All the vulnerabilites related to webmin - webmin
cve-2017-15644
Vulnerability from cvelistv5
Published
2017-10-19 22:00
Modified
2024-09-16 20:07
Severity ?
EPSS score ?
Summary
SSRF exists in Webmin 1.850 via the PATH_INFO to tunnel/link.cgi, as demonstrated by a GET request for tunnel/link.cgi/http://INTRANET-IP:8000.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.webmin.com/security.html | x_refsource_MISC | |
| https://github.com/webmin/webmin/commit/0c58892732ee7610a7abba5507614366d382c9c9 | x_refsource_MISC | |
| https://blogs.securiteam.com/index.php/archives/3430 | x_refsource_MISC | |
| http://www.webmin.com/changes.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:57:27.509Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.webmin.com/security.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/webmin/webmin/commit/0c58892732ee7610a7abba5507614366d382c9c9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blogs.securiteam.com/index.php/archives/3430"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.webmin.com/changes.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SSRF exists in Webmin 1.850 via the PATH_INFO to tunnel/link.cgi, as demonstrated by a GET request for tunnel/link.cgi/http://INTRANET-IP:8000."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-19T22:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.webmin.com/security.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/webmin/webmin/commit/0c58892732ee7610a7abba5507614366d382c9c9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blogs.securiteam.com/index.php/archives/3430"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.webmin.com/changes.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15644",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SSRF exists in Webmin 1.850 via the PATH_INFO to tunnel/link.cgi, as demonstrated by a GET request for tunnel/link.cgi/http://INTRANET-IP:8000."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.webmin.com/security.html",
"refsource": "MISC",
"url": "http://www.webmin.com/security.html"
},
{
"name": "https://github.com/webmin/webmin/commit/0c58892732ee7610a7abba5507614366d382c9c9",
"refsource": "MISC",
"url": "https://github.com/webmin/webmin/commit/0c58892732ee7610a7abba5507614366d382c9c9"
},
{
"name": "https://blogs.securiteam.com/index.php/archives/3430",
"refsource": "MISC",
"url": "https://blogs.securiteam.com/index.php/archives/3430"
},
{
"name": "http://www.webmin.com/changes.html",
"refsource": "MISC",
"url": "http://www.webmin.com/changes.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15644",
"datePublished": "2017-10-19T22:00:00Z",
"dateReserved": "2017-10-19T00:00:00Z",
"dateUpdated": "2024-09-16T20:07:05.121Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-41163
Vulnerability from cvelistv5
Published
2023-08-30 00:00
Modified
2024-10-01 19:56
Severity ?
EPSS score ?
Summary
A Reflected Cross-site scripting (XSS) vulnerability in the file manager tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the replace in results field while replacing the results under the tools drop down.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:54:04.351Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://webmin.com/tags/webmin-changelog/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/shindeanik/Usermin-2.000/blob/main/CVE-2023-41163"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41163",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-01T19:56:08.644439Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-01T19:56:18.044Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Reflected Cross-site scripting (XSS) vulnerability in the file manager tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the replace in results field while replacing the results under the tools drop down."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-31T22:05:27.878365",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://webmin.com/tags/webmin-changelog/"
},
{
"url": "https://github.com/shindeanik/Usermin-2.000/blob/main/CVE-2023-41163"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-41163",
"datePublished": "2023-08-30T00:00:00",
"dateReserved": "2023-08-24T00:00:00",
"dateUpdated": "2024-10-01T19:56:18.044Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-32162
Vulnerability from cvelistv5
Published
2022-04-11 05:46
Modified
2024-08-03 23:17
Severity ?
EPSS score ?
Summary
A Cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 through the File Manager feature.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/Mesh3l911/CVE-2021-32162 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:17:29.375Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Mesh3l911/CVE-2021-32162"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 through the File Manager feature."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-11T05:46:44",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Mesh3l911/CVE-2021-32162"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-32162",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 through the File Manager feature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Mesh3l911/CVE-2021-32162",
"refsource": "MISC",
"url": "https://github.com/Mesh3l911/CVE-2021-32162"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-32162",
"datePublished": "2022-04-11T05:46:44",
"dateReserved": "2021-05-07T00:00:00",
"dateUpdated": "2024-08-03T23:17:29.375Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-38308
Vulnerability from cvelistv5
Published
2023-07-31 00:00
Modified
2024-10-22 17:50
Severity ?
EPSS score ?
Summary
An issue was discovered in Webmin 2.021. A Cross-Site Scripting (XSS) vulnerability was discovered in the HTTP Tunnel functionality when handling third-party domain URLs. By providing a crafted URL from a third-party domain, an attacker can inject malicious code. leading to the execution of arbitrary JavaScript code within the context of the victim's browser.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:39:12.247Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://webmin.com/tags/webmin-changelog/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38308"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38308",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T17:49:56.558892Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T17:50:05.120Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Webmin 2.021. A Cross-Site Scripting (XSS) vulnerability was discovered in the HTTP Tunnel functionality when handling third-party domain URLs. By providing a crafted URL from a third-party domain, an attacker can inject malicious code. leading to the execution of arbitrary JavaScript code within the context of the victim\u0027s browser."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-31T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://webmin.com/tags/webmin-changelog/"
},
{
"url": "https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38308"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-38308",
"datePublished": "2023-07-31T00:00:00",
"dateReserved": "2023-07-14T00:00:00",
"dateUpdated": "2024-10-22T17:50:05.120Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-8712
Vulnerability from cvelistv5
Published
2018-03-14 19:00
Modified
2024-09-17 00:37
Severity ?
EPSS score ?
Summary
An issue was discovered in Webmin 1.840 and 1.880 when the default Yes setting of "Can view any file as a log file" is enabled. As a result of weak default configuration settings, limited users have full access rights to the underlying Unix system files, allowing the user to read sensitive data from the local system (using Local File Include) such as the '/etc/shadow' file via a "GET /syslog/save_log.cgi?view=1&file=/etc/shadow" request.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:02:26.020Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.7elements.co.uk/resources/technical-advisories/webmin-1-840-1-880-unrestricted-access-arbitrary-files-using-local-file-include/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Webmin 1.840 and 1.880 when the default Yes setting of \"Can view any file as a log file\" is enabled. As a result of weak default configuration settings, limited users have full access rights to the underlying Unix system files, allowing the user to read sensitive data from the local system (using Local File Include) such as the \u0027/etc/shadow\u0027 file via a \"GET /syslog/save_log.cgi?view=1\u0026file=/etc/shadow\" request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-14T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.7elements.co.uk/resources/technical-advisories/webmin-1-840-1-880-unrestricted-access-arbitrary-files-using-local-file-include/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8712",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Webmin 1.840 and 1.880 when the default Yes setting of \"Can view any file as a log file\" is enabled. As a result of weak default configuration settings, limited users have full access rights to the underlying Unix system files, allowing the user to read sensitive data from the local system (using Local File Include) such as the \u0027/etc/shadow\u0027 file via a \"GET /syslog/save_log.cgi?view=1\u0026file=/etc/shadow\" request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.7elements.co.uk/resources/technical-advisories/webmin-1-840-1-880-unrestricted-access-arbitrary-files-using-local-file-include/",
"refsource": "MISC",
"url": "https://www.7elements.co.uk/resources/technical-advisories/webmin-1-840-1-880-unrestricted-access-arbitrary-files-using-local-file-include/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-8712",
"datePublished": "2018-03-14T19:00:00Z",
"dateReserved": "2018-03-14T00:00:00Z",
"dateUpdated": "2024-09-17T00:37:20.145Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-38311
Vulnerability from cvelistv5
Published
2023-07-31 00:00
Modified
2024-10-22 17:43
Severity ?
EPSS score ?
Summary
An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the System Logs Viewer functionality. The vulnerability allows an attacker to store a malicious payload in the configuration field, triggering the execution of the payload when saving the configuration or when accessing the System Logs Viewer page.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:39:12.242Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://webmin.com/tags/webmin-changelog/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38311"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38311",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T17:43:17.142385Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T17:43:26.477Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the System Logs Viewer functionality. The vulnerability allows an attacker to store a malicious payload in the configuration field, triggering the execution of the payload when saving the configuration or when accessing the System Logs Viewer page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-31T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://webmin.com/tags/webmin-changelog/"
},
{
"url": "https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38311"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-38311",
"datePublished": "2023-07-31T00:00:00",
"dateReserved": "2023-07-14T00:00:00",
"dateUpdated": "2024-10-22T17:43:26.477Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-1999-1074
Vulnerability from cvelistv5
Published
2002-03-09 05:00
Modified
2024-08-01 17:02
Severity ?
EPSS score ?
Summary
Webmin before 0.5 does not restrict the number of invalid passwords that are entered for a valid username, which could allow remote attackers to gain privileges via brute force password cracking.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/9138 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.webmin.com/webmin/changes.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/98 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T17:02:53.696Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "19980501 Warning! Webmin Security Advisory",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/9138"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.webmin.com/webmin/changes.html"
},
{
"name": "98",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "1998-05-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Webmin before 0.5 does not restrict the number of invalid passwords that are entered for a valid username, which could allow remote attackers to gain privileges via brute force password cracking."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-03-01T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "19980501 Warning! Webmin Security Advisory",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/9138"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.webmin.com/webmin/changes.html"
},
{
"name": "98",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-1074",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Webmin before 0.5 does not restrict the number of invalid passwords that are entered for a valid username, which could allow remote attackers to gain privileges via brute force password cracking."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19980501 Warning! Webmin Security Advisory",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/9138"
},
{
"name": "http://www.webmin.com/webmin/changes.html",
"refsource": "CONFIRM",
"url": "http://www.webmin.com/webmin/changes.html"
},
{
"name": "98",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-1074",
"datePublished": "2002-03-09T05:00:00",
"dateReserved": "2001-08-31T00:00:00",
"dateUpdated": "2024-08-01T17:02:53.696Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-3912
Vulnerability from cvelistv5
Published
2005-11-30 11:00
Modified
2024-08-07 23:31
Severity ?
EPSS score ?
Summary
Format string vulnerability in miniserv.pl Perl web server in Webmin before 1.250 and Usermin before 1.180, with syslog logging enabled, allows remote attackers to cause a denial of service (crash or memory consumption) and possibly execute arbitrary code via format string specifiers in the username parameter to the login form, which is ultimately used in a syslog call. NOTE: the code execution might be associated with an issue in Perl.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:31:48.669Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.webmin.com/security.html"
},
{
"name": "17749",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17749"
},
{
"name": "GLSA-200512-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-02.xml"
},
{
"name": "[Dailydave] 20051129 Webmin miniserv.pl format string vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.immunitysec.com/pipermail/dailydave/2005-November/002685.html"
},
{
"name": "DSA-1199",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1199"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.webmin.com/changes-1.250.html"
},
{
"name": "18101",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18101"
},
{
"name": "ADV-2005-2660",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2660"
},
{
"name": "SUSE-SR:2005:030",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_30_sr.html"
},
{
"name": "17878",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17878"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.dyadsecurity.com/webmin-0001.html"
},
{
"name": "20051129 Webmin miniserv.pl format string vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/418093/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.webmin.com/uchanges-1.180.html"
},
{
"name": "22556",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22556"
},
{
"name": "MDKSA-2005:223",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:223"
},
{
"name": "17942",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17942"
},
{
"name": "17817",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17817"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in miniserv.pl Perl web server in Webmin before 1.250 and Usermin before 1.180, with syslog logging enabled, allows remote attackers to cause a denial of service (crash or memory consumption) and possibly execute arbitrary code via format string specifiers in the username parameter to the login form, which is ultimately used in a syslog call. NOTE: the code execution might be associated with an issue in Perl."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.webmin.com/security.html"
},
{
"name": "17749",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17749"
},
{
"name": "GLSA-200512-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-02.xml"
},
{
"name": "[Dailydave] 20051129 Webmin miniserv.pl format string vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.immunitysec.com/pipermail/dailydave/2005-November/002685.html"
},
{
"name": "DSA-1199",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1199"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.webmin.com/changes-1.250.html"
},
{
"name": "18101",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18101"
},
{
"name": "ADV-2005-2660",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2660"
},
{
"name": "SUSE-SR:2005:030",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_30_sr.html"
},
{
"name": "17878",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17878"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.dyadsecurity.com/webmin-0001.html"
},
{
"name": "20051129 Webmin miniserv.pl format string vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/418093/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.webmin.com/uchanges-1.180.html"
},
{
"name": "22556",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22556"
},
{
"name": "MDKSA-2005:223",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:223"
},
{
"name": "17942",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17942"
},
{
"name": "17817",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17817"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3912",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in miniserv.pl Perl web server in Webmin before 1.250 and Usermin before 1.180, with syslog logging enabled, allows remote attackers to cause a denial of service (crash or memory consumption) and possibly execute arbitrary code via format string specifiers in the username parameter to the login form, which is ultimately used in a syslog call. NOTE: the code execution might be associated with an issue in Perl."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.webmin.com/security.html",
"refsource": "CONFIRM",
"url": "http://www.webmin.com/security.html"
},
{
"name": "17749",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17749"
},
{
"name": "GLSA-200512-02",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-02.xml"
},
{
"name": "[Dailydave] 20051129 Webmin miniserv.pl format string vulnerability",
"refsource": "MLIST",
"url": "http://lists.immunitysec.com/pipermail/dailydave/2005-November/002685.html"
},
{
"name": "DSA-1199",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1199"
},
{
"name": "http://www.webmin.com/changes-1.250.html",
"refsource": "CONFIRM",
"url": "http://www.webmin.com/changes-1.250.html"
},
{
"name": "18101",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18101"
},
{
"name": "ADV-2005-2660",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2660"
},
{
"name": "SUSE-SR:2005:030",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_30_sr.html"
},
{
"name": "17878",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17878"
},
{
"name": "http://www.dyadsecurity.com/webmin-0001.html",
"refsource": "MISC",
"url": "http://www.dyadsecurity.com/webmin-0001.html"
},
{
"name": "20051129 Webmin miniserv.pl format string vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/418093/100/0/threaded"
},
{
"name": "http://www.webmin.com/uchanges-1.180.html",
"refsource": "CONFIRM",
"url": "http://www.webmin.com/uchanges-1.180.html"
},
{
"name": "22556",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22556"
},
{
"name": "MDKSA-2005:223",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:223"
},
{
"name": "17942",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17942"
},
{
"name": "17817",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17817"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3912",
"datePublished": "2005-11-30T11:00:00",
"dateReserved": "2005-11-30T00:00:00",
"dateUpdated": "2024-08-07T23:31:48.669Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-0583
Vulnerability from cvelistv5
Published
2004-06-23 04:00
Modified
2024-08-08 00:24
Severity ?
