*",
"matchCriteriaId": "C0E9BC53-C2EC-43B8-9B5D-40675CF4C335",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.110:*:*:*:*:*:*:*",
"matchCriteriaId": "4702AEBE-E774-4015-974C-761901D50697",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.120:*:*:*:*:*:*:*",
"matchCriteriaId": "9AC9875A-3D23-4E4B-9A18-F8F86A62E5DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.130:*:*:*:*:*:*:*",
"matchCriteriaId": "8AED1941-33C5-4C29-BC85-F43B0BE3920B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.140:*:*:*:*:*:*:*",
"matchCriteriaId": "D05ED34F-0D69-4A4F-B59B-15437E991075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.150:*:*:*:*:*:*:*",
"matchCriteriaId": "B443FCF7-5949-4084-BA55-74F45A8ADB66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.210:*:*:*:*:*:*:*",
"matchCriteriaId": "D42C312D-82DE-48A5-9FDE-00D547A57416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "63F9D04D-D42B-47E1-B63A-BD7C943EB03D",
"versionEndIncluding": "1.2.90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "30E3CF12-D0B7-4C7F-96C8-36A3FAFA8EDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C808C470-F0A1-4338-A988-3968EABE78E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C16685C0-94E9-4AE6-8221-1D32112808F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EDACA626-1687-4192-A2E8-C74823B715A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A9641C23-B30A-4CB2-A348-BD708F68F90A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0852A462-22ED-422D-A454-0A6E026D9AD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "97FEF73D-767D-4BF2-AA12-67268719A404",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "84B5A02C-96AB-46FD-A958-86AC0DFD1F2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "BB1B8073-C512-4ACA-8E3F-92D46D63FBCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.31:*:*:*:*:*:*:*",
"matchCriteriaId": "B368FAD0-39A7-4115-9327-1D32BECF2F7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.41:*:*:*:*:*:*:*",
"matchCriteriaId": "2B3D7B7A-0426-4176-A759-E96024DC492D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.42:*:*:*:*:*:*:*",
"matchCriteriaId": "1E3EFDEE-A99B-4D0E-B6A7-E7C285A5DFBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.51:*:*:*:*:*:*:*",
"matchCriteriaId": "50C3D4D4-246A-4287-AA42-CFDD0C1AE22A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.76:*:*:*:*:*:*:*",
"matchCriteriaId": "F05CF0BA-0606-42E5-A631-D302FF1D59F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.77:*:*:*:*:*:*:*",
"matchCriteriaId": "6A79B7B3-708A-42E4-B4EF-7746F6292DB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.78:*:*:*:*:*:*:*",
"matchCriteriaId": "E2F06BC0-0418-4A1C-BD4A-B7429A6CEA39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.79:*:*:*:*:*:*:*",
"matchCriteriaId": "1817FDA9-31F4-4D4A-A867-386D2F1CDB1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.80:*:*:*:*:*:*:*",
"matchCriteriaId": "23522A64-FD03-4C5B-9A8A-5E7CDDC65CEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.83:*:*:*:*:*:*:*",
"matchCriteriaId": "DFD94AA9-CABA-4FC8-8367-D5D9D8B4F623",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.84:*:*:*:*:*:*:*",
"matchCriteriaId": "35B136CA-47BF-46DE-885A-9E74EBDE5306",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.85:*:*:*:*:*:*:*",
"matchCriteriaId": "E9A3F522-6E6D-446C-8694-7AE91F19F1C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.88:*:*:*:*:*:*:*",
"matchCriteriaId": "DBB86BC7-4A99-4C5B-9460-CDDA7C4E4041",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.90:*:*:*:*:*:*:*",
"matchCriteriaId": "957C7CA1-DD36-409C-B7E5-01B719B4695E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.91:*:*:*:*:*:*:*",
"matchCriteriaId": "0B0813F3-1886-481E-8822-4BD199C4934F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.92:*:*:*:*:*:*:*",
"matchCriteriaId": "6D25A7CA-ED9D-4562-8965-D4906D1BE5FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.92.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5C38C77-246F-41A9-A3D5-99C2DDA1DAE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.93:*:*:*:*:*:*:*",
"matchCriteriaId": "C1F2D028-F2F9-4CE0-A24B-7DB44D488D4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.94:*:*:*:*:*:*:*",
"matchCriteriaId": "82EE7A9B-5688-4933-95B9-476873D44A65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.95:*:*:*:*:*:*:*",
"matchCriteriaId": "30A57D7A-B989-4D82-B667-029A245AA6D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.96:*:*:*:*:*:*:*",
"matchCriteriaId": "C664186B-DD40-490B-B2DE-4279B00102F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.97:*:*:*:*:*:*:*",
"matchCriteriaId": "88E1D6C5-20FE-4514-B618-312BB19E5F6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.98:*:*:*:*:*:*:*",
"matchCriteriaId": "B5017EA5-7188-4293-9FDF-5D23DCB40B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.99:*:*:*:*:*:*:*",
"matchCriteriaId": "FF6C5F07-330D-46C5-8A8B-8DF734F4640F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.00:*:*:*:*:*:*:*",
"matchCriteriaId": "2B4A574A-5B2A-4769-B932-E1736564160A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C644D728-1DD4-48E0-9E42-35E836006F41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "D9425C1F-5E6A-489A-9A8B-9156E79FEAA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.30:*:*:*:*:*:*:*",
"matchCriteriaId": "8B8347DA-13F8-40E9-B9EA-2703C049AFA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.40:*:*:*:*:*:*:*",
"matchCriteriaId": "BD9C3443-526E-4D68-9C7E-F3432BECE6C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.50:*:*:*:*:*:*:*",
"matchCriteriaId": "C968FBE9-191A-40B1-9A69-BF24511E40B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.51:*:*:*:*:*:*:*",
"matchCriteriaId": "FC77E1B6-E368-4ECD-8459-69C718CE5409",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.60:*:*:*:*:*:*:*",
"matchCriteriaId": "D89047FD-39F0-4614-B1EC-D13BAF57405E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.70:*:*:*:*:*:*:*",
"matchCriteriaId": "6CDF2120-F341-4C2E-88C1-A6C76626BFF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.80:*:*:*:*:*:*:*",
"matchCriteriaId": "01DFC15C-3513-4E94-B46D-94FEA0D627FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.90:*:*:*:*:*:*:*",
"matchCriteriaId": "F4E068D3-F6B5-4102-B9FA-949E2FAA33D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.00:*:*:*:*:*:*:*",
"matchCriteriaId": "7E6BD551-EC6A-4C77-B9E7-B9CF3DC21021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "01B0FE2D-02BC-4081-B172-64A74389C5F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "43433ECE-8225-43EE-9F5E-FBB170B60CFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "1615ACA2-32CC-48B7-AB5A-0BB0FDA7F190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.30:*:*:*:*:*:*:*",
"matchCriteriaId": "F5ABAE43-0EEF-44D5-AB36-44DA54290122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.40:*:*:*:*:*:*:*",
"matchCriteriaId": "AD33CE40-DFC9-4BDC-BF4F-9E0B268B8503",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.50:*:*:*:*:*:*:*",
"matchCriteriaId": "8608F5A2-B6FA-43C6-9862-43DBAF01EB1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "E815171B-B054-450F-A9B3-2D522161DD02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "CD941A62-A41E-41CB-80C0-8B780AC39FB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "786287DD-2565-4931-BBA0-2CACD7671352",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.2.50:*:*:*:*:*:*:*",