EPSS score ?
Summary
The account lockout functionality in (1) Webmin 1.140 and (2) Usermin 1.070 does not parse certain character strings, which allows remote attackers to conduct a brute force attack to guess user IDs and passwords.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/10474 | vdb-entry, x_refsource_BID | |
| http://www.debian.org/security/2004/dsa-526 | vendor-advisory, x_refsource_DEBIAN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/16334 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/10523 | vdb-entry, x_refsource_BID | |
| http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:074 | vendor-advisory, x_refsource_MANDRAKE | |
| http://marc.info/?l=bugtraq&m=108737059313829&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.gentoo.org/security/en/glsa/glsa-200406-15.xml | vendor-advisory, x_refsource_GENTOO | |
| http://www.webmin.com/changes-1.150.html | x_refsource_CONFIRM | |
| http://www.gentoo.org/security/en/glsa/glsa-200406-12.xml | vendor-advisory, x_refsource_GENTOO | |
| http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/75_e.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:24:26.063Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "10474",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10474"
},
{
"name": "DSA-526",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2004/dsa-526"
},
{
"name": "webmin-username-password-dos(16334)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16334"
},
{
"name": "10523",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10523"
},
{
"name": "MDKSA-2004:074",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:074"
},
{
"name": "20040611 [SNS Advisory No.75] Webmin/Usermin Account Lockout Bypass Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108737059313829\u0026w=2"
},
{
"name": "GLSA-200406-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200406-15.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.webmin.com/changes-1.150.html"
},
{
"name": "GLSA-200406-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200406-12.xml"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/75_e.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-06-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The account lockout functionality in (1) Webmin 1.140 and (2) Usermin 1.070 does not parse certain character strings, which allows remote attackers to conduct a brute force attack to guess user IDs and passwords."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "10474",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10474"
},
{
"name": "DSA-526",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2004/dsa-526"
},
{
"name": "webmin-username-password-dos(16334)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16334"
},
{
"name": "10523",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10523"
},
{
"name": "MDKSA-2004:074",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:074"
},
{
"name": "20040611 [SNS Advisory No.75] Webmin/Usermin Account Lockout Bypass Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108737059313829\u0026w=2"
},
{
"name": "GLSA-200406-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200406-15.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.webmin.com/changes-1.150.html"
},
{
"name": "GLSA-200406-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200406-12.xml"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/75_e.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0583",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The account lockout functionality in (1) Webmin 1.140 and (2) Usermin 1.070 does not parse certain character strings, which allows remote attackers to conduct a brute force attack to guess user IDs and passwords."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "10474",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10474"
},
{
"name": "DSA-526",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-526"
},
{
"name": "webmin-username-password-dos(16334)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16334"
},
{
"name": "10523",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10523"
},
{
"name": "MDKSA-2004:074",
"refsource": "MANDRAKE",
"url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:074"
},
{
"name": "20040611 [SNS Advisory No.75] Webmin/Usermin Account Lockout Bypass Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108737059313829\u0026w=2"
},
{
"name": "GLSA-200406-15",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200406-15.xml"
},
{
"name": "http://www.webmin.com/changes-1.150.html",
"refsource": "CONFIRM",
"url": "http://www.webmin.com/changes-1.150.html"
},
{
"name": "GLSA-200406-12",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200406-12.xml"
},
{
"name": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/75_e.html",
"refsource": "MISC",
"url": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/75_e.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0583",
"datePublished": "2004-06-23T04:00:00",
"dateReserved": "2004-06-18T00:00:00",
"dateUpdated": "2024-08-08T00:24:26.063Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-35769
Vulnerability from cvelistv5
Published
2020-12-29 05:35
Modified
2024-08-04 17:09
Severity ?
EPSS score ?
Summary
miniserv.pl in Webmin 1.962 on Windows mishandles special characters in query arguments to the CGI program.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:09:15.226Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/webmin/webmin/commit/1163f3a7f418f249af64890f4636575e687e9de7#diff-9b33fd8f5603d4f0d1428689bc36f24af4770608a22c0d92b7a8bcc522450dc6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vigilance.fr/vulnerability/Webmin-code-execution-via-miniserv-pl-handle-request-34220"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "miniserv.pl in Webmin 1.962 on Windows mishandles special characters in query arguments to the CGI program."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-30T18:11:22",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/webmin/webmin/commit/1163f3a7f418f249af64890f4636575e687e9de7#diff-9b33fd8f5603d4f0d1428689bc36f24af4770608a22c0d92b7a8bcc522450dc6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vigilance.fr/vulnerability/Webmin-code-execution-via-miniserv-pl-handle-request-34220"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-35769",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "miniserv.pl in Webmin 1.962 on Windows mishandles special characters in query arguments to the CGI program."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/webmin/webmin/commit/1163f3a7f418f249af64890f4636575e687e9de7#diff-9b33fd8f5603d4f0d1428689bc36f24af4770608a22c0d92b7a8bcc522450dc6",
"refsource": "MISC",
"url": "https://github.com/webmin/webmin/commit/1163f3a7f418f249af64890f4636575e687e9de7#diff-9b33fd8f5603d4f0d1428689bc36f24af4770608a22c0d92b7a8bcc522450dc6"
},
{
"name": "https://vigilance.fr/vulnerability/Webmin-code-execution-via-miniserv-pl-handle-request-34220",
"refsource": "MISC",
"url": "https://vigilance.fr/vulnerability/Webmin-code-execution-via-miniserv-pl-handle-request-34220"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35769",
"datePublished": "2020-12-29T05:35:39",
"dateReserved": "2020-12-29T00:00:00",
"dateUpdated": "2024-08-04T17:09:15.226Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36453
Vulnerability from cvelistv5
Published
2024-07-10 07:02
Modified
2024-11-06 21:34
Severity ?
EPSS score ?
Summary
Cross-site scripting vulnerability exists in session_login.cgi of Webmin versions prior to 1.970 and Usermin versions prior to 1.820. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product. As a result, a webpage may be altered or sensitive information such as a credential may be disclosed.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-36453",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-10T14:03:38.998862Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T21:34:36.873Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:37:05.102Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://webmin.com/"
},
{
"tags": [
"x_transferred"
],
"url": "https://webmin.com/usermin/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN81442045/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Webmin",
"vendor": "Webmin",
"versions": [
{
"status": "affected",
"version": "versions prior to 1.970"
}
]
},
{
"product": "Usermin",
"vendor": "Webmin",
"versions": [
{
"status": "affected",
"version": "versions prior to 1.820"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability exists in session_login.cgi of Webmin versions prior to 1.970 and Usermin versions prior to 1.820. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product. As a result, a webpage may be altered or sensitive information such as a credential may be disclosed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T07:02:17.776Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://webmin.com/"
},
{
"url": "https://webmin.com/usermin/"
},
{
"url": "https://jvn.jp/en/jp/JVN81442045/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-36453",
"datePublished": "2024-07-10T07:02:17.776Z",
"dateReserved": "2024-05-28T05:38:38.739Z",
"dateUpdated": "2024-11-06T21:34:36.873Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-35606
Vulnerability from cvelistv5
Published
2020-12-21 19:19
Modified
2024-08-04 17:09
Severity ?
EPSS score ?
Summary
Arbitrary command execution can occur in Webmin through 1.962. Any user authorized for the Package Updates module can execute arbitrary commands with root privileges via vectors involving %0A and %0C. NOTE: this issue exists because of an incomplete fix for CVE-2019-12840.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.pentest.com.tr/exploits/Webmin-1962-PU-Escape-Bypass-Remote-Command-Execution.html | x_refsource_MISC | |
| https://www.webmin.com/download.html | x_refsource_MISC | |
| http://packetstormsecurity.com/files/160676/Webmin-1.962-Remote-Command-Execution.html | x_refsource_MISC | |
| https://www.exploit-db.com/exploits/49318 | exploit, x_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:09:14.502Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.pentest.com.tr/exploits/Webmin-1962-PU-Escape-Bypass-Remote-Command-Execution.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.webmin.com/download.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/160676/Webmin-1.962-Remote-Command-Execution.html"
},
{
"name": "49318",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/49318"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Arbitrary command execution can occur in Webmin through 1.962. Any user authorized for the Package Updates module can execute arbitrary commands with root privileges via vectors involving %0A and %0C. NOTE: this issue exists because of an incomplete fix for CVE-2019-12840."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-12-28T20:30:13",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.pentest.com.tr/exploits/Webmin-1962-PU-Escape-Bypass-Remote-Command-Execution.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.webmin.com/download.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/160676/Webmin-1.962-Remote-Command-Execution.html"
},
{
"name": "49318",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/49318"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-35606",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Arbitrary command execution can occur in Webmin through 1.962. Any user authorized for the Package Updates module can execute arbitrary commands with root privileges via vectors involving %0A and %0C. NOTE: this issue exists because of an incomplete fix for CVE-2019-12840."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.pentest.com.tr/exploits/Webmin-1962-PU-Escape-Bypass-Remote-Command-Execution.html",
"refsource": "MISC",
"url": "https://www.pentest.com.tr/exploits/Webmin-1962-PU-Escape-Bypass-Remote-Command-Execution.html"
},
{
"name": "https://www.webmin.com/download.html",
"refsource": "MISC",
"url": "https://www.webmin.com/download.html"
},
{
"name": "http://packetstormsecurity.com/files/160676/Webmin-1.962-Remote-Command-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/160676/Webmin-1.962-Remote-Command-Execution.html"
},
{
"name": "49318",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/49318"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-35606",
"datePublished": "2020-12-21T19:19:17",
"dateReserved": "2020-12-21T00:00:00",
"dateUpdated": "2024-08-04T17:09:14.502Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2001-1074
Vulnerability from cvelistv5
Published
2002-06-25 04:00
Modified
2024-08-08 04:44
Severity ?
EPSS score ?
Summary
Webmin 0.84 and earlier does not properly clear the HTTP_AUTHORIZATION environment variable when the web server is restarted, which makes authentication information available to all CGI programs and allows local users to gain privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/2795 | vdb-entry, x_refsource_BID | |
| http://archives.neohapsis.com/archives/bugtraq/2001-05/0262.html | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/6627 | vdb-entry, x_refsource_XF | |
| http://www.calderasystems.com/support/security/advisories/CSSA-2001-019.1.txt | vendor-advisory, x_refsource_CALDERA | |
| http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-059.php3 | vendor-advisory, x_refsource_MANDRAKE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:44:07.505Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "2795",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/2795"
},
{
"name": "20010526 Webmin Doesn\u0027t Clean Env (root exploit)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-05/0262.html"
},
{
"name": "webmin-gain-information(6627)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6627"
},
{
"name": "CSSA-2001-019.1",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2001-019.1.txt"
},
{
"name": "MDKSA-2001:059",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-059.php3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-05-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Webmin 0.84 and earlier does not properly clear the HTTP_AUTHORIZATION environment variable when the web server is restarted, which makes authentication information available to all CGI programs and allows local users to gain privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-02-06T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "2795",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/2795"
},
{
"name": "20010526 Webmin Doesn\u0027t Clean Env (root exploit)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-05/0262.html"
},
{
"name": "webmin-gain-information(6627)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6627"
},
{
"name": "CSSA-2001-019.1",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2001-019.1.txt"
},
{
"name": "MDKSA-2001:059",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-059.php3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1074",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Webmin 0.84 and earlier does not properly clear the HTTP_AUTHORIZATION environment variable when the web server is restarted, which makes authentication information available to all CGI programs and allows local users to gain privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "2795",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2795"
},
{
"name": "20010526 Webmin Doesn\u0027t Clean Env (root exploit)",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-05/0262.html"
},
{
"name": "webmin-gain-information(6627)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6627"
},
{
"name": "CSSA-2001-019.1",
"refsource": "CALDERA",
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2001-019.1.txt"
},
{
"name": "MDKSA-2001:059",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-059.php3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1074",
"datePublished": "2002-06-25T04:00:00",
"dateReserved": "2002-01-31T00:00:00",
"dateUpdated": "2024-08-08T04:44:07.505Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-1468
Vulnerability from cvelistv5
Published
2005-02-13 05:00
Modified
2024-08-08 00:53
Severity ?
EPSS score ?
Summary
The web mail functionality in Usermin 1.x and Webmin 1.x allows remote attackers to execute arbitrary commands via shell metacharacters in an e-mail message.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/11122 | vdb-entry, x_refsource_BID | |
| http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/77_e.html | x_refsource_MISC | |
| http://secunia.com/advisories/12488/ | third-party-advisory, x_refsource_SECUNIA | |
| http://www.gentoo.org/security/en/glsa/glsa-200409-15.xml | vendor-advisory, x_refsource_GENTOO | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/17293 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:53:23.804Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "11122",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11122"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/77_e.html"
},
{
"name": "12488",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12488/"
},
{
"name": "GLSA-200409-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-15.xml"
},
{
"name": "usermin-web-mail-command-execution(17293)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17293"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-09-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The web mail functionality in Usermin 1.x and Webmin 1.x allows remote attackers to execute arbitrary commands via shell metacharacters in an e-mail message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "11122",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11122"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/77_e.html"
},
{
"name": "12488",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12488/"
},
{
"name": "GLSA-200409-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-15.xml"
},
{
"name": "usermin-web-mail-command-execution(17293)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17293"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1468",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web mail functionality in Usermin 1.x and Webmin 1.x allows remote attackers to execute arbitrary commands via shell metacharacters in an e-mail message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11122",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11122"
},
{
"name": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/77_e.html",
"refsource": "MISC",
"url": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/77_e.html"
},
{
"name": "12488",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12488/"
},
{
"name": "GLSA-200409-15",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-15.xml"
},
{
"name": "usermin-web-mail-command-execution(17293)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17293"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1468",
"datePublished": "2005-02-13T05:00:00",
"dateReserved": "2005-02-13T00:00:00",
"dateUpdated": "2024-08-08T00:53:23.804Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-15642
Vulnerability from cvelistv5
Published
2019-08-26 17:07
Modified
2024-08-05 00:56
Severity ?
EPSS score ?
Summary
rpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execution via a crafted object name because unserialise_variable makes an eval call. NOTE: the Webmin_Servers_Index documentation states "RPC can be used to run any command or modify any file on a server, which is why access to it must not be granted to un-trusted Webmin users."