"matchCriteriaId": "4784DC04-D2C5-46C6-831F-23D69B4B0513",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.2.60:*:*:*:*:*:*:*",
"matchCriteriaId": "9C219DAB-C13C-4232-8B98-2D7A9ED16E30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.2.70:*:*:*:*:*:*:*",
"matchCriteriaId": "F88507A8-6143-4FB7-8027-EFB0C981ED8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.2.80:*:*:*:*:*:*:*",
"matchCriteriaId": "E35C0772-8265-415F-A390-530640DB9599",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Webmin before 1.296 and Usermin before 1.226 do not properly handle a URL with a null (\"%00\") character, which allows remote attackers to conduct cross-site scripting (XSS), read CGI program source code, list directories, and possibly execute programs."
},
{
"lang": "es",
"value": "Webmin anterior a 1.296 y Usermin anterior a 1.226 no dirigidas adecuadamente una URL con un caracter nulo (\"%00\"), lo cual permite a un atacante remoto dirigir una secuencia de comandos de sitios cruzados (XSS), leer el c\u00f3digo fuente del programa CGI, lista de directorios, y posiblemente ejecutar programas."
}
],
"evaluatorSolution": "This vulnerability is addressed in the following product releases:\r\nWebmin, Webmin, 1.296\r\nUsermin, Usermin, 1.226",
"id": "CVE-2006-4542",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-09-05T23:04:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://jvn.jp/jp/JVN%2399776858/index.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21690"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/22087"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/22114"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/22556"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1016776"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1016777"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://webmin.com/security.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2006/dsa-1199"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/89_e.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:170"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/28337"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/28338"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/19820"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/3424"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28699"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://jvn.jp/jp/JVN%2399776858/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21690"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22087"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22114"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22556"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016776"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016777"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://webmin.com/security.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2006/dsa-1199"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/89_e.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:170"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/28337"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/28338"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/19820"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/3424"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28699"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-3392
Vulnerability from fkie_nvd - Published: 2006-07-06 20:05 - Updated: 2025-04-03 01:03
Severity ?
Summary
Webmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML, which allows remote attackers to read arbitrary files, as demonstrated using "..%01" sequences, which bypass the removal of "../" sequences before bytes such as "%01" are removed from the filename. NOTE: This is a different issue than CVE-2006-3274.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://attrition.org/pipermail/vim/2006-July/000923.html | ||
| cve@mitre.org | http://attrition.org/pipermail/vim/2006-June/000912.html | ||
| cve@mitre.org | http://secunia.com/advisories/20892 | Patch, Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/21105 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/21365 | Patch, Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/22556 | Vendor Advisory | |
| cve@mitre.org | http://security.gentoo.org/glsa/glsa-200608-11.xml | ||
| cve@mitre.org | http://www.debian.org/security/2006/dsa-1199 | ||
| cve@mitre.org | http://www.kb.cert.org/vuls/id/999601 | US Government Resource | |
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDKSA-2006:125 | ||
| cve@mitre.org | http://www.osvdb.org/26772 | Patch | |
| cve@mitre.org | http://www.securityfocus.com/archive/1/439653/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/440125/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/440466/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/440493/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/18744 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2006/2612 | Vendor Advisory | |
| cve@mitre.org | http://www.webmin.com/changes.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://attrition.org/pipermail/vim/2006-July/000923.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://attrition.org/pipermail/vim/2006-June/000912.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/20892 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/21105 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/21365 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/22556 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200608-11.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2006/dsa-1199 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/999601 | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDKSA-2006:125 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/26772 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/439653/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/440125/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/440466/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/440493/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/18744 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2006/2612 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.webmin.com/changes.html |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:usermin:usermin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26B92F53-3598-44F5-8CE1-A04A28EFF92E",
"versionEndIncluding": "1.210",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3A061012-19EE-4A9E-9AFC-75DF24D316C5",
"versionEndIncluding": "1.2.80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Webmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML, which allows remote attackers to read arbitrary files, as demonstrated using \"..%01\" sequences, which bypass the removal of \"../\" sequences before bytes such as \"%01\" are removed from the filename. NOTE: This is a different issue than CVE-2006-3274."