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.calypt.com/blog/index.php/authenticated-rce-on-webmin/ | x_refsource_MISC | |
| https://github.com/webmin/webmin/commit/df8a43fb4bdc9c858874f72773bcba597ae9432c | x_refsource_MISC | |
| https://github.com/webmin/webmin/blob/ab5e00e41ea1ecc1e24b8f8693f3495a0abb1aed/rpc.cgi#L26-L37 | x_refsource_MISC | |
| https://doxfer.webmin.com/Webmin/Webmin_Servers_Index | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:56:22.017Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.calypt.com/blog/index.php/authenticated-rce-on-webmin/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/webmin/webmin/commit/df8a43fb4bdc9c858874f72773bcba597ae9432c"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/webmin/webmin/blob/ab5e00e41ea1ecc1e24b8f8693f3495a0abb1aed/rpc.cgi#L26-L37"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://doxfer.webmin.com/Webmin/Webmin_Servers_Index"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "rpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execution via a crafted object name because unserialise_variable makes an eval call. NOTE: the Webmin_Servers_Index documentation states \"RPC can be used to run any command or modify any file on a server, which is why access to it must not be granted to un-trusted Webmin users.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-26T17:36:42",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.calypt.com/blog/index.php/authenticated-rce-on-webmin/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/webmin/webmin/commit/df8a43fb4bdc9c858874f72773bcba597ae9432c"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/webmin/webmin/blob/ab5e00e41ea1ecc1e24b8f8693f3495a0abb1aed/rpc.cgi#L26-L37"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://doxfer.webmin.com/Webmin/Webmin_Servers_Index"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15642",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "rpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execution via a crafted object name because unserialise_variable makes an eval call. NOTE: the Webmin_Servers_Index documentation states \"RPC can be used to run any command or modify any file on a server, which is why access to it must not be granted to un-trusted Webmin users.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.calypt.com/blog/index.php/authenticated-rce-on-webmin/",
"refsource": "MISC",
"url": "https://www.calypt.com/blog/index.php/authenticated-rce-on-webmin/"
},
{
"name": "https://github.com/webmin/webmin/commit/df8a43fb4bdc9c858874f72773bcba597ae9432c",
"refsource": "MISC",
"url": "https://github.com/webmin/webmin/commit/df8a43fb4bdc9c858874f72773bcba597ae9432c"
},
{
"name": "https://github.com/webmin/webmin/blob/ab5e00e41ea1ecc1e24b8f8693f3495a0abb1aed/rpc.cgi#L26-L37",
"refsource": "MISC",
"url": "https://github.com/webmin/webmin/blob/ab5e00e41ea1ecc1e24b8f8693f3495a0abb1aed/rpc.cgi#L26-L37"
},
{
"name": "https://doxfer.webmin.com/Webmin/Webmin_Servers_Index",
"refsource": "MISC",
"url": "https://doxfer.webmin.com/Webmin/Webmin_Servers_Index"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-15642",
"datePublished": "2019-08-26T17:07:47",
"dateReserved": "2019-08-26T00:00:00",
"dateUpdated": "2024-08-05T00:56:22.017Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-32156
Vulnerability from cvelistv5
Published
2022-04-11 05:37
Modified
2024-08-03 23:17
Severity ?
EPSS score ?
Summary
A cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 via the Scheduled Cron Jobs feature.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/Mesh3l911/CVE-2021-32156 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:17:29.175Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Mesh3l911/CVE-2021-32156"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 via the Scheduled Cron Jobs feature."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-11T05:37:30",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Mesh3l911/CVE-2021-32156"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-32156",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 via the Scheduled Cron Jobs feature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Mesh3l911/CVE-2021-32156",
"refsource": "MISC",
"url": "https://github.com/Mesh3l911/CVE-2021-32156"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-32156",
"datePublished": "2022-04-11T05:37:30",
"dateReserved": "2021-05-07T00:00:00",
"dateUpdated": "2024-08-03T23:17:29.175Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-12828
Vulnerability from cvelistv5
Published
2024-12-30 16:48
Modified
2024-12-30 17:35
Severity ?
EPSS score ?
Summary
Webmin CGI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Webmin. Authentication is required to exploit this vulnerability.
The specific flaw exists within the handling of CGI requests. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22346.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zerodayinitiative.com/advisories/ZDI-24-1725/ | x_research-advisory | |
| https://github.com/webmin/authentic-theme/commit/61e5b10227b50407e3c6ac494ffbd4385d1b59df | vendor-advisory |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12828",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-30T17:34:53.809557Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-30T17:35:11.375Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "Webmin",
"vendor": "Webmin",
"versions": [
{
"status": "affected",
"version": "webmin 2.104"
}
]
}
],
"dateAssigned": "2024-12-19T15:57:37.257-06:00",
"datePublic": "2024-12-20T10:52:56.353-06:00",
"descriptions": [
{
"lang": "en",
"value": "Webmin CGI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Webmin. Authentication is required to exploit this vulnerability. \n\nThe specific flaw exists within the handling of CGI requests. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22346."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-30T16:48:13.347Z",
"orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"shortName": "zdi"
},
"references": [
{
"name": "ZDI-24-1725",
"tags": [
"x_research-advisory"
],
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1725/"
},
{
"name": "vendor-provided URL",
"tags": [
"vendor-advisory"
],
"url": "https://github.com/webmin/authentic-theme/commit/61e5b10227b50407e3c6ac494ffbd4385d1b59df"
}
],
"source": {
"lang": "en",
"value": "ptrstr"
},
"title": "Webmin CGI Command Injection Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
"assignerShortName": "zdi",
"cveId": "CVE-2024-12828",
"datePublished": "2024-12-30T16:48:13.347Z",
"dateReserved": "2024-12-19T21:57:37.181Z",
"dateUpdated": "2024-12-30T17:35:11.375Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-9313
Vulnerability from cvelistv5
Published
2017-07-04 02:00
Modified
2024-08-05 17:02
Severity ?
EPSS score ?
Summary
Multiple Cross-site scripting (XSS) vulnerabilities in Webmin before 1.850 allow remote attackers to inject arbitrary web script or HTML via the sec parameter to view_man.cgi, the referers parameter to change_referers.cgi, or the name parameter to save_user.cgi. NOTE: these issues were not fixed in 1.840.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/webmin/webmin/commit/a330e913ee099cb9c586ce1b9267647fc566c1ab | x_refsource_MISC | |
| http://seclists.org/bugtraq/2017/Jul/3 | x_refsource_MISC | |
| http://www.securitytracker.com/id/1038814 | vdb-entry, x_refsource_SECTRACK | |
| https://github.com/webmin/webmin/commit/c2d4a90639afb2403979aa91ba75cb332ae16d1b | x_refsource_MISC | |
| http://www.securityfocus.com/bid/99373 | vdb-entry, x_refsource_BID | |
| http://www.webmin.com/changes.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:02:44.374Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/webmin/webmin/commit/a330e913ee099cb9c586ce1b9267647fc566c1ab"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2017/Jul/3"
},
{
"name": "1038814",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038814"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/webmin/webmin/commit/c2d4a90639afb2403979aa91ba75cb332ae16d1b"
},
{
"name": "99373",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99373"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.webmin.com/changes.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple Cross-site scripting (XSS) vulnerabilities in Webmin before 1.850 allow remote attackers to inject arbitrary web script or HTML via the sec parameter to view_man.cgi, the referers parameter to change_referers.cgi, or the name parameter to save_user.cgi. NOTE: these issues were not fixed in 1.840."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-06T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/webmin/webmin/commit/a330e913ee099cb9c586ce1b9267647fc566c1ab"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/bugtraq/2017/Jul/3"
},
{
"name": "1038814",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038814"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/webmin/webmin/commit/c2d4a90639afb2403979aa91ba75cb332ae16d1b"
},
{
"name": "99373",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99373"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.webmin.com/changes.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-9313",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple Cross-site scripting (XSS) vulnerabilities in Webmin before 1.850 allow remote attackers to inject arbitrary web script or HTML via the sec parameter to view_man.cgi, the referers parameter to change_referers.cgi, or the name parameter to save_user.cgi. NOTE: these issues were not fixed in 1.840."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/webmin/webmin/commit/a330e913ee099cb9c586ce1b9267647fc566c1ab",
"refsource": "MISC",
"url": "https://github.com/webmin/webmin/commit/a330e913ee099cb9c586ce1b9267647fc566c1ab"
},
{
"name": "http://seclists.org/bugtraq/2017/Jul/3",
"refsource": "MISC",
"url": "http://seclists.org/bugtraq/2017/Jul/3"
},
{
"name": "1038814",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038814"
},
{
"name": "https://github.com/webmin/webmin/commit/c2d4a90639afb2403979aa91ba75cb332ae16d1b",
"refsource": "MISC",
"url": "https://github.com/webmin/webmin/commit/c2d4a90639afb2403979aa91ba75cb332ae16d1b"
},
{
"name": "99373",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99373"
},
{
"name": "http://www.webmin.com/changes.html",
"refsource": "MISC",
"url": "http://www.webmin.com/changes.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-9313",
"datePublished": "2017-07-04T02:00:00",
"dateReserved": "2017-05-30T00:00:00",
"dateUpdated": "2024-08-05T17:02:44.374Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-2360
Vulnerability from cvelistv5
Published
2007-10-29 19:00
Modified
2024-09-17 02:21
Severity ?
EPSS score ?
Summary
The RPC module in Webmin 0.21 through 0.99, when installed without root or admin privileges, allows remote attackers to read and write to arbitrary files and execute arbitrary commands via remote_foreign_require and remote_foreign_call requests.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/5591 | vdb-entry, x_refsource_BID | |
| http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2002-08/0403.html | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securiteam.com/unixfocus/5CP0R1P80G.html | x_refsource_MISC | |
| http://www.iss.net/security_center/static/9983.php | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:59:11.950Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "5591",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5591"
},
{
"name": "20020828 Webmin Vulnerability Leads to Remote Compromise (RPC CGI)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2002-08/0403.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securiteam.com/unixfocus/5CP0R1P80G.html"
},
{
"name": "webmin-cgi-improper-permissions(9983)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9983.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The RPC module in Webmin 0.21 through 0.99, when installed without root or admin privileges, allows remote attackers to read and write to arbitrary files and execute arbitrary commands via remote_foreign_require and remote_foreign_call requests."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-10-29T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "5591",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5591"
},
{
"name": "20020828 Webmin Vulnerability Leads to Remote Compromise (RPC CGI)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2002-08/0403.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securiteam.com/unixfocus/5CP0R1P80G.html"
},
{
"name": "webmin-cgi-improper-permissions(9983)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9983.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2360",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The RPC module in Webmin 0.21 through 0.99, when installed without root or admin privileges, allows remote attackers to read and write to arbitrary files and execute arbitrary commands via remote_foreign_require and remote_foreign_call requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "5591",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5591"
},
{
"name": "20020828 Webmin Vulnerability Leads to Remote Compromise (RPC CGI)",
"refsource": "BUGTRAQ",
"url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2002-08/0403.html"
},
{
"name": "http://www.securiteam.com/unixfocus/5CP0R1P80G.html",
"refsource": "MISC",
"url": "http://www.securiteam.com/unixfocus/5CP0R1P80G.html"
},
{
"name": "webmin-cgi-improper-permissions(9983)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9983.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-2360",
"datePublished": "2007-10-29T19:00:00Z",
"dateReserved": "2007-10-29T00:00:00Z",
"dateUpdated": "2024-09-17T02:21:10.252Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-38303
Vulnerability from cvelistv5
Published
2023-07-31 00:00
Modified
2024-10-22 18:00
Severity ?
EPSS score ?
Summary
An issue was discovered in Webmin 2.021. One can exploit a stored Cross-Site Scripting (XSS) attack to achieve Remote Command Execution (RCE) through the Users and Group's real name parameter.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:39:12.243Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://webmin.com/tags/webmin-changelog/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38303"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38303",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T18:00:21.153709Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T18:00:29.020Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Webmin 2.021. One can exploit a stored Cross-Site Scripting (XSS) attack to achieve Remote Command Execution (RCE) through the Users and Group\u0027s real name parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-31T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://webmin.com/tags/webmin-changelog/"
},
{
"url": "https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38303"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-38303",
"datePublished": "2023-07-31T00:00:00",
"dateReserved": "2023-07-14T00:00:00",
"dateUpdated": "2024-10-22T18:00:29.020Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-2106
Vulnerability from cvelistv5
Published
2017-04-28 16:00
Modified
2024-08-05 13:39
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting vulnerabilities in Webmin versions prior to 1.830 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/96227 | vdb-entry, x_refsource_BID | |
| https://github.com/webmin/webmin/commit/475cc4fbdf51c865b291d252d81a58bad05de0c7 | x_refsource_MISC | |
| http://jvn.jp/en/jp/JVN34207650/index.html | third-party-advisory, x_refsource_JVN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:39:32.276Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "96227",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96227"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/webmin/webmin/commit/475cc4fbdf51c865b291d252d81a58bad05de0c7"
},
{
"name": "JVN#34207650",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN34207650/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Webmin",
"vendor": "Webmin",
"versions": [
{
"status": "affected",
"version": "versions prior to 1.830"
}
]
}
],
"datePublic": "2017-04-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting vulnerabilities in Webmin versions prior to 1.830 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-05-01T09:57:02",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "96227",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96227"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/webmin/webmin/commit/475cc4fbdf51c865b291d252d81a58bad05de0c7"
},
{
"name": "JVN#34207650",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN34207650/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2106",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Webmin",
"version": {
"version_data": [
{
"version_value": "versions prior to 1.830"
}
]
}
}
]
},
"vendor_name": "Webmin"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting vulnerabilities in Webmin versions prior to 1.830 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96227",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96227"
},
{
"name": "https://github.com/webmin/webmin/commit/475cc4fbdf51c865b291d252d81a58bad05de0c7",
"refsource": "MISC",
"url": "https://github.com/webmin/webmin/commit/475cc4fbdf51c865b291d252d81a58bad05de0c7"
},
{
"name": "JVN#34207650",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN34207650/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2106",
"datePublished": "2017-04-28T16:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T13:39:32.276Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-0582
Vulnerability from cvelistv5
Published
2004-06-23 04:00
Modified
2024-08-08 00:24
Severity ?
EPSS score ?
Summary
Unknown vulnerability in Webmin 1.140 allows remote attackers to bypass access control rules and gain read access to configuration information for a module.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/10474 | vdb-entry, x_refsource_BID | |
| http://www.debian.org/security/2004/dsa-526 | vendor-advisory, x_refsource_DEBIAN | |
| http://marc.info/?l=bugtraq&m=108697184602191&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:074 | vendor-advisory, x_refsource_MANDRAKE | |
| http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000848 | vendor-advisory, x_refsource_CONECTIVA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/16333 | vdb-entry, x_refsource_XF | |
| http://www.webmin.com/changes-1.150.html | x_refsource_CONFIRM | |
| http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/74_e.html | x_refsource_MISC | |
| http://www.gentoo.org/security/en/glsa/glsa-200406-12.xml | vendor-advisory, x_refsource_GENTOO | |
| http://www.securityfocus.com/bid/10522 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:24:26.361Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "10474",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10474"
},
{
"name": "DSA-526",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2004/dsa-526"
},
{
"name": "20040611 [SNS Advisory No.74] Webmin Access Control Rule Bypass Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108697184602191\u0026w=2"
},
{
"name": "MDKSA-2004:074",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:074"
},
{
"name": "CLA-2004:848",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000848"
},
{
"name": "webmin-bypass-security(16333)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16333"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.webmin.com/changes-1.150.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/74_e.html"
},
{
"name": "GLSA-200406-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200406-12.xml"
},
{
"name": "10522",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10522"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-06-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unknown vulnerability in Webmin 1.140 allows remote attackers to bypass access control rules and gain read access to configuration information for a module."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "10474",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10474"
},
{
"name": "DSA-526",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2004/dsa-526"
},
{
"name": "20040611 [SNS Advisory No.74] Webmin Access Control Rule Bypass Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108697184602191\u0026w=2"
},
{
"name": "MDKSA-2004:074",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:074"
},
{
"name": "CLA-2004:848",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000848"
},
{
"name": "webmin-bypass-security(16333)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16333"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.webmin.com/changes-1.150.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/74_e.html"
},
{
"name": "GLSA-200406-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200406-12.xml"
},
{
"name": "10522",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10522"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0582",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unknown vulnerability in Webmin 1.140 allows remote attackers to bypass access control rules and gain read access to configuration information for a module."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "10474",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10474"
},
{
"name": "DSA-526",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2004/dsa-526"
},
{
"name": "20040611 [SNS Advisory No.74] Webmin Access Control Rule Bypass Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108697184602191\u0026w=2"
},
{
"name": "MDKSA-2004:074",
"refsource": "MANDRAKE",
"url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:074"
},
{
"name": "CLA-2004:848",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000848"
},
{
"name": "webmin-bypass-security(16333)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16333"
},
{
"name": "http://www.webmin.com/changes-1.150.html",
"refsource": "CONFIRM",
"url": "http://www.webmin.com/changes-1.150.html"
},
{
"name": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/74_e.html",
"refsource": "MISC",
"url": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/74_e.html"
},
{
"name": "GLSA-200406-12",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200406-12.xml"
},
{
"name": "10522",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10522"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0582",
"datePublished": "2004-06-23T04:00:00",
"dateReserved": "2004-06-18T00:00:00",
"dateUpdated": "2024-08-08T00:24:26.361Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-38310
Vulnerability from cvelistv5
Published
2023-07-31 00:00
Modified
2024-10-22 17:48
Severity ?
EPSS score ?
Summary
An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the configuration settings of the system logs functionality. The vulnerability allows an attacker to store an XSS payload in the configuration settings of specific log files. This results in the execution of that payload whenever the affected log files are accessed.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:39:12.615Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://webmin.com/tags/webmin-changelog/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38310"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38310",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T17:48:43.034415Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T17:48:55.099Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the configuration settings of the system logs functionality. The vulnerability allows an attacker to store an XSS payload in the configuration settings of specific log files. This results in the execution of that payload whenever the affected log files are accessed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-31T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://webmin.com/tags/webmin-changelog/"
},
{
"url": "https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38310"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-38310",
"datePublished": "2023-07-31T00:00:00",
"dateReserved": "2023-07-14T00:00:00",
"dateUpdated": "2024-10-22T17:48:55.099Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-0720
Vulnerability from cvelistv5
Published
2008-02-12 01:00
Modified
2024-08-07 07:54
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Webmin 1.370 and 1.390 and Usermin 1.300 and 1.320 allows remote attackers to inject arbitrary web script or HTML via the search parameter to webmin_search.cgi (aka the search section), and possibly other components accessed through a "search box" or "open file box." NOTE: some of these details are obtained from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/487678/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://secunia.com/advisories/28827 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/27662 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/487656/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.vupen.com/english/advisories/2008/0450 | vdb-entry, x_refsource_VUPEN | |
| http://forum.aria-security.net/showthread.php?t=511 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:54:23.199Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20080206 Re: Tested on Webmin 1.390",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/487678/100/0/threaded"
},
{
"name": "28827",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28827"
},
{
"name": "27662",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27662"
},
{
"name": "20080206 Tested on Webmin 1.390",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/487656/100/0/threaded"
},
{
"name": "ADV-2008-0450",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0450"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://forum.aria-security.net/showthread.php?t=511"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Webmin 1.370 and 1.390 and Usermin 1.300 and 1.320 allows remote attackers to inject arbitrary web script or HTML via the search parameter to webmin_search.cgi (aka the search section), and possibly other components accessed through a \"search box\" or \"open file box.\" NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20080206 Re: Tested on Webmin 1.390",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/487678/100/0/threaded"
},
{
"name": "28827",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28827"
},
{
"name": "27662",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27662"
},
{
"name": "20080206 Tested on Webmin 1.390",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/487656/100/0/threaded"
},
{
"name": "ADV-2008-0450",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0450"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://forum.aria-security.net/showthread.php?t=511"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0720",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Webmin 1.370 and 1.390 and Usermin 1.300 and 1.320 allows remote attackers to inject arbitrary web script or HTML via the search parameter to webmin_search.cgi (aka the search section), and possibly other components accessed through a \"search box\" or \"open file box.\" NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20080206 Re: Tested on Webmin 1.390",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/487678/100/0/threaded"
},
{
"name": "28827",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28827"
},
{
"name": "27662",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27662"
},
{
"name": "20080206 Tested on Webmin 1.390",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/487656/100/0/threaded"
},
{
"name": "ADV-2008-0450",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0450"
},
{
"name": "http://forum.aria-security.net/showthread.php?t=511",
"refsource": "MISC",
"url": "http://forum.aria-security.net/showthread.php?t=511"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0720",
"datePublished": "2008-02-12T01:00:00",
"dateReserved": "2008-02-11T00:00:00",
"dateUpdated": "2024-08-07T07:54:23.199Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-1947
Vulnerability from cvelistv5
Published
2005-06-28 04:00
Modified
2024-08-08 03:43
Severity ?
EPSS score ?
Summary
Webmin 0.21 through 1.0 uses the same built-in SSL key for all installations, which allows remote attackers to eavesdrop or highjack the SSL session.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.iss.net/security_center/static/10381.php | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/5936 | vdb-entry, x_refsource_BID | |
| ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02%3A06.asc | vendor-advisory, x_refsource_FREEBSD | |
| http://www.webmin.com/changes.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:43:33.788Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "webmin-identical-ssl-keys(10381)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/10381.php"
},
{
"name": "5936",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5936"
},
{
"name": "FreeBSD-SA-02:06",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02%3A06.asc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.webmin.com/changes.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-10-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Webmin 0.21 through 1.0 uses the same built-in SSL key for all installations, which allows remote attackers to eavesdrop or highjack the SSL session."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-15T16:39:43",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "webmin-identical-ssl-keys(10381)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/10381.php"
},
{
"name": "5936",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5936"
},
{
"name": "FreeBSD-SA-02:06",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02%3A06.asc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.webmin.com/changes.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1947",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Webmin 0.21 through 1.0 uses the same built-in SSL key for all installations, which allows remote attackers to eavesdrop or highjack the SSL session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "webmin-identical-ssl-keys(10381)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10381.php"
},
{
"name": "5936",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5936"
},
{
"name": "FreeBSD-SA-02:06",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02%3A06.asc"
},
{
"name": "http://www.webmin.com/changes.html",
"refsource": "CONFIRM",
"url": "http://www.webmin.com/changes.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1947",
"datePublished": "2005-06-28T04:00:00",
"dateReserved": "2005-06-29T00:00:00",
"dateUpdated": "2024-08-08T03:43:33.788Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-1276
Vulnerability from cvelistv5
Published
2007-03-05 20:00
Modified
2024-08-07 12:50
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in chooser.cgi in Webmin before 1.330 and Usermin before 1.260 allow remote attackers to inject arbitrary web script or HTML via a crafted filename.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.webmin.com/security.html | x_refsource_CONFIRM | |
| http://osvdb.org/33832 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/24321 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2007/0780 | vdb-entry, x_refsource_VUPEN | |
| http://www.securitytracker.com/id?1017711 | vdb-entry, x_refsource_SECTRACK | |
| http://www.webmin.com/changes-1.330.html | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/32725 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:50:34.879Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.webmin.com/security.html"
},
{
"name": "33832",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/33832"
},
{
"name": "24321",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24321"
},
{
"name": "ADV-2007-0780",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0780"
},
{
"name": "1017711",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017711"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.webmin.com/changes-1.330.html"
},
{
"name": "webmin-chooser-xss(32725)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32725"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-02-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in chooser.cgi in Webmin before 1.330 and Usermin before 1.260 allow remote attackers to inject arbitrary web script or HTML via a crafted filename."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.webmin.com/security.html"
},
{
"name": "33832",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/33832"
},
{
"name": "24321",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24321"
},
{
"name": "ADV-2007-0780",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0780"
},
{
"name": "1017711",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017711"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.webmin.com/changes-1.330.html"
},
{
"name": "webmin-chooser-xss(32725)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32725"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1276",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in chooser.cgi in Webmin before 1.330 and Usermin before 1.260 allow remote attackers to inject arbitrary web script or HTML via a crafted filename."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.webmin.com/security.html",
"refsource": "CONFIRM",
"url": "http://www.webmin.com/security.html"
},
{
"name": "33832",
"refsource": "OSVDB",
"url": "http://osvdb.org/33832"
},
{
"name": "24321",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24321"
},
{
"name": "ADV-2007-0780",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0780"
},
{
"name": "1017711",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017711"
},
{
"name": "http://www.webmin.com/changes-1.330.html",
"refsource": "CONFIRM",
"url": "http://www.webmin.com/changes-1.330.html"
},
{
"name": "webmin-chooser-xss(32725)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32725"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1276",
"datePublished": "2007-03-05T20:00:00",
"dateReserved": "2007-03-05T00:00:00",
"dateUpdated": "2024-08-07T12:50:34.879Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36880
Vulnerability from cvelistv5
Published
2022-07-27 03:32
Modified
2024-08-03 10:14
Severity ?
EPSS score ?
Summary
The Read Mail module in Webmin 1.995 and Usermin through 1.850 allows XSS via a crafted HTML e-mail message.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.webmin.com/security.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:14:29.054Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.webmin.com/security.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Read Mail module in Webmin 1.995 and Usermin through 1.850 allows XSS via a crafted HTML e-mail message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-27T03:32:30",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.webmin.com/security.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36880",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Read Mail module in Webmin 1.995 and Usermin through 1.850 allows XSS via a crafted HTML e-mail message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.webmin.com/security.html",
"refsource": "MISC",
"url": "https://www.webmin.com/security.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36880",
"datePublished": "2022-07-27T03:32:30",
"dateReserved": "2022-07-27T00:00:00",
"dateUpdated": "2024-08-03T10:14:29.054Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-40982
Vulnerability from cvelistv5
Published
2023-09-15 00:00
Modified
2024-09-25 18:08
Severity ?
EPSS score ?
Summary
A stored cross-site scripting (XSS) vulnerability in Webmin v2.100 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cloned module name parameter.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:46:11.151Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://webmin.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Vi39/Webmin-2.100/blob/main/CVE-2023-40982"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40982",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T18:07:28.649592Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T18:08:00.827Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting (XSS) vulnerability in Webmin v2.100 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cloned module name parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-15T02:56:27.452798",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://webmin.com"
},
{
"url": "https://github.com/Vi39/Webmin-2.100/blob/main/CVE-2023-40982"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-40982",
"datePublished": "2023-09-15T00:00:00",
"dateReserved": "2023-08-22T00:00:00",
"dateUpdated": "2024-09-25T18:08:00.827Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2001-1196
Vulnerability from cvelistv5
Published
2002-03-15 05:00
Modified
2024-08-08 04:44
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in edit_action.cgi of Webmin Directory 0.91 allows attackers to gain privileges via a '..' (dot dot) in the argument.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.iss.net/security_center/static/7711.php | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/245980 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/3698 | vdb-entry, x_refsource_BID | |
| http://marc.info/?l=webmin-l&m=100865390306103&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:44:08.283Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "webmin-dot-directory-traversal(7711)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/7711.php"
},
{
"name": "20011217 webmin 0.91 ../.. problem",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/245980"
},
{
"name": "3698",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3698"
},
{
"name": "20011218 Re: webmin 0.91 ../.. problem",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=webmin-l\u0026m=100865390306103\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-12-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in edit_action.cgi of Webmin Directory 0.91 allows attackers to gain privileges via a \u0027..\u0027 (dot dot) in the argument."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "webmin-dot-directory-traversal(7711)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/7711.php"
},
{
"name": "20011217 webmin 0.91 ../.. problem",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/245980"
},
{
"name": "3698",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3698"
},
{
"name": "20011218 Re: webmin 0.91 ../.. problem",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=webmin-l\u0026m=100865390306103\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1196",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in edit_action.cgi of Webmin Directory 0.91 allows attackers to gain privileges via a \u0027..\u0027 (dot dot) in the argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "webmin-dot-directory-traversal(7711)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/7711.php"
},
{
"name": "20011217 webmin 0.91 ../.. problem",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/245980"
},
{
"name": "3698",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3698"
},
{
"name": "20011218 Re: webmin 0.91 ../.. problem",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=webmin-l\u0026m=100865390306103\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1196",
"datePublished": "2002-03-15T05:00:00",
"dateReserved": "2002-03-15T00:00:00",
"dateUpdated": "2024-08-08T04:44:08.283Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-3885
Vulnerability from cvelistv5
Published
2014-07-20 10:00
Modified
2024-08-06 10:57
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Webmin before 1.690 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2014-3924.
References
| ▼ | URL | Tags |
|---|---|---|
| http://jvndb.jvn.jp/jvndb/JVNDB-2014-000059 | third-party-advisory, x_refsource_JVNDB | |
| http://jvn.jp/en/jp/JVN49974594/index.html | third-party-advisory, x_refsource_JVN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:57:17.927Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVNDB-2014-000059",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000059"
},
{
"name": "JVN#49974594",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN49974594/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Webmin before 1.690 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2014-3924."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-07-20T06:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVNDB-2014-000059",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000059"
},
{
"name": "JVN#49974594",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN49974594/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2014-3885",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Webmin before 1.690 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2014-3924."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2014-000059",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000059"
},
{
"name": "JVN#49974594",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN49974594/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2014-3885",
"datePublished": "2014-07-20T10:00:00",
"dateReserved": "2014-05-27T00:00:00",
"dateUpdated": "2024-08-06T10:57:17.927Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-32161
Vulnerability from cvelistv5
Published
2022-04-11 05:45
Modified
2024-08-03 23:17
Severity ?