},
{
"lang": "es",
"value": "Las aplicaciones Webmin antes de su versi\u00f3n 1.290 y Usermin antes de la 1.220 llaman a la funci\u00f3n simplify_path antes de decodificar HTML, lo que permite a atacantes remotos leer ficheros arbitrarios, como se ha demostrado utilizando secuencias \"..% 01\", evitando de esta manera la supresi\u00f3n del nombre de fichero de las secuencias \"../\" anteriores a octetos del estilo de \"%01\". NOTA: Se trata de una vulnerabilidad diferente a CVE-2006-3274."
}
],
"id": "CVE-2006-3392",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-07-06T20:05:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://attrition.org/pipermail/vim/2006-July/000923.html"
},
{
"source": "cve@mitre.org",
"url": "http://attrition.org/pipermail/vim/2006-June/000912.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20892"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21105"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21365"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22556"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200608-11.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2006/dsa-1199"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/999601"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:125"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.osvdb.org/26772"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/439653/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/440125/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/440466/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/440493/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/18744"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/2612"
},
{
"source": "cve@mitre.org",
"url": "http://www.webmin.com/changes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://attrition.org/pipermail/vim/2006-July/000923.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://attrition.org/pipermail/vim/2006-June/000912.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20892"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21105"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21365"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22556"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200608-11.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2006/dsa-1199"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/999601"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:125"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.osvdb.org/26772"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/439653/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/440125/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/440466/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/440493/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/18744"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/2612"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.webmin.com/changes.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2005-3042
Vulnerability from fkie_nvd - Published: 2005-09-22 10:03 - Updated: 2025-04-03 01:03
Severity ?
Summary
miniserv.pl in Webmin before 1.230 and Usermin before 1.160, when "full PAM conversations" is enabled, allows remote attackers to bypass authentication by spoofing session IDs via certain metacharacters (line feed or carriage return).
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://archives.neohapsis.com/archives/bugtraq/2005-09/0257.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://jvn.jp/jp/JVN%2340940493/index.html | ||
| cve@mitre.org | http://secunia.com/advisories/16858 | Patch, Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/17282 | ||
| cve@mitre.org | http://securityreason.com/securityalert/17 | ||
| cve@mitre.org | http://www.gentoo.org/security/en/glsa/glsa-200509-17.xml | ||
| cve@mitre.org | http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/83_e.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDKSA-2005:176 | ||
| cve@mitre.org | http://www.novell.com/linux/security/advisories/2005_24_sr.html | ||
| cve@mitre.org | http://www.osvdb.org/19575 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/14889 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2005/1791 | ||
| cve@mitre.org | http://www.webmin.com/changes-1.230.html | Patch | |
| cve@mitre.org | http://www.webmin.com/uchanges-1.160.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/bugtraq/2005-09/0257.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/jp/JVN%2340940493/index.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/16858 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/17282 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/17 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.gentoo.org/security/en/glsa/glsa-200509-17.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/83_e.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDKSA-2005:176 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.novell.com/linux/security/advisories/2005_24_sr.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/19575 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/14889 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2005/1791 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.webmin.com/changes-1.230.html | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.webmin.com/uchanges-1.160.html |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:usermin:usermin:1.150:*:*:*:*:*:*:*",
"matchCriteriaId": "B443FCF7-5949-4084-BA55-74F45A8ADB66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "E815171B-B054-450F-A9B3-2D522161DD02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "miniserv.pl in Webmin before 1.230 and Usermin before 1.160, when \"full PAM conversations\" is enabled, allows remote attackers to bypass authentication by spoofing session IDs via certain metacharacters (line feed or carriage return)."