EPSS score ?
Summary
A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 through the File Manager feature.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/Mesh3l911/CVE-2021-32161 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:17:29.102Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Mesh3l911/CVE-2021-32161"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 through the File Manager feature."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-11T05:45:24",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Mesh3l911/CVE-2021-32161"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-32161",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 through the File Manager feature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Mesh3l911/CVE-2021-32161",
"refsource": "MISC",
"url": "https://github.com/Mesh3l911/CVE-2021-32161"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-32161",
"datePublished": "2022-04-11T05:45:24",
"dateReserved": "2021-05-07T00:00:00",
"dateUpdated": "2024-08-03T23:17:29.102Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36446
Vulnerability from cvelistv5
Published
2022-07-25 05:56
Modified
2024-08-03 10:07
Severity ?
EPSS score ?
Summary
software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/webmin/webmin/commit/13f7bf9621a82d93f1e9dbd838d1e22020221bde | x_refsource_MISC | |
| https://github.com/webmin/webmin/compare/1.996...1.997 | x_refsource_MISC | |
| http://packetstormsecurity.com/files/167894/Webmin-1.996-Remote-Code-Execution.html | x_refsource_MISC | |
| https://www.exploit-db.com/exploits/50998 | x_refsource_MISC | |
| https://gist.github.com/emirpolatt/cf19d6c0128fa3e25ebb47e09243919b | x_refsource_MISC | |
| http://packetstormsecurity.com/files/168049/Webmin-Package-Updates-Command-Injection.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:07:34.060Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/webmin/webmin/commit/13f7bf9621a82d93f1e9dbd838d1e22020221bde"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/webmin/webmin/compare/1.996...1.997"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/167894/Webmin-1.996-Remote-Code-Execution.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/50998"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/emirpolatt/cf19d6c0128fa3e25ebb47e09243919b"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/168049/Webmin-Package-Updates-Command-Injection.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-10T17:06:16",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/webmin/webmin/commit/13f7bf9621a82d93f1e9dbd838d1e22020221bde"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/webmin/webmin/compare/1.996...1.997"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/167894/Webmin-1.996-Remote-Code-Execution.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.exploit-db.com/exploits/50998"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/emirpolatt/cf19d6c0128fa3e25ebb47e09243919b"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/168049/Webmin-Package-Updates-Command-Injection.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-36446",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/webmin/webmin/commit/13f7bf9621a82d93f1e9dbd838d1e22020221bde",
"refsource": "MISC",
"url": "https://github.com/webmin/webmin/commit/13f7bf9621a82d93f1e9dbd838d1e22020221bde"
},
{
"name": "https://github.com/webmin/webmin/compare/1.996...1.997",
"refsource": "MISC",
"url": "https://github.com/webmin/webmin/compare/1.996...1.997"
},
{
"name": "http://packetstormsecurity.com/files/167894/Webmin-1.996-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/167894/Webmin-1.996-Remote-Code-Execution.html"
},
{
"name": "https://www.exploit-db.com/exploits/50998",
"refsource": "MISC",
"url": "https://www.exploit-db.com/exploits/50998"
},
{
"name": "https://gist.github.com/emirpolatt/cf19d6c0128fa3e25ebb47e09243919b",
"refsource": "MISC",
"url": "https://gist.github.com/emirpolatt/cf19d6c0128fa3e25ebb47e09243919b"
},
{
"name": "http://packetstormsecurity.com/files/168049/Webmin-Package-Updates-Command-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/168049/Webmin-Package-Updates-Command-Injection.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-36446",
"datePublished": "2022-07-25T05:56:47",
"dateReserved": "2022-07-25T00:00:00",
"dateUpdated": "2024-08-03T10:07:34.060Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-1377
Vulnerability from cvelistv5
Published
2015-02-10 20:00
Modified
2024-08-06 04:40
Severity ?
EPSS score ?
Summary
The Read Mail module in Webmin 1.720 allows local users to read arbitrary files via a symlink attack on an unspecified file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.webmin.com/security.html | x_refsource_CONFIRM | |
| http://www.webmin.com/changes.html | x_refsource_CONFIRM | |
| http://secunia.com/advisories/62157 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T04:40:18.586Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.webmin.com/security.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.webmin.com/changes.html"
},
{
"name": "62157",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/62157"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Read Mail module in Webmin 1.720 allows local users to read arbitrary files via a symlink attack on an unspecified file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-02-10T19:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.webmin.com/security.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.webmin.com/changes.html"
},
{
"name": "62157",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/62157"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1377",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Read Mail module in Webmin 1.720 allows local users to read arbitrary files via a symlink attack on an unspecified file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.webmin.com/security.html",
"refsource": "CONFIRM",
"url": "http://www.webmin.com/security.html"
},
{
"name": "http://www.webmin.com/changes.html",
"refsource": "CONFIRM",
"url": "http://www.webmin.com/changes.html"
},
{
"name": "62157",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62157"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-1377",
"datePublished": "2015-02-10T20:00:00",
"dateReserved": "2015-01-27T00:00:00",
"dateUpdated": "2024-08-06T04:40:18.586Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-2201
Vulnerability from cvelistv5
Published
2005-11-16 21:17
Modified
2024-09-16 18:56
Severity ?
EPSS score ?
Summary
The Printer Administration module for Webmin 0.990 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the printer name.
References
| ▼ | URL | Tags |
|---|---|---|
| ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:05.asc | vendor-advisory, x_refsource_FREEBSD | |
| http://www.iss.net/security_center/static/10052.php | vdb-entry, x_refsource_XF | |
| http://www.webmin.com/updates.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:51:17.630Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FreeBSD-SN-02:05",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:05.asc"
},
{
"name": "webmin-printer-shell-commands(10052)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/10052.php"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.webmin.com/updates.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Printer Administration module for Webmin 0.990 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the printer name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-16T21:17:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FreeBSD-SN-02:05",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:05.asc"
},
{
"name": "webmin-printer-shell-commands(10052)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/10052.php"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.webmin.com/updates.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2201",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Printer Administration module for Webmin 0.990 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the printer name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FreeBSD-SN-02:05",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:05.asc"
},
{
"name": "webmin-printer-shell-commands(10052)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10052.php"
},
{
"name": "http://www.webmin.com/updates.html",
"refsource": "CONFIRM",
"url": "http://www.webmin.com/updates.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-2201",
"datePublished": "2005-11-16T21:17:00Z",
"dateReserved": "2005-11-16T00:00:00Z",
"dateUpdated": "2024-09-16T18:56:10.934Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-0756
Vulnerability from cvelistv5
Published
2002-07-26 04:00
Modified
2024-08-08 03:03
Severity ?
EPSS score ?
Summary
Cross-site scripting vulnerability in the authentication page for (1) Webmin 0.96 and (2) Usermin 0.90 allows remote attackers to insert script into an error page and possibly steal cookies.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.iss.net/security_center/static/9036.php | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/4694 | vdb-entry, x_refsource_BID | |
| http://archives.neohapsis.com/archives/bugtraq/2002-05/0040.html | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:03:47.965Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "webmin-usermin-authpage-css(9036)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9036.php"
},
{
"name": "4694",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4694"
},
{
"name": "20020508 [SNS Advisory No.52] Webmin/Usermin Cross-site Scripting Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-05/0040.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-05-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in the authentication page for (1) Webmin 0.96 and (2) Usermin 0.90 allows remote attackers to insert script into an error page and possibly steal cookies."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-07-31T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "webmin-usermin-authpage-css(9036)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9036.php"
},
{
"name": "4694",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4694"
},
{
"name": "20020508 [SNS Advisory No.52] Webmin/Usermin Cross-site Scripting Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-05/0040.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0756",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in the authentication page for (1) Webmin 0.96 and (2) Usermin 0.90 allows remote attackers to insert script into an error page and possibly steal cookies."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "webmin-usermin-authpage-css(9036)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9036.php"
},
{
"name": "4694",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4694"
},
{
"name": "20020508 [SNS Advisory No.52] Webmin/Usermin Cross-site Scripting Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-05/0040.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0756",
"datePublished": "2002-07-26T04:00:00",
"dateReserved": "2002-07-25T00:00:00",
"dateUpdated": "2024-08-08T03:03:47.965Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-0824
Vulnerability from cvelistv5
Published
2022-03-02 00:00
Modified
2024-08-02 23:40
Severity ?
EPSS score ?
Summary
Improper Access Control to Remote Code Execution in GitHub repository webmin/webmin prior to 1.990.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | webmin | webmin/webmin |
Version: unspecified < 1.990 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:40:04.370Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/d0049a96-de90-4b1a-9111-94de1044f295"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/webmin/webmin/commit/39ea464f0c40b325decd6a5bfb7833fa4a142e38"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/166240/Webmin-1.984-Remote-Code-Execution.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://notes.netbytesec.com/2022/03/webmin-broken-access-control-to-post-auth-rce.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/169700/Webmin-1.984-File-Manager-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "webmin/webmin",
"vendor": "webmin",
"versions": [
{
"lessThan": "1.990",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Access Control to Remote Code Execution in GitHub repository webmin/webmin prior to 1.990."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-02T00:00:00",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/d0049a96-de90-4b1a-9111-94de1044f295"
},
{
"url": "https://github.com/webmin/webmin/commit/39ea464f0c40b325decd6a5bfb7833fa4a142e38"
},
{
"url": "http://packetstormsecurity.com/files/166240/Webmin-1.984-Remote-Code-Execution.html"
},
{
"url": "https://notes.netbytesec.com/2022/03/webmin-broken-access-control-to-post-auth-rce.html"
},
{
"url": "http://packetstormsecurity.com/files/169700/Webmin-1.984-File-Manager-Remote-Code-Execution.html"
}
],
"source": {
"advisory": "d0049a96-de90-4b1a-9111-94de1044f295",
"discovery": "EXTERNAL"
},
"title": "Improper Access Control to Remote Code Execution in webmin/webmin"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0824",
"datePublished": "2022-03-02T00:00:00",
"dateReserved": "2022-03-02T00:00:00",
"dateUpdated": "2024-08-02T23:40:04.370Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-3844
Vulnerability from cvelistv5
Published
2022-11-02 00:00
Modified
2024-08-03 01:20
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
EPSS score ?
Summary
A vulnerability, which was classified as problematic, was found in Webmin 2.001. Affected is an unknown function of the file xterm/index.cgi. The manipulation leads to basic cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.003 is able to address this issue. The patch is identified as d3d33af3c0c3fd3a889c84e287a038b7a457d811. It is recommended to upgrade the affected component. VDB-212862 is the identifier assigned to this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.212862 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.212862 | signature, permissions-required | |
| https://github.com/webmin/webmin/commit/d3d33af3c0c3fd3a889c84e287a038b7a457d811 | patch | |
| https://github.com/webmin/webmin/releases/tag/2.003 | patch |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3844",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-18T18:29:08.700113Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-18T18:29:15.421Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:20:59.104Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.212862"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.212862"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/webmin/webmin/commit/d3d33af3c0c3fd3a889c84e287a038b7a457d811"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/webmin/webmin/releases/tag/2.003"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Webmin",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "2.001"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "tool",
"value": "VulDB GitHub Commit Analyzer"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in Webmin 2.001. Affected is an unknown function of the file xterm/index.cgi. The manipulation leads to basic cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.003 is able to address this issue. The patch is identified as d3d33af3c0c3fd3a889c84e287a038b7a457d811. It is recommended to upgrade the affected component. VDB-212862 is the identifier assigned to this vulnerability."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in Webmin 2.001 gefunden. Sie wurde als problematisch eingestuft. Es geht dabei um eine nicht klar definierte Funktion der Datei xterm/index.cgi. Dank Manipulation mit unbekannten Daten kann eine basic cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Ein Aktualisieren auf die Version 2.003 vermag dieses Problem zu l\u00f6sen. Der Patch wird als d3d33af3c0c3fd3a889c84e287a038b7a457d811 bezeichnet. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80 Basic Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-20T14:05:09.047Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.212862"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.212862"
},
{
"tags": [
"patch"
],
"url": "https://github.com/webmin/webmin/commit/d3d33af3c0c3fd3a889c84e287a038b7a457d811"
},
{
"tags": [
"patch"
],
"url": "https://github.com/webmin/webmin/releases/tag/2.003"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-11-02T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2022-11-02T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2022-11-02T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-01-26T15:32:36.000Z",
"value": "VulDB entry last update"
}
],
"title": "Webmin index.cgi cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2022-3844",
"datePublished": "2022-11-02T00:00:00",
"dateReserved": "2022-11-02T00:00:00",
"dateUpdated": "2024-08-03T01:20:59.104Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-52046
Vulnerability from cvelistv5
Published
2024-01-25 00:00
Modified
2024-08-02 22:48
Severity ?
EPSS score ?
Summary
Cross Site Scripting vulnerability (XSS) in webmin v.2.105 and earlier allows a remote attacker to execute arbitrary code via a crafted payload to the "Execute cron job as" tab Input field.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:48:12.150Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Acklee/webadmin_xss/blob/main/xss.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability (XSS) in webmin v.2.105 and earlier allows a remote attacker to execute arbitrary code via a crafted payload to the \"Execute cron job as\" tab Input field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-25T20:41:07.313041",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Acklee/webadmin_xss/blob/main/xss.md"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-52046",
"datePublished": "2024-01-25T00:00:00",
"dateReserved": "2023-12-26T00:00:00",
"dateUpdated": "2024-08-02T22:48:12.150Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-40983
Vulnerability from cvelistv5
Published
2023-09-15 00:00
Modified
2024-09-25 15:44
Severity ?
EPSS score ?
Summary
A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Find in Results file.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:46:11.526Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://webmin.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Vi39/Webmin-2.100/blob/main/CVE-2023-40983"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40983",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T15:44:01.053063Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T15:44:40.955Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Find in Results file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-15T03:30:25.027954",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://webmin.com"
},
{
"url": "https://github.com/Vi39/Webmin-2.100/blob/main/CVE-2023-40983"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-40983",
"datePublished": "2023-09-15T00:00:00",
"dateReserved": "2023-08-22T00:00:00",
"dateUpdated": "2024-09-25T15:44:40.955Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-4568
Vulnerability from cvelistv5
Published
2010-01-05 18:31
Modified
2024-08-07 07:08
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Webmin before 1.500 and Usermin before 1.430 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.webmin.com/security.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/37259 | vdb-entry, x_refsource_BID | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2010:036 | vendor-advisory, x_refsource_MANDRIVA | |
| http://secunia.com/advisories/37648 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2009/3457 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:08:38.108Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.webmin.com/security.html"
},
{
"name": "37259",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37259"
},
{
"name": "MDVSA-2010:036",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:036"
},
{
"name": "37648",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37648"
},
{
"name": "ADV-2009-3457",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3457"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-12-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Webmin before 1.500 and Usermin before 1.430 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-02-24T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.webmin.com/security.html"
},
{
"name": "37259",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37259"
},
{
"name": "MDVSA-2010:036",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:036"
},
{
"name": "37648",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37648"
},
{
"name": "ADV-2009-3457",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3457"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4568",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Webmin before 1.500 and Usermin before 1.430 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.webmin.com/security.html",
"refsource": "CONFIRM",
"url": "http://www.webmin.com/security.html"
},
{
"name": "37259",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37259"
},
{
"name": "MDVSA-2010:036",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:036"
},
{
"name": "37648",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37648"
},
{
"name": "ADV-2009-3457",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3457"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4568",
"datePublished": "2010-01-05T18:31:00",
"dateReserved": "2010-01-05T00:00:00",
"dateUpdated": "2024-08-07T07:08:38.108Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-3156
Vulnerability from cvelistv5
Published
2007-06-11 22:00
Modified
2024-08-07 14:05
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in pam_login.cgi in Webmin before 1.350 and Usermin before 1.280 allow remote attackers to inject arbitrary web script or HTML via the (1) cid, (2) message, or (3) question parameter. NOTE: some of these details are obtained from third party information.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.webmin.com/security.html | x_refsource_CONFIRM | |
| http://secunia.com/advisories/25785 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2007/2117 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/24381 | vdb-entry, x_refsource_BID | |
| http://www.webmin.com/changes-1.350.html | x_refsource_CONFIRM | |
| http://security.gentoo.org/glsa/glsa-200707-05.xml | vendor-advisory, x_refsource_GENTOO | |
| http://secunia.com/advisories/25580 | third-party-advisory, x_refsource_SECUNIA | |
| http://osvdb.org/36932 | vdb-entry, x_refsource_OSVDB | |
| http://www.mandriva.com/security/advisories?name=MDKSA-2007:135 | vendor-advisory, x_refsource_MANDRIVA | |
| http://secunia.com/advisories/25956 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:05:29.294Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.webmin.com/security.html"
},
{
"name": "25785",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25785"
},
{
"name": "ADV-2007-2117",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2117"
},
{
"name": "24381",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24381"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.webmin.com/changes-1.350.html"
},
{
"name": "GLSA-200707-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200707-05.xml"
},
{
"name": "25580",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25580"
},
{
"name": "36932",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/36932"
},
{
"name": "MDKSA-2007:135",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:135"
},
{
"name": "25956",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25956"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-06-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in pam_login.cgi in Webmin before 1.350 and Usermin before 1.280 allow remote attackers to inject arbitrary web script or HTML via the (1) cid, (2) message, or (3) question parameter. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-06-27T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.webmin.com/security.html"
},
{
"name": "25785",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25785"
},
{
"name": "ADV-2007-2117",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2117"
},
{
"name": "24381",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24381"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.webmin.com/changes-1.350.html"
},
{
"name": "GLSA-200707-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200707-05.xml"
},
{
"name": "25580",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25580"
},
{
"name": "36932",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/36932"
},
{
"name": "MDKSA-2007:135",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:135"
},
{
"name": "25956",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25956"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3156",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in pam_login.cgi in Webmin before 1.350 and Usermin before 1.280 allow remote attackers to inject arbitrary web script or HTML via the (1) cid, (2) message, or (3) question parameter. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.webmin.com/security.html",
"refsource": "CONFIRM",
"url": "http://www.webmin.com/security.html"
},
{
"name": "25785",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25785"
},
{
"name": "ADV-2007-2117",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2117"
},
{
"name": "24381",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24381"
},
{
"name": "http://www.webmin.com/changes-1.350.html",
"refsource": "CONFIRM",
"url": "http://www.webmin.com/changes-1.350.html"
},
{
"name": "GLSA-200707-05",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200707-05.xml"
},
{
"name": "25580",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25580"
},
{
"name": "36932",
"refsource": "OSVDB",
"url": "http://osvdb.org/36932"
},
{
"name": "MDKSA-2007:135",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:135"
},
{
"name": "25956",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25956"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3156",
"datePublished": "2007-06-11T22:00:00",
"dateReserved": "2007-06-11T00:00:00",
"dateUpdated": "2024-08-07T14:05:29.294Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-45692
Vulnerability from cvelistv5
Published
2024-09-04 00:00
Modified
2024-09-05 13:43
Severity ?
EPSS score ?
Summary
Webmin before 2.202 and Virtualmin before 7.20.2 allow a network traffic loop via spoofed UDP packets on port 10000.
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "webmin",
"vendor": "webmin",
"versions": [
{
"lessThan": "2.202",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:virtualmin:virtualmin:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "virtualmin",
"vendor": "virtualmin",
"versions": [
{
"lessThan": "7.20.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-45692",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T13:39:24.498078Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835 Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T13:43:51.165Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Webmin before 2.202 and Virtualmin before 7.20.2 allow a network traffic loop via spoofed UDP packets on port 10000."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-04T23:11:49.503438",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://cispa.de/en/loop-dos"
},
{
"url": "https://webmin.com"
},
{
"url": "https://www.openwall.com/lists/oss-security/2024/09/04/1"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-45692",
"datePublished": "2024-09-04T00:00:00",
"dateReserved": "2024-09-04T00:00:00",
"dateUpdated": "2024-09-05T13:43:51.165Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-9624
Vulnerability from cvelistv5
Published
2019-03-07 05:00
Modified
2024-08-04 21:54
Severity ?
EPSS score ?
Summary
Webmin 1.900 allows remote attackers to execute arbitrary code by leveraging the "Java file manager" and "Upload and Download" privileges to upload a crafted .cgi file via the /updown/upload.cgi URI.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.exploit-db.com/exploits/46201 | exploit, x_refsource_EXPLOIT-DB | |
| https://pentest.com.tr/exploits/Webmin-1900-Remote-Command-Execution.html | x_refsource_MISC | |
| http://www.rapid7.com/db/modules/exploit/unix/webapp/webmin_upload_exec | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:54:45.440Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "46201",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/46201"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pentest.com.tr/exploits/Webmin-1900-Remote-Command-Execution.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.rapid7.com/db/modules/exploit/unix/webapp/webmin_upload_exec"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-03-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Webmin 1.900 allows remote attackers to execute arbitrary code by leveraging the \"Java file manager\" and \"Upload and Download\" privileges to upload a crafted .cgi file via the /updown/upload.cgi URI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-22T09:06:10",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "46201",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/46201"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pentest.com.tr/exploits/Webmin-1900-Remote-Command-Execution.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.rapid7.com/db/modules/exploit/unix/webapp/webmin_upload_exec"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9624",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Webmin 1.900 allows remote attackers to execute arbitrary code by leveraging the \"Java file manager\" and \"Upload and Download\" privileges to upload a crafted .cgi file via the /updown/upload.cgi URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "46201",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/46201"
},
{
"name": "https://pentest.com.tr/exploits/Webmin-1900-Remote-Command-Execution.html",
"refsource": "MISC",
"url": "https://pentest.com.tr/exploits/Webmin-1900-Remote-Command-Execution.html"
},
{
"name": "http://www.rapid7.com/db/modules/exploit/unix/webapp/webmin_upload_exec",
"refsource": "MISC",
"url": "http://www.rapid7.com/db/modules/exploit/unix/webapp/webmin_upload_exec"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-9624",
"datePublished": "2019-03-07T05:00:00",
"dateReserved": "2019-03-06T00:00:00",
"dateUpdated": "2024-08-04T21:54:45.440Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2001-0222
Vulnerability from cvelistv5
Published
2001-05-07 04:00
Modified
2024-08-08 04:14
Severity ?
EPSS score ?
Summary
webmin 0.84 and earlier allows local users to overwrite and create arbitrary files via a symlink attack.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-016.php3 | vendor-advisory, x_refsource_MANDRAKE | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/6011 | vdb-entry, x_refsource_XF | |
| http://www.calderasystems.com/support/security/advisories/CSSA-2001-004.0.txt | vendor-advisory, x_refsource_CALDERA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:14:07.182Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDKSA-2001-016",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-016.php3"
},
{
"name": "linux-webmin-tmpfiles(6011)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6011"
},
{
"name": "CSSA-2001-004.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA",
"x_transferred"
],
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2001-004.0.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-01-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "webmin 0.84 and earlier allows local users to overwrite and create arbitrary files via a symlink attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "MDKSA-2001-016",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-016.php3"
},
{
"name": "linux-webmin-tmpfiles(6011)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6011"
},
{
"name": "CSSA-2001-004.0",
"tags": [
"vendor-advisory",
"x_refsource_CALDERA"
],
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2001-004.0.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0222",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "webmin 0.84 and earlier allows local users to overwrite and create arbitrary files via a symlink attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDKSA-2001-016",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-016.php3"
},
{
"name": "linux-webmin-tmpfiles(6011)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6011"
},
{
"name": "CSSA-2001-004.0",
"refsource": "CALDERA",
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2001-004.0.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0222",
"datePublished": "2001-05-07T04:00:00",
"dateReserved": "2001-03-08T00:00:00",
"dateUpdated": "2024-08-08T04:14:07.182Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-3924
Vulnerability from cvelistv5
Published
2014-05-30 14:00
Modified
2024-08-06 10:57
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Webmin before 1.690 and Usermin before 1.600 allow remote attackers to inject arbitrary web script or HTML via vectors related to popup windows.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.webmin.com/changes.html | x_refsource_CONFIRM | |
| http://secunia.com/advisories/58917 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/58919 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/67649 | vdb-entry, x_refsource_BID | |
| http://www.webmin.com/uchanges.html | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id/1030296 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securitytracker.com/id/1030297 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/67647 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:57:18.053Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.webmin.com/changes.html"
},
{
"name": "58917",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/58917"
},
{
"name": "58919",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/58919"
},
{
"name": "67649",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/67649"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.webmin.com/uchanges.html"
},
{
"name": "1030296",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030296"
},
{
"name": "1030297",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1030297"
},
{
"name": "67647",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/67647"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Webmin before 1.690 and Usermin before 1.600 allow remote attackers to inject arbitrary web script or HTML via vectors related to popup windows."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-07-09T12:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.webmin.com/changes.html"
},
{
"name": "58917",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/58917"
},
{
"name": "58919",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/58919"
},
{
"name": "67649",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/67649"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.webmin.com/uchanges.html"
},
{
"name": "1030296",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030296"
},
{
"name": "1030297",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1030297"
},
{
"name": "67647",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/67647"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-3924",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Webmin before 1.690 and Usermin before 1.600 allow remote attackers to inject arbitrary web script or HTML via vectors related to popup windows."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.webmin.com/changes.html",
"refsource": "CONFIRM",
"url": "http://www.webmin.com/changes.html"
},
{
"name": "58917",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58917"
},
{
"name": "58919",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/58919"
},
{
"name": "67649",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67649"
},
{
"name": "http://www.webmin.com/uchanges.html",
"refsource": "CONFIRM",
"url": "http://www.webmin.com/uchanges.html"
},
{
"name": "1030296",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030296"
},
{
"name": "1030297",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1030297"
},
{
"name": "67647",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/67647"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-3924",
"datePublished": "2014-05-30T14:00:00",
"dateReserved": "2014-05-30T00:00:00",
"dateUpdated": "2024-08-06T10:57:18.053Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36450
Vulnerability from cvelistv5
Published
2024-07-10 07:01
Modified
2024-08-02 03:37
Severity ?
EPSS score ?
Summary
Cross-site scripting vulnerability exists in sysinfo.cgi of Webmin versions prior to 1.910. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product. As a result, a session ID may be obtained, a webpage may be altered, or a server may be halted.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-36450",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-10T13:13:12.532819Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T13:13:37.876Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:37:05.132Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://webmin.com/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN81442045/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Webmin",
"vendor": "Webmin",
"versions": [
{
"status": "affected",
"version": "versions prior to 1.910"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability exists in sysinfo.cgi of Webmin versions prior to 1.910. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product. As a result, a session ID may be obtained, a webpage may be altered, or a server may be halted."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting (XSS)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T07:01:07.082Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://webmin.com/"
},
{
"url": "https://jvn.jp/en/jp/JVN81442045/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-36450",
"datePublished": "2024-07-10T07:01:07.082Z",
"dateReserved": "2024-05-28T05:38:38.738Z",
"dateUpdated": "2024-08-02T03:37:05.132Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-31762
Vulnerability from cvelistv5
Published
2021-04-25 18:32
Modified
2024-08-03 23:03
Severity ?
EPSS score ?
Summary
Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to create a privileged user through Webmin's add users feature, and then get a reverse shell through Webmin's running process feature.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/webmin/webmin | x_refsource_MISC | |
| https://youtu.be/qCvEXwyaF5U | x_refsource_MISC | |
| https://github.com/Mesh3l911/CVE-2021-31762 | x_refsource_MISC | |
| https://github.com/electronicbots/CVE-2021-31762 | x_refsource_MISC | |
| http://packetstormsecurity.com/files/163492/Webmin-1.973-Cross-Site-Request-Forgery.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:03:33.704Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/webmin/webmin"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://youtu.be/qCvEXwyaF5U"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Mesh3l911/CVE-2021-31762"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/electronicbots/CVE-2021-31762"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/163492/Webmin-1.973-Cross-Site-Request-Forgery.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to create a privileged user through Webmin\u0027s add users feature, and then get a reverse shell through Webmin\u0027s running process feature."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-14T16:06:16",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/webmin/webmin"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://youtu.be/qCvEXwyaF5U"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Mesh3l911/CVE-2021-31762"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/electronicbots/CVE-2021-31762"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/163492/Webmin-1.973-Cross-Site-Request-Forgery.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-31762",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to create a privileged user through Webmin\u0027s add users feature, and then get a reverse shell through Webmin\u0027s running process feature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/webmin/webmin",
"refsource": "MISC",
"url": "https://github.com/webmin/webmin"
},
{
"name": "https://youtu.be/qCvEXwyaF5U",
"refsource": "MISC",
"url": "https://youtu.be/qCvEXwyaF5U"
},
{
"name": "https://github.com/Mesh3l911/CVE-2021-31762",
"refsource": "MISC",
"url": "https://github.com/Mesh3l911/CVE-2021-31762"
},
{
"name": "https://github.com/electronicbots/CVE-2021-31762",
"refsource": "MISC",
"url": "https://github.com/electronicbots/CVE-2021-31762"
},
{
"name": "http://packetstormsecurity.com/files/163492/Webmin-1.973-Cross-Site-Request-Forgery.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/163492/Webmin-1.973-Cross-Site-Request-Forgery.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-31762",
"datePublished": "2021-04-25T18:32:12",
"dateReserved": "2021-04-23T00:00:00",
"dateUpdated": "2024-08-03T23:03:33.704Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-15645
Vulnerability from cvelistv5
Published
2017-10-19 22:00
Modified
2024-09-16 17:53
Severity ?