}
],
"id": "CVE-2005-3042",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-09-22T10:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2005-09/0257.html"
},
{
"source": "cve@mitre.org",
"url": "http://jvn.jp/jp/JVN%2340940493/index.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/16858"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/17282"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/17"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-17.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/83_e.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:176"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2005_24_sr.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/19575"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/14889"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2005/1791"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.webmin.com/changes-1.230.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.webmin.com/uchanges-1.160.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2005-09/0257.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/jp/JVN%2340940493/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/16858"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17282"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-17.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/83_e.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:176"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2005_24_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/19575"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/14889"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/1791"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.webmin.com/changes-1.230.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.webmin.com/uchanges-1.160.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2005-1177
Vulnerability from fkie_nvd - Published: 2005-05-02 04:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Unknown vulnerability in (1) Webmin and (2) Usermin before 1.200 causes Webmin to change permissions and ownership of configuration files, with unknown impact.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://securitytracker.com/id?1013723 | Patch | |
| cve@mitre.org | http://www.webmin.com/changes.html | ||
| cve@mitre.org | http://www.webmin.com/uchanges.html | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/20607 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1013723 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.webmin.com/changes.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.webmin.com/uchanges.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/20607 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| usermin | usermin | 0.4 | |
| usermin | usermin | 0.5 | |
| usermin | usermin | 0.6 | |
| usermin | usermin | 0.7 | |
| usermin | usermin | 0.8 | |
| usermin | usermin | 0.9 | |
| usermin | usermin | 0.91 | |
| usermin | usermin | 0.92 | |
| usermin | usermin | 0.93 | |
| usermin | usermin | 0.94 | |
| usermin | usermin | 0.95 | |
| usermin | usermin | 0.96 | |
| usermin | usermin | 0.97 | |
| usermin | usermin | 0.98 | |
| usermin | usermin | 0.99 | |
| usermin | usermin | 1.000 | |
| usermin | usermin | 1.010 | |
| usermin | usermin | 1.020 | |
| usermin | usermin | 1.030 | |
| usermin | usermin | 1.040 | |
| usermin | usermin | 1.051 | |
| usermin | usermin | 1.060 | |
| usermin | usermin | 1.070 | |
| usermin | usermin | 1.080 | |
| usermin | usermin | 1.090 | |
| usermin | usermin | 1.100 | |
| usermin | usermin | 1.110 | |
| usermin | usermin | 1.120 | |
| usermin | usermin | 1.130 | |
| usermin | usermin | 1.140 | |
| webmin | webmin | 0.4 | |
| webmin | webmin | 0.5 | |
| webmin | webmin | 0.6 | |
| webmin | webmin | 0.7 | |
| webmin | webmin | 0.80 | |
| webmin | webmin | 0.90 | |
| webmin | webmin | 0.91 | |
| webmin | webmin | 0.92 | |
| webmin | webmin | 0.93 | |
| webmin | webmin | 0.94 | |
| webmin | webmin | 0.95 | |
| webmin | webmin | 0.96 | |
| webmin | webmin | 0.97 | |
| webmin | webmin | 0.98 | |
| webmin | webmin | 0.99 | |
| webmin | webmin | 1.0.00 | |
| webmin | webmin | 1.0.10 | |
| webmin | webmin | 1.0.20 | |
| webmin | webmin | 1.0.30 | |
| webmin | webmin | 1.0.40 | |
| webmin | webmin | 1.0.51 | |
| webmin | webmin | 1.0.60 | |
| webmin | webmin | 1.0.70 | |
| webmin | webmin | 1.0.80 | |
| webmin | webmin | 1.0.90 | |
| webmin | webmin | 1.1.00 | |
| webmin | webmin | 1.1.10 | |
| webmin | webmin | 1.1.20 | |
| webmin | webmin | 1.1.30 | |
| webmin | webmin | 1.1.40 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:usermin:usermin:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1AD41B8B-72C0-411F-83E7-A82E1642FA26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "65A99166-28DF-4651-985F-922DBB06687E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0F9EACC7-1464-4476-9AA1-50DD902A3489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CD343610-8BE2-4916-AF30-66B21330D84C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0D54B4D9-5218-41F9-A701-F960199EE520",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B352FF6B-989C-4540-B434-9452851F745C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.91:*:*:*:*:*:*:*",
"matchCriteriaId": "F83F9841-49C7-410A-891F-365BBA043D2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.92:*:*:*:*:*:*:*",
"matchCriteriaId": "711485C5-F16A-4481-AEE3-E2AF1BAA09DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.93:*:*:*:*:*:*:*",
"matchCriteriaId": "FD5B9395-DCEA-4615-825E-1C4B42F25E2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.94:*:*:*:*:*:*:*",
"matchCriteriaId": "0B7162DD-DFE1-478D-B87C-28C393E20941",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.95:*:*:*:*:*:*:*",
"matchCriteriaId": "A01D1150-FCDE-47F5-BFE6-F06A294D7B29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.96:*:*:*:*:*:*:*",
"matchCriteriaId": "2D673B88-A9D9-4D22-9531-7F06791BC551",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.97:*:*:*:*:*:*:*",