EPSS score ?
Summary
CSRF exists in Webmin 1.850. By sending a GET request to at/create_job.cgi containing dir=/&cmd= in the URI, an attacker to execute arbitrary commands.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.webmin.com/security.html | x_refsource_MISC | |
| https://github.com/webmin/webmin/commit/0c58892732ee7610a7abba5507614366d382c9c9 | x_refsource_MISC | |
| https://blogs.securiteam.com/index.php/archives/3430 | x_refsource_MISC | |
| http://www.webmin.com/changes.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:57:27.543Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.webmin.com/security.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/webmin/webmin/commit/0c58892732ee7610a7abba5507614366d382c9c9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blogs.securiteam.com/index.php/archives/3430"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.webmin.com/changes.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CSRF exists in Webmin 1.850. By sending a GET request to at/create_job.cgi containing dir=/\u0026cmd= in the URI, an attacker to execute arbitrary commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-19T22:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.webmin.com/security.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/webmin/webmin/commit/0c58892732ee7610a7abba5507614366d382c9c9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blogs.securiteam.com/index.php/archives/3430"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.webmin.com/changes.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15645",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CSRF exists in Webmin 1.850. By sending a GET request to at/create_job.cgi containing dir=/\u0026cmd= in the URI, an attacker to execute arbitrary commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.webmin.com/security.html",
"refsource": "MISC",
"url": "http://www.webmin.com/security.html"
},
{
"name": "https://github.com/webmin/webmin/commit/0c58892732ee7610a7abba5507614366d382c9c9",
"refsource": "MISC",
"url": "https://github.com/webmin/webmin/commit/0c58892732ee7610a7abba5507614366d382c9c9"
},
{
"name": "https://blogs.securiteam.com/index.php/archives/3430",
"refsource": "MISC",
"url": "https://blogs.securiteam.com/index.php/archives/3430"
},
{
"name": "http://www.webmin.com/changes.html",
"refsource": "MISC",
"url": "http://www.webmin.com/changes.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15645",
"datePublished": "2017-10-19T22:00:00Z",
"dateReserved": "2017-10-19T00:00:00Z",
"dateUpdated": "2024-09-16T17:53:07.920Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-3274
Vulnerability from cvelistv5
Published
2006-06-28 22:00
Modified
2024-08-07 18:23
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in Webmin before 1.280, when run on Windows, allows remote attackers to read arbitrary files via \ (backslash) characters in the URL to certain directories under the web root, such as the image directory.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/438149/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/27366 | vdb-entry, x_refsource_XF | |
| http://www.webmin.com/changes.html | x_refsource_CONFIRM | |
| http://securityreason.com/securityalert/1161 | third-party-advisory, x_refsource_SREASON | |
| http://securitytracker.com/id?1016375 | vdb-entry, x_refsource_SECTRACK | |
| http://secunia.com/advisories/20777 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2006/2493 | vdb-entry, x_refsource_VUPEN | |
| http://jvn.jp/jp/JVN%2367974490/index.html | third-party-advisory, x_refsource_JVN | |
| http://www.securityfocus.com/bid/18613 | vdb-entry, x_refsource_BID | |
| http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/88_e.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:23:21.196Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20060623 [SNS Advisory No.88] Webmin Directory Traversal Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/438149/100/0/threaded"
},
{
"name": "webmin-backslash-directory-traversal(27366)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27366"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.webmin.com/changes.html"
},
{
"name": "1161",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1161"
},
{
"name": "1016375",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016375"
},
{
"name": "20777",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20777"
},
{
"name": "ADV-2006-2493",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2493"
},
{
"name": "JVN#67974490",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/jp/JVN%2367974490/index.html"
},
{
"name": "18613",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18613"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/88_e.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Webmin before 1.280, when run on Windows, allows remote attackers to read arbitrary files via \\ (backslash) characters in the URL to certain directories under the web root, such as the image directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20060623 [SNS Advisory No.88] Webmin Directory Traversal Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/438149/100/0/threaded"
},
{
"name": "webmin-backslash-directory-traversal(27366)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27366"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.webmin.com/changes.html"
},
{
"name": "1161",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1161"
},
{
"name": "1016375",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016375"
},
{
"name": "20777",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20777"
},
{
"name": "ADV-2006-2493",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2493"
},
{
"name": "JVN#67974490",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/jp/JVN%2367974490/index.html"
},
{
"name": "18613",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18613"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/88_e.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3274",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Webmin before 1.280, when run on Windows, allows remote attackers to read arbitrary files via \\ (backslash) characters in the URL to certain directories under the web root, such as the image directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060623 [SNS Advisory No.88] Webmin Directory Traversal Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/438149/100/0/threaded"
},
{
"name": "webmin-backslash-directory-traversal(27366)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27366"
},
{
"name": "http://www.webmin.com/changes.html",
"refsource": "CONFIRM",
"url": "http://www.webmin.com/changes.html"
},
{
"name": "1161",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1161"
},
{
"name": "1016375",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016375"
},
{
"name": "20777",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20777"
},
{
"name": "ADV-2006-2493",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2493"
},
{
"name": "JVN#67974490",
"refsource": "JVN",
"url": "http://jvn.jp/jp/JVN%2367974490/index.html"
},
{
"name": "18613",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18613"
},
{
"name": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/88_e.html",
"refsource": "MISC",
"url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/88_e.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3274",
"datePublished": "2006-06-28T22:00:00",
"dateReserved": "2006-06-28T00:00:00",
"dateUpdated": "2024-08-07T18:23:21.196Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-31760
Vulnerability from cvelistv5
Published
2021-04-25 18:28
Modified
2024-08-03 23:03
Severity ?
EPSS score ?
Summary
Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to achieve Remote Command Execution (RCE) through Webmin's running process feature.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/webmin/webmin | x_refsource_MISC | |
| https://youtu.be/D45FN8QrzDo | x_refsource_MISC | |
| https://github.com/electronicbots/CVE-2021-31760 | x_refsource_MISC | |
| https://github.com/Mesh3l911/CVE-2021-31760 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:03:33.851Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/webmin/webmin"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://youtu.be/D45FN8QrzDo"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/electronicbots/CVE-2021-31760"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Mesh3l911/CVE-2021-31760"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to achieve Remote Command Execution (RCE) through Webmin\u0027s running process feature."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-25T18:28:33",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/webmin/webmin"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://youtu.be/D45FN8QrzDo"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/electronicbots/CVE-2021-31760"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Mesh3l911/CVE-2021-31760"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-31760",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to achieve Remote Command Execution (RCE) through Webmin\u0027s running process feature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/webmin/webmin",
"refsource": "MISC",
"url": "https://github.com/webmin/webmin"
},
{
"name": "https://youtu.be/D45FN8QrzDo",
"refsource": "MISC",
"url": "https://youtu.be/D45FN8QrzDo"
},
{
"name": "https://github.com/electronicbots/CVE-2021-31760",
"refsource": "MISC",
"url": "https://github.com/electronicbots/CVE-2021-31760"
},
{
"name": "https://github.com/Mesh3l911/CVE-2021-31760",
"refsource": "MISC",
"url": "https://github.com/Mesh3l911/CVE-2021-31760"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-31760",
"datePublished": "2021-04-25T18:28:33",
"dateReserved": "2021-04-23T00:00:00",
"dateUpdated": "2024-08-03T23:03:33.851Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-3042
Vulnerability from cvelistv5
Published
2005-09-22 04:00
Modified
2024-08-07 22:53
Severity ?
EPSS score ?
Summary
miniserv.pl in Webmin before 1.230 and Usermin before 1.160, when "full PAM conversations" is enabled, allows remote attackers to bypass authentication by spoofing session IDs via certain metacharacters (line feed or carriage return).
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:53:30.475Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "16858",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16858"
},
{
"name": "17282",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17282"
},
{
"name": "GLSA-200509-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-17.xml"
},
{
"name": "19575",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/19575"
},
{
"name": "17",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/17"
},
{
"name": "14889",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14889"
},
{
"name": "ADV-2005-1791",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/1791"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/83_e.html"
},
{
"name": "MDKSA-2005:176",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:176"
},
{
"name": "SUSE-SR:2005:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_24_sr.html"
},
{
"name": "20050921 [SNS Advisory No.83] Webmin/Usermin PAM Authentication Bypass Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2005-09/0257.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.webmin.com/changes-1.230.html"
},
{
"name": "JVN#40940493",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/jp/JVN%2340940493/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.webmin.com/uchanges-1.160.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-09-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "miniserv.pl in Webmin before 1.230 and Usermin before 1.160, when \"full PAM conversations\" is enabled, allows remote attackers to bypass authentication by spoofing session IDs via certain metacharacters (line feed or carriage return)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-09-29T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "16858",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16858"
},
{
"name": "17282",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17282"
},
{
"name": "GLSA-200509-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-17.xml"
},
{
"name": "19575",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/19575"
},
{
"name": "17",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/17"
},
{
"name": "14889",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14889"
},
{
"name": "ADV-2005-1791",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/1791"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/83_e.html"
},
{
"name": "MDKSA-2005:176",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:176"
},
{
"name": "SUSE-SR:2005:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_24_sr.html"
},
{
"name": "20050921 [SNS Advisory No.83] Webmin/Usermin PAM Authentication Bypass Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2005-09/0257.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.webmin.com/changes-1.230.html"
},
{
"name": "JVN#40940493",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/jp/JVN%2340940493/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.webmin.com/uchanges-1.160.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3042",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "miniserv.pl in Webmin before 1.230 and Usermin before 1.160, when \"full PAM conversations\" is enabled, allows remote attackers to bypass authentication by spoofing session IDs via certain metacharacters (line feed or carriage return)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16858",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16858"
},
{
"name": "17282",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17282"
},
{
"name": "GLSA-200509-17",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-17.xml"
},
{
"name": "19575",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/19575"
},
{
"name": "17",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/17"
},
{
"name": "14889",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14889"
},
{
"name": "ADV-2005-1791",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/1791"
},
{
"name": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/83_e.html",
"refsource": "MISC",
"url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/83_e.html"
},
{
"name": "MDKSA-2005:176",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:176"
},
{
"name": "SUSE-SR:2005:024",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_24_sr.html"
},
{
"name": "20050921 [SNS Advisory No.83] Webmin/Usermin PAM Authentication Bypass Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2005-09/0257.html"
},
{
"name": "http://www.webmin.com/changes-1.230.html",
"refsource": "CONFIRM",
"url": "http://www.webmin.com/changes-1.230.html"
},
{
"name": "JVN#40940493",
"refsource": "JVN",
"url": "http://jvn.jp/jp/JVN%2340940493/index.html"
},
{
"name": "http://www.webmin.com/uchanges-1.160.html",
"refsource": "CONFIRM",
"url": "http://www.webmin.com/uchanges-1.160.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3042",
"datePublished": "2005-09-22T04:00:00",
"dateReserved": "2005-09-22T00:00:00",
"dateUpdated": "2024-08-07T22:53:30.475Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-1177
Vulnerability from cvelistv5
Published
2005-04-19 04:00
Modified
2024-08-07 21:44
Severity ?
EPSS score ?
Summary
Unknown vulnerability in (1) Webmin and (2) Usermin before 1.200 causes Webmin to change permissions and ownership of configuration files, with unknown impact.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.webmin.com/changes.html | x_refsource_CONFIRM | |
| http://securitytracker.com/id?1013723 | vdb-entry, x_refsource_SECTRACK | |
| http://www.webmin.com/uchanges.html | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/20607 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:44:05.268Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.webmin.com/changes.html"
},
{
"name": "1013723",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1013723"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.webmin.com/uchanges.html"
},
{
"name": "webmin-config-file-permissions(20607)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20607"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-04-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unknown vulnerability in (1) Webmin and (2) Usermin before 1.200 causes Webmin to change permissions and ownership of configuration files, with unknown impact."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.webmin.com/changes.html"
},
{
"name": "1013723",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1013723"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.webmin.com/uchanges.html"
},
{
"name": "webmin-config-file-permissions(20607)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20607"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1177",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unknown vulnerability in (1) Webmin and (2) Usermin before 1.200 causes Webmin to change permissions and ownership of configuration files, with unknown impact."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.webmin.com/changes.html",
"refsource": "CONFIRM",
"url": "http://www.webmin.com/changes.html"
},
{
"name": "1013723",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013723"
},
{
"name": "http://www.webmin.com/uchanges.html",
"refsource": "CONFIRM",
"url": "http://www.webmin.com/uchanges.html"
},
{
"name": "webmin-config-file-permissions(20607)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20607"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1177",
"datePublished": "2005-04-19T04:00:00",
"dateReserved": "2005-04-19T00:00:00",
"dateUpdated": "2024-08-07T21:44:05.268Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-3886
Vulnerability from cvelistv5
Published
2014-07-20 10:00
Modified
2024-08-06 10:57
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Webmin before 1.690, when referrer checking is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2014-3924.
References
| ▼ | URL | Tags |
|---|---|---|
| http://jvn.jp/en/jp/JVN02213197/index.html | third-party-advisory, x_refsource_JVN | |
| http://jvndb.jvn.jp/jvndb/JVNDB-2014-000060 | third-party-advisory, x_refsource_JVNDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:57:17.936Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#02213197",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN02213197/index.html"
},
{
"name": "JVNDB-2014-000060",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000060"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-06-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Webmin before 1.690, when referrer checking is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2014-3924."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-07-20T06:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#02213197",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN02213197/index.html"
},
{
"name": "JVNDB-2014-000060",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000060"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2014-3886",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Webmin before 1.690, when referrer checking is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2014-3924."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#02213197",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN02213197/index.html"
},
{
"name": "JVNDB-2014-000060",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000060"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2014-3886",
"datePublished": "2014-07-20T10:00:00",
"dateReserved": "2014-05-27T00:00:00",
"dateUpdated": "2024-08-06T10:57:17.936Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-1673
Vulnerability from cvelistv5
Published
2005-06-21 04:00
Modified
2024-08-08 03:34
Severity ?
EPSS score ?
Summary
The web interface for Webmin 0.92 does not properly quote or filter script code in files that are displayed to the interface, which allows local users to execute script and possibly steal cookies by inserting the script into certain files or fields, such as a real user name entry in the passwd file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/4329 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/8596 | vdb-entry, x_refsource_XF | |
| http://online.securityfocus.com/archive/1/263181 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:34:55.628Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "4329",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4329"
},
{
"name": "webmin-functions-execute-code(8596)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8596"
},
{
"name": "20020320 Local privalege escalation issues with Webmin 0.92",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/263181"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-03-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The web interface for Webmin 0.92 does not properly quote or filter script code in files that are displayed to the interface, which allows local users to execute script and possibly steal cookies by inserting the script into certain files or fields, such as a real user name entry in the passwd file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "4329",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4329"
},
{
"name": "webmin-functions-execute-code(8596)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8596"
},
{
"name": "20020320 Local privalege escalation issues with Webmin 0.92",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/263181"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1673",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web interface for Webmin 0.92 does not properly quote or filter script code in files that are displayed to the interface, which allows local users to execute script and possibly steal cookies by inserting the script into certain files or fields, such as a real user name entry in the passwd file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4329",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4329"
},
{
"name": "webmin-functions-execute-code(8596)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8596"
},
{
"name": "20020320 Local privalege escalation issues with Webmin 0.92",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/263181"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1673",
"datePublished": "2005-06-21T04:00:00",
"dateReserved": "2005-06-21T00:00:00",
"dateUpdated": "2024-08-08T03:34:55.628Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-8820
Vulnerability from cvelistv5
Published
2020-10-12 15:52
Modified
2024-08-04 10:12
Severity ?
EPSS score ?
Summary
An XSS Vulnerability exists in Webmin 1.941 and earlier affecting the Cluster Shell Commands Endpoint. A user may enter any XSS Payload into the Command field and execute it. Then, after revisiting the Cluster Shell Commands Menu, the XSS Payload will be rendered and executed.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.webmin.com/security.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:12:10.555Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.webmin.com/security.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-10-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An XSS Vulnerability exists in Webmin 1.941 and earlier affecting the Cluster Shell Commands Endpoint. A user may enter any XSS Payload into the Command field and execute it. Then, after revisiting the Cluster Shell Commands Menu, the XSS Payload will be rendered and executed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-12T15:52:43",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.webmin.com/security.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-8820",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An XSS Vulnerability exists in Webmin 1.941 and earlier affecting the Cluster Shell Commands Endpoint. A user may enter any XSS Payload into the Command field and execute it. Then, after revisiting the Cluster Shell Commands Menu, the XSS Payload will be rendered and executed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.webmin.com/security.html",
"refsource": "CONFIRM",
"url": "https://www.webmin.com/security.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-8820",
"datePublished": "2020-10-12T15:52:43",
"dateReserved": "2020-02-10T00:00:00",
"dateUpdated": "2024-08-04T10:12:10.555Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-4542
Vulnerability from cvelistv5
Published
2006-09-05 23:00
Modified
2024-08-07 19:14
Severity ?
EPSS score ?
Summary
Webmin before 1.296 and Usermin before 1.226 do not properly handle a URL with a null ("%00") character, which allows remote attackers to conduct cross-site scripting (XSS), read CGI program source code, list directories, and possibly execute programs.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:14:47.503Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#99776858",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/jp/JVN%2399776858/index.html"
},
{
"name": "19820",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19820"
},
{
"name": "22114",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22114"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/89_e.html"
},
{
"name": "ADV-2006-3424",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3424"
},
{
"name": "21690",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21690"
},
{
"name": "DSA-1199",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1199"
},
{
"name": "28338",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/28338"
},
{
"name": "22087",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22087"
},
{
"name": "28337",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/28337"
},
{
"name": "MDKSA-2006:170",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:170"
},
{
"name": "1016776",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016776"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://webmin.com/security.html"
},
{
"name": "22556",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22556"
},
{
"name": "1016777",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016777"
},
{
"name": "webmin-usermin-source-disclosure(28699)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28699"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Webmin before 1.296 and Usermin before 1.226 do not properly handle a URL with a null (\"%00\") character, which allows remote attackers to conduct cross-site scripting (XSS), read CGI program source code, list directories, and possibly execute programs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "JVN#99776858",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/jp/JVN%2399776858/index.html"
},
{
"name": "19820",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19820"
},
{
"name": "22114",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22114"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/89_e.html"
},
{
"name": "ADV-2006-3424",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3424"
},
{
"name": "21690",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21690"
},
{
"name": "DSA-1199",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1199"
},
{
"name": "28338",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/28338"
},
{
"name": "22087",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22087"
},
{
"name": "28337",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/28337"
},
{
"name": "MDKSA-2006:170",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:170"
},
{
"name": "1016776",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016776"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://webmin.com/security.html"
},
{
"name": "22556",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22556"
},
{
"name": "1016777",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016777"
},
{
"name": "webmin-usermin-source-disclosure(28699)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28699"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4542",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Webmin before 1.296 and Usermin before 1.226 do not properly handle a URL with a null (\"%00\") character, which allows remote attackers to conduct cross-site scripting (XSS), read CGI program source code, list directories, and possibly execute programs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#99776858",
"refsource": "JVN",
"url": "http://jvn.jp/jp/JVN%2399776858/index.html"
},
{
"name": "19820",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19820"
},
{
"name": "22114",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22114"
},
{
"name": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/89_e.html",
"refsource": "MISC",
"url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/89_e.html"
},
{
"name": "ADV-2006-3424",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3424"
},
{
"name": "21690",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21690"
},
{
"name": "DSA-1199",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1199"
},
{
"name": "28338",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28338"
},
{
"name": "22087",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22087"
},
{
"name": "28337",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/28337"
},
{
"name": "MDKSA-2006:170",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:170"
},
{
"name": "1016776",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016776"
},
{
"name": "http://webmin.com/security.html",
"refsource": "CONFIRM",
"url": "http://webmin.com/security.html"
},
{
"name": "22556",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22556"
},
{
"name": "1016777",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016777"
},
{
"name": "webmin-usermin-source-disclosure(28699)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28699"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4542",
"datePublished": "2006-09-05T23:00:00",
"dateReserved": "2006-09-05T00:00:00",
"dateUpdated": "2024-08-07T19:14:47.503Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-30708
Vulnerability from cvelistv5
Published
2022-05-15 02:30
Modified
2024-08-03 06:56
Severity ?
EPSS score ?
Summary
Webmin through 1.991, when the Authentic theme is used, allows remote code execution when a user has been manually created (i.e., not created in Virtualmin or Cloudmin). This occurs because settings-editor_write.cgi does not properly restrict the file parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/webmin/webmin/issues/1635 | x_refsource_MISC | |
| https://github.com/esp0xdeadbeef/rce_webmin | x_refsource_MISC | |
| https://www.twitch.tv/videos/1483029790 | x_refsource_MISC | |
| https://github.com/webmin/webmin/releases | x_refsource_MISC | |
| https://github.com/webmin/authentic-theme/releases | x_refsource_MISC | |
| https://webmin.com/changes.html | x_refsource_MISC | |
| https://github.com/webmin/webmin/commit/6a2334bf8b27d55c7edf0b2825cd14f3f8a69d4d | x_refsource_MISC | |
| https://github.com/esp0xdeadbeef/rce_webmin/blob/main/exploit.py | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:56:13.713Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/webmin/webmin/issues/1635"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/esp0xdeadbeef/rce_webmin"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twitch.tv/videos/1483029790"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/webmin/webmin/releases"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/webmin/authentic-theme/releases"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://webmin.com/changes.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/webmin/webmin/commit/6a2334bf8b27d55c7edf0b2825cd14f3f8a69d4d"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/esp0xdeadbeef/rce_webmin/blob/main/exploit.py"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Webmin through 1.991, when the Authentic theme is used, allows remote code execution when a user has been manually created (i.e., not created in Virtualmin or Cloudmin). This occurs because settings-editor_write.cgi does not properly restrict the file parameter."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:U/UI:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-15T02:30:14",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/webmin/webmin/issues/1635"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/esp0xdeadbeef/rce_webmin"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twitch.tv/videos/1483029790"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/webmin/webmin/releases"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/webmin/authentic-theme/releases"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://webmin.com/changes.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/webmin/webmin/commit/6a2334bf8b27d55c7edf0b2825cd14f3f8a69d4d"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/esp0xdeadbeef/rce_webmin/blob/main/exploit.py"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-30708",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Webmin through 1.991, when the Authentic theme is used, allows remote code execution when a user has been manually created (i.e., not created in Virtualmin or Cloudmin). This occurs because settings-editor_write.cgi does not properly restrict the file parameter."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:U/UI:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/webmin/webmin/issues/1635",
"refsource": "MISC",
"url": "https://github.com/webmin/webmin/issues/1635"
},
{
"name": "https://github.com/esp0xdeadbeef/rce_webmin",
"refsource": "MISC",
"url": "https://github.com/esp0xdeadbeef/rce_webmin"
},
{
"name": "https://www.twitch.tv/videos/1483029790",
"refsource": "MISC",
"url": "https://www.twitch.tv/videos/1483029790"
},
{
"name": "https://github.com/webmin/webmin/releases",
"refsource": "MISC",
"url": "https://github.com/webmin/webmin/releases"
},
{
"name": "https://github.com/webmin/authentic-theme/releases",
"refsource": "MISC",
"url": "https://github.com/webmin/authentic-theme/releases"
},
{
"name": "https://webmin.com/changes.html",
"refsource": "MISC",
"url": "https://webmin.com/changes.html"
},
{
"name": "https://github.com/webmin/webmin/commit/6a2334bf8b27d55c7edf0b2825cd14f3f8a69d4d",
"refsource": "MISC",
"url": "https://github.com/webmin/webmin/commit/6a2334bf8b27d55c7edf0b2825cd14f3f8a69d4d"
},
{
"name": "https://github.com/esp0xdeadbeef/rce_webmin/blob/main/exploit.py",
"refsource": "MISC",
"url": "https://github.com/esp0xdeadbeef/rce_webmin/blob/main/exploit.py"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-30708",
"datePublished": "2022-05-15T02:30:14",
"dateReserved": "2022-05-15T00:00:00",
"dateUpdated": "2024-08-03T06:56:13.713Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-1672
Vulnerability from cvelistv5
Published
2005-06-21 04:00
Modified
2024-08-08 03:34
Severity ?
EPSS score ?
Summary
Webmin 0.92, when installed from an RPM, creates /var/webmin with insecure permissions (world readable), which could allow local users to read the root user's cookie-based authentication credentials and possibly hijack the root user's session using the credentials.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.webmin.com/changes.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/4328 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/8595 | vdb-entry, x_refsource_XF | |
| http://online.securityfocus.com/archive/1/263181 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:34:55.701Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.webmin.com/changes.html"
},
{
"name": "4328",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4328"
},
{
"name": "webmin-directory-permissions(8595)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8595"
},
{
"name": "20020320 Local privalege escalation issues with Webmin 0.92",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/263181"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-03-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Webmin 0.92, when installed from an RPM, creates /var/webmin with insecure permissions (world readable), which could allow local users to read the root user\u0027s cookie-based authentication credentials and possibly hijack the root user\u0027s session using the credentials."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.webmin.com/changes.html"
},
{
"name": "4328",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4328"
},
{
"name": "webmin-directory-permissions(8595)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8595"
},
{
"name": "20020320 Local privalege escalation issues with Webmin 0.92",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/263181"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1672",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Webmin 0.92, when installed from an RPM, creates /var/webmin with insecure permissions (world readable), which could allow local users to read the root user\u0027s cookie-based authentication credentials and possibly hijack the root user\u0027s session using the credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.webmin.com/changes.html",
"refsource": "CONFIRM",
"url": "http://www.webmin.com/changes.html"
},
{
"name": "4328",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4328"
},
{
"name": "webmin-directory-permissions(8595)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8595"
},
{
"name": "20020320 Local privalege escalation issues with Webmin 0.92",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/263181"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1672",
"datePublished": "2005-06-21T04:00:00",
"dateReserved": "2005-06-21T00:00:00",
"dateUpdated": "2024-08-08T03:34:55.701Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-12670
Vulnerability from cvelistv5
Published
2020-10-12 15:56
Modified
2024-08-04 12:04
Severity ?
EPSS score ?
Summary
XSS exists in Webmin 1.941 and earlier affecting the Save function of the Read User Email Module / mailboxes Endpoint when attempting to save HTML emails. This module parses any output without sanitizing SCRIPT elements, as opposed to the View function, which sanitizes the input correctly. A malicious user can send any JavaScript payload into the message body and execute it if the user decides to save that email.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.webmin.com/security.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:04:22.560Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.webmin.com/security.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-10-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "XSS exists in Webmin 1.941 and earlier affecting the Save function of the Read User Email Module / mailboxes Endpoint when attempting to save HTML emails. This module parses any output without sanitizing SCRIPT elements, as opposed to the View function, which sanitizes the input correctly. A malicious user can send any JavaScript payload into the message body and execute it if the user decides to save that email."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-12T15:56:28",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.webmin.com/security.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-12670",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XSS exists in Webmin 1.941 and earlier affecting the Save function of the Read User Email Module / mailboxes Endpoint when attempting to save HTML emails. This module parses any output without sanitizing SCRIPT elements, as opposed to the View function, which sanitizes the input correctly. A malicious user can send any JavaScript payload into the message body and execute it if the user decides to save that email."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.webmin.com/security.html",
"refsource": "CONFIRM",
"url": "https://www.webmin.com/security.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-12670",
"datePublished": "2020-10-12T15:56:28",
"dateReserved": "2020-05-06T00:00:00",
"dateUpdated": "2024-08-04T12:04:22.560Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-19191
Vulnerability from cvelistv5
Published
2019-03-17 21:27
Modified
2024-08-05 11:30
Severity ?
EPSS score ?
Summary
Webmin 1.890 has XSS via /config.cgi?webmin, the /shell/index.cgi history parameter, /shell/index.cgi?stripped=1, or the /webminlog/search.cgi uall or mall parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://packetstormsecurity.com/files/151144/Webmin-1.890-Cross-Site-Scripting.html | x_refsource_MISC | |
| http://www.webmin.com/index.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:30:04.199Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/151144/Webmin-1.890-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.webmin.com/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-01-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Webmin 1.890 has XSS via /config.cgi?webmin, the /shell/index.cgi history parameter, /shell/index.cgi?stripped=1, or the /webminlog/search.cgi uall or mall parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-03-17T21:27:18",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/151144/Webmin-1.890-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.webmin.com/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-19191",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Webmin 1.890 has XSS via /config.cgi?webmin, the /shell/index.cgi history parameter, /shell/index.cgi?stripped=1, or the /webminlog