"matchCriteriaId": "538021A3-2A6E-446F-B14D-4DCC7A470E55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.98:*:*:*:*:*:*:*",
"matchCriteriaId": "BB1A2A26-1187-46BE-8EFC-F3C325679245",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.99:*:*:*:*:*:*:*",
"matchCriteriaId": "6E70B0A6-31C9-4D78-B4B9-E75B45B6368C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.000:*:*:*:*:*:*:*",
"matchCriteriaId": "C70274C3-7CA0-49A2-B63C-7DAF492CCD0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.010:*:*:*:*:*:*:*",
"matchCriteriaId": "A7C4A319-0EA6-47E0-831A-27530DCF714E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.020:*:*:*:*:*:*:*",
"matchCriteriaId": "D1009D90-9851-441B-A2E2-FA5B676E8182",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.030:*:*:*:*:*:*:*",
"matchCriteriaId": "934A3D3F-CF10-478C-9206-DB468BCA4702",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.040:*:*:*:*:*:*:*",
"matchCriteriaId": "77B42570-F094-4C25-B246-6439D3FF4B30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.051:*:*:*:*:*:*:*",
"matchCriteriaId": "69A30BB5-2C3F-4C39-8CDC-CC0CC280384C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.060:*:*:*:*:*:*:*",
"matchCriteriaId": "753BF8DE-D225-4301-A6A6-50CD60B34234",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.070:*:*:*:*:*:*:*",
"matchCriteriaId": "FC37A972-11D7-4C85-A8DC-5EDE808629F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.080:*:*:*:*:*:*:*",
"matchCriteriaId": "EA7131C0-4FE1-4D69-9B21-8A9BFADE2A2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.090:*:*:*:*:*:*:*",
"matchCriteriaId": "6499BF74-CA64-4192-A45F-0D8B30C1FF37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.100:*:*:*:*:*:*:*",
"matchCriteriaId": "C0E9BC53-C2EC-43B8-9B5D-40675CF4C335",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.110:*:*:*:*:*:*:*",
"matchCriteriaId": "4702AEBE-E774-4015-974C-761901D50697",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.120:*:*:*:*:*:*:*",
"matchCriteriaId": "9AC9875A-3D23-4E4B-9A18-F8F86A62E5DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.130:*:*:*:*:*:*:*",
"matchCriteriaId": "8AED1941-33C5-4C29-BC85-F43B0BE3920B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.140:*:*:*:*:*:*:*",
"matchCriteriaId": "D05ED34F-0D69-4A4F-B59B-15437E991075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EDACA626-1687-4192-A2E8-C74823B715A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A9641C23-B30A-4CB2-A348-BD708F68F90A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0852A462-22ED-422D-A454-0A6E026D9AD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "97FEF73D-767D-4BF2-AA12-67268719A404",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.80:*:*:*:*:*:*:*",
"matchCriteriaId": "23522A64-FD03-4C5B-9A8A-5E7CDDC65CEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.90:*:*:*:*:*:*:*",
"matchCriteriaId": "957C7CA1-DD36-409C-B7E5-01B719B4695E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.91:*:*:*:*:*:*:*",
"matchCriteriaId": "0B0813F3-1886-481E-8822-4BD199C4934F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.92:*:*:*:*:*:*:*",
"matchCriteriaId": "6D25A7CA-ED9D-4562-8965-D4906D1BE5FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.93:*:*:*:*:*:*:*",
"matchCriteriaId": "C1F2D028-F2F9-4CE0-A24B-7DB44D488D4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.94:*:*:*:*:*:*:*",
"matchCriteriaId": "82EE7A9B-5688-4933-95B9-476873D44A65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.95:*:*:*:*:*:*:*",
"matchCriteriaId": "30A57D7A-B989-4D82-B667-029A245AA6D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.96:*:*:*:*:*:*:*",
"matchCriteriaId": "C664186B-DD40-490B-B2DE-4279B00102F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.97:*:*:*:*:*:*:*",
"matchCriteriaId": "88E1D6C5-20FE-4514-B618-312BB19E5F6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.98:*:*:*:*:*:*:*",
"matchCriteriaId": "B5017EA5-7188-4293-9FDF-5D23DCB40B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.99:*:*:*:*:*:*:*",
"matchCriteriaId": "FF6C5F07-330D-46C5-8A8B-8DF734F4640F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.00:*:*:*:*:*:*:*",
"matchCriteriaId": "2B4A574A-5B2A-4769-B932-E1736564160A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C644D728-1DD4-48E0-9E42-35E836006F41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "D9425C1F-5E6A-489A-9A8B-9156E79FEAA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.30:*:*:*:*:*:*:*",
"matchCriteriaId": "8B8347DA-13F8-40E9-B9EA-2703C049AFA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.40:*:*:*:*:*:*:*",
"matchCriteriaId": "BD9C3443-526E-4D68-9C7E-F3432BECE6C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.51:*:*:*:*:*:*:*",
"matchCriteriaId": "FC77E1B6-E368-4ECD-8459-69C718CE5409",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.60:*:*:*:*:*:*:*",
"matchCriteriaId": "D89047FD-39F0-4614-B1EC-D13BAF57405E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.70:*:*:*:*:*:*:*",
"matchCriteriaId": "6CDF2120-F341-4C2E-88C1-A6C76626BFF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.80:*:*:*:*:*:*:*",
"matchCriteriaId": "01DFC15C-3513-4E94-B46D-94FEA0D627FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.90:*:*:*:*:*:*:*",
"matchCriteriaId": "F4E068D3-F6B5-4102-B9FA-949E2FAA33D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.00:*:*:*:*:*:*:*",
"matchCriteriaId": "7E6BD551-EC6A-4C77-B9E7-B9CF3DC21021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "01B0FE2D-02BC-4081-B172-64A74389C5F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "43433ECE-8225-43EE-9F5E-FBB170B60CFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.30:*:*:*:*:*:*:*",
"matchCriteriaId": "F5ABAE43-0EEF-44D5-AB36-44DA54290122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.40:*:*:*:*:*:*:*",
"matchCriteriaId": "AD33CE40-DFC9-4BDC-BF4F-9E0B268B8503",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unknown vulnerability in (1) Webmin and (2) Usermin before 1.200 causes Webmin to change permissions and ownership of configuration files, with unknown impact."
}
],
"id": "CVE-2005-1177",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-02T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1013723"
},
{
"source": "cve@mitre.org",
"url": "http://www.webmin.com/changes.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.webmin.com/uchanges.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20607"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1013723"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.webmin.com/changes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.webmin.com/uchanges.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20607"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2004-1468
Vulnerability from fkie_nvd - Published: 2004-12-31 05:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
The web mail functionality in Usermin 1.x and Webmin 1.x allows remote attackers to execute arbitrary commands via shell metacharacters in an e-mail message.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://secunia.com/advisories/12488/ | Patch | |
| cve@mitre.org | http://www.gentoo.org/security/en/glsa/glsa-200409-15.xml | Patch | |
| cve@mitre.org | http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/77_e.html | ||
| cve@mitre.org | http://www.securityfocus.com/bid/11122 | Exploit, Patch | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/17293 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/12488/ | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.gentoo.org/security/en/glsa/glsa-200409-15.xml | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/77_e.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/11122 | Exploit, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/17293 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| usermin | usermin | 1.000 | |
| usermin | usermin | 1.010 | |
| usermin | usermin | 1.020 | |
| usermin | usermin | 1.030 | |
| usermin | usermin | 1.040 | |
| usermin | usermin | 1.051 | |
| usermin | usermin | 1.060 | |
| usermin | usermin | 1.070 | |
| usermin | usermin | 1.080 | |
| webmin | webmin | 1.0.00 | |
| webmin | webmin | 1.0.20 | |
| webmin | webmin | 1.0.50 | |
| webmin | webmin | 1.0.60 | |
| webmin | webmin | 1.0.70 | |
| webmin | webmin | 1.0.80 | |
| webmin | webmin | 1.0.90 | |
| webmin | webmin | 1.1.00 | |
| webmin | webmin | 1.1.10 | |
| webmin | webmin | 1.1.21 | |
| webmin | webmin | 1.1.30 | |
| webmin | webmin | 1.1.40 | |
| webmin | webmin | 1.1.50 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:usermin:usermin:1.000:*:*:*:*:*:*:*",
"matchCriteriaId": "C70274C3-7CA0-49A2-B63C-7DAF492CCD0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.010:*:*:*:*:*:*:*",
"matchCriteriaId": "A7C4A319-0EA6-47E0-831A-27530DCF714E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.020:*:*:*:*:*:*:*",
"matchCriteriaId": "D1009D90-9851-441B-A2E2-FA5B676E8182",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.030:*:*:*:*:*:*:*",
"matchCriteriaId": "934A3D3F-CF10-478C-9206-DB468BCA4702",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.040:*:*:*:*:*:*:*",
"matchCriteriaId": "77B42570-F094-4C25-B246-6439D3FF4B30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.051:*:*:*:*:*:*:*",
"matchCriteriaId": "69A30BB5-2C3F-4C39-8CDC-CC0CC280384C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.060:*:*:*:*:*:*:*",
"matchCriteriaId": "753BF8DE-D225-4301-A6A6-50CD60B34234",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.070:*:*:*:*:*:*:*",
"matchCriteriaId": "FC37A972-11D7-4C85-A8DC-5EDE808629F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.080:*:*:*:*:*:*:*",
"matchCriteriaId": "EA7131C0-4FE1-4D69-9B21-8A9BFADE2A2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.00:*:*:*:*:*:*:*",
"matchCriteriaId": "2B4A574A-5B2A-4769-B932-E1736564160A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "D9425C1F-5E6A-489A-9A8B-9156E79FEAA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.50:*:*:*:*:*:*:*",
"matchCriteriaId": "C968FBE9-191A-40B1-9A69-BF24511E40B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.60:*:*:*:*:*:*:*",
"matchCriteriaId": "D89047FD-39F0-4614-B1EC-D13BAF57405E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.70:*:*:*:*:*:*:*",
"matchCriteriaId": "6CDF2120-F341-4C2E-88C1-A6C76626BFF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.80:*:*:*:*:*:*:*",
"matchCriteriaId": "01DFC15C-3513-4E94-B46D-94FEA0D627FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.90:*:*:*:*:*:*:*",
"matchCriteriaId": "F4E068D3-F6B5-4102-B9FA-949E2FAA33D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.00:*:*:*:*:*:*:*",
"matchCriteriaId": "7E6BD551-EC6A-4C77-B9E7-B9CF3DC21021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "01B0FE2D-02BC-4081-B172-64A74389C5F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "1615ACA2-32CC-48B7-AB5A-0BB0FDA7F190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.30:*:*:*:*:*:*:*",
"matchCriteriaId": "F5ABAE43-0EEF-44D5-AB36-44DA54290122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.40:*:*:*:*:*:*:*",
"matchCriteriaId": "AD33CE40-DFC9-4BDC-BF4F-9E0B268B8503",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.50:*:*:*:*:*:*:*",
"matchCriteriaId": "8608F5A2-B6FA-43C6-9862-43DBAF01EB1C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The web mail functionality in Usermin 1.x and Webmin 1.x allows remote attackers to execute arbitrary commands via shell metacharacters in an e-mail message."
}
],
"id": "CVE-2004-1468",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/12488/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-15.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/77_e.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/11122"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17293"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/12488/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-15.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/77_e.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/11122"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17293"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2004-0559
Vulnerability from fkie_nvd - Published: 2004-10-20 04:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
The maketemp.pl script in Usermin 1.070 and 1.080 allows local users to overwrite arbitrary files at install time via a symlink attack on the /tmp/.usermin directory.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://secunia.com/advisories/12488/ | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.gentoo.org/security/en/glsa/glsa-200409-15.xml | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/11153 | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.webmin.com/uchanges-1.089.html | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/17299 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/12488/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.gentoo.org/security/en/glsa/glsa-200409-15.xml | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/11153 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.webmin.com/uchanges-1.089.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/17299 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| usermin | usermin | 1.000 | |
| usermin | usermin | 1.010 | |
| usermin | usermin | 1.020 | |
| usermin | usermin | 1.030 | |
| usermin | usermin | 1.040 | |
| usermin | usermin | 1.051 | |
| usermin | usermin | 1.060 | |
| usermin | usermin | 1.070 | |
| usermin | usermin | 1.080 | |
| webmin | webmin | 1.0.00 | |
| webmin | webmin | 1.0.20 | |
| webmin | webmin | 1.0.50 | |
| webmin | webmin | 1.0.60 | |
| webmin | webmin | 1.0.70 | |
| webmin | webmin | 1.0.80 | |
| webmin | webmin | 1.0.90 | |
| webmin | webmin | 1.1.00 | |
| webmin | webmin | 1.1.10 | |
| webmin | webmin | 1.1.21 | |
| webmin | webmin | 1.1.30 | |
| webmin | webmin | 1.1.40 | |
| webmin | webmin | 1.1.50 | |
| mandrakesoft | mandrake_linux | 9.2 | |
| mandrakesoft | mandrake_linux | 9.2 | |
| mandrakesoft | mandrake_linux | 10.0 | |
| mandrakesoft | mandrake_linux | 10.0 | |
| mandrakesoft | mandrake_linux_corporate_server | 2.1 | |
| mandrakesoft | mandrake_linux_corporate_server | 2.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:usermin:usermin:1.000:*:*:*:*:*:*:*",
"matchCriteriaId": "C70274C3-7CA0-49A2-B63C-7DAF492CCD0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.010:*:*:*:*:*:*:*",
"matchCriteriaId": "A7C4A319-0EA6-47E0-831A-27530DCF714E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.020:*:*:*:*:*:*:*",
"matchCriteriaId": "D1009D90-9851-441B-A2E2-FA5B676E8182",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.030:*:*:*:*:*:*:*",
"matchCriteriaId": "934A3D3F-CF10-478C-9206-DB468BCA4702",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.040:*:*:*:*:*:*:*",
"matchCriteriaId": "77B42570-F094-4C25-B246-6439D3FF4B30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.051:*:*:*:*:*:*:*",
"matchCriteriaId": "69A30BB5-2C3F-4C39-8CDC-CC0CC280384C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.060:*:*:*:*:*:*:*",
"matchCriteriaId": "753BF8DE-D225-4301-A6A6-50CD60B34234",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.070:*:*:*:*:*:*:*",
"matchCriteriaId": "FC37A972-11D7-4C85-A8DC-5EDE808629F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.080:*:*:*:*:*:*:*",
"matchCriteriaId": "EA7131C0-4FE1-4D69-9B21-8A9BFADE2A2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.00:*:*:*:*:*:*:*",
"matchCriteriaId": "2B4A574A-5B2A-4769-B932-E1736564160A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "D9425C1F-5E6A-489A-9A8B-9156E79FEAA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.50:*:*:*:*:*:*:*",
"matchCriteriaId": "C968FBE9-191A-40B1-9A69-BF24511E40B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.60:*:*:*:*:*:*:*",
"matchCriteriaId": "D89047FD-39F0-4614-B1EC-D13BAF57405E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.70:*:*:*:*:*:*:*",
"matchCriteriaId": "6CDF2120-F341-4C2E-88C1-A6C76626BFF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.80:*:*:*:*:*:*:*",
"matchCriteriaId": "01DFC15C-3513-4E94-B46D-94FEA0D627FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.90:*:*:*:*:*:*:*",
"matchCriteriaId": "F4E068D3-F6B5-4102-B9FA-949E2FAA33D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.00:*:*:*:*:*:*:*",
"matchCriteriaId": "7E6BD551-EC6A-4C77-B9E7-B9CF3DC21021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "01B0FE2D-02BC-4081-B172-64A74389C5F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "1615ACA2-32CC-48B7-AB5A-0BB0FDA7F190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.30:*:*:*:*:*:*:*",
"matchCriteriaId": "F5ABAE43-0EEF-44D5-AB36-44DA54290122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.40:*:*:*:*:*:*:*",
"matchCriteriaId": "AD33CE40-DFC9-4BDC-BF4F-9E0B268B8503",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.50:*:*:*:*:*:*:*",
"matchCriteriaId": "8608F5A2-B6FA-43C6-9862-43DBAF01EB1C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4177C378-7729-46AB-B49B-C6DAED3200E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:9.2:*:amd64:*:*:*:*:*",
"matchCriteriaId": "2164D10D-D1A4-418A-A9C8-CA8FAB1E90A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A06E5CD0-8BEC-4F4C-9E11-1FEE0563946C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:amd64:*:*:*:*:*",
"matchCriteriaId": "A3BDD466-84C9-4CFC-A3A8-7AC0F752FB53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E0F0D201-B1DC-4024-AF77-A284673618F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:x86_64:*:*:*:*:*",
"matchCriteriaId": "052E3862-BFB7-42E7-889D-8590AFA8EF37",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The maketemp.pl script in Usermin 1.070 and 1.080 allows local users to overwrite arbitrary files at install time via a symlink attack on the /tmp/.usermin directory."
},
{
"lang": "es",
"value": "El script maketemp.pl en Usermin 1.070 y 1.080 permite a usuarios locales sobreescribir ficheros de su elecci\u00f3n durante la instalaci\u00f3n mediante un ataque de enlaces simb\u00f3licos en el directorio /tmp/.usermin"
}
],
"id": "CVE-2004-0559",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-10-20T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12488/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-15.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/11153"
},
{
"source": "cve@mitre.org",
"url": "http://www.webmin.com/uchanges-1.089.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17299"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12488/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-15.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/11153"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.webmin.com/uchanges-1.089.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17299"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2004-0588
Vulnerability from fkie_nvd - Published: 2004-08-06 04:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the web mail module for Usermin 1.070 allows remote attackers to insert arbitrary HTML and script via e-mail messages.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://marc.info/?l=bugtraq&m=108781564518287&w=2 | ||
| cve@mitre.org | http://www.gentoo.org/security/en/glsa/glsa-200406-15.xml | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/73_e.html | ||
| cve@mitre.org | http://www.securityfocus.com/bid/10521 | Patch | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/16494 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=108781564518287&w=2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.gentoo.org/security/en/glsa/glsa-200406-15.xml | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/73_e.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/10521 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/16494 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:usermin:usermin:1.070:*:*:*:*:*:*:*",
"matchCriteriaId": "FC37A972-11D7-4C85-A8DC-5EDE808629F8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the web mail module for Usermin 1.070 allows remote attackers to insert arbitrary HTML and script via e-mail messages."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el m\u00f3dulo de correo web de Usermin 1.070 permite a atacantes remotos insertar HTML y scrpit de su elecci\u00f3n mediante mensajes de correo electr\u00f3nico."
}
],
"evaluatorSolution": "This vulnerability is addressed in the following product update:\r\nUsermin, Usermin, 1.080",
"id": "CVE-2004-0588",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-08-06T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108781564518287\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200406-15.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/73_e.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/10521"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16494"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108781564518287\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200406-15.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/73_e.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/10521"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16494"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2004-0583
Vulnerability from fkie_nvd - Published: 2004-08-06 04:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
The account lockout functionality in (1) Webmin 1.140 and (2) Usermin 1.070 does not parse certain character strings, which allows remote attackers to conduct a brute force attack to guess user IDs and passwords.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://marc.info/?l=bugtraq&m=108737059313829&w=2 | ||
| cve@mitre.org | http://www.debian.org/security/2004/dsa-526 | ||
| cve@mitre.org | http://www.gentoo.org/security/en/glsa/glsa-200406-12.xml | ||
| cve@mitre.org | http://www.gentoo.org/security/en/glsa/glsa-200406-15.xml | ||
| cve@mitre.org | http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/75_e.html | ||
| cve@mitre.org | http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:074 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/10474 | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/10523 | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.webmin.com/changes-1.150.html | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/16334 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=108737059313829&w=2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2004/dsa-526 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.gentoo.org/security/en/glsa/glsa-200406-12.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.gentoo.org/security/en/glsa/glsa-200406-15.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/75_e.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:074 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/10474 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/10523 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.webmin.com/changes-1.150.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/16334 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| usermin | usermin | 1.070 | |
| webmin | webmin | 1.1.40 | |
| debian | debian_linux | 3.0 | |
| debian | debian_linux | 3.0 | |
| debian | debian_linux | 3.0 | |
| debian | debian_linux | 3.0 | |
| debian | debian_linux | 3.0 | |
| debian | debian_linux | 3.0 | |
| debian | debian_linux | 3.0 | |
| debian | debian_linux | 3.0 | |
| debian | debian_linux | 3.0 | |
| debian | debian_linux | 3.0 | |
| debian | debian_linux | 3.0 | |
| debian | debian_linux | 3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:usermin:usermin:1.070:*:*:*:*:*:*:*",
"matchCriteriaId": "FC37A972-11D7-4C85-A8DC-5EDE808629F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.40:*:*:*:*:*:*:*",
"matchCriteriaId": "AD33CE40-DFC9-4BDC-BF4F-9E0B268B8503",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2CAE037F-111C-4A76-8FFE-716B74D65EF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:alpha:*:*:*:*:*",
"matchCriteriaId": "A6B060E4-B5A6-4469-828E-211C52542547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:arm:*:*:*:*:*",
"matchCriteriaId": "974C3541-990C-4CD4-A05A-38FA74A84632",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:hppa:*:*:*:*:*",
"matchCriteriaId": "6CBF1E0F-C7F3-4F83-9E60-6E63FA7D2775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:ia-32:*:*:*:*:*",
"matchCriteriaId": "58792F77-B06F-4780-BA25-FE1EE6C3FDD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:ia-64:*:*:*:*:*",
"matchCriteriaId": "C9419322-572F-4BB6-8416-C5E96541CF33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:m68k:*:*:*:*:*",
"matchCriteriaId": "BFC50555-C084-46A3-9C9F-949C5E3BB448",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:mips:*:*:*:*:*",
"matchCriteriaId": "9C25D6E1-D283-4CEA-B47B-60C47A5C0797",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:mipsel:*:*:*:*:*",
"matchCriteriaId": "AD18A446-C634-417E-86AC-B19B6DDDC856",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:ppc:*:*:*:*:*",
"matchCriteriaId": "E4BB852E-61B2-4842-989F-C6C0C901A8D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:s-390:*:*:*:*:*",
"matchCriteriaId": "24DD9D59-E2A2-4116-A887-39E8CC2004FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:sparc:*:*:*:*:*",
"matchCriteriaId": "F28D7457-607E-4E0C-909A-413F91CFCD82",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The account lockout functionality in (1) Webmin 1.140 and (2) Usermin 1.070 does not parse certain character strings, which allows remote attackers to conduct a brute force attack to guess user IDs and passwords."
},
{
"lang": "es",
"value": "La funcionalidad lockout en (1)Webmin 1.140 y (2) Usermin 1.070 no process ciertas cadenas de caract\u00e9reis, lo que permite a atacanetes remotos conducir un ataque de fuerza bruta para averiguar IDs de usuario y contrase\u00f1as."
}
],
"id": "CVE-2004-0583",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-08-06T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108737059313829\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2004/dsa-526"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200406-12.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200406-15.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/75_e.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:074"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10474"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10523"
},
{
"source": "cve@mitre.org",
"url": "http://www.webmin.com/changes-1.150.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16334"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108737059313829\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2004/dsa-526"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200406-12.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200406-15.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/75_e.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:074"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10474"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10523"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.webmin.com/changes-1.150.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16334"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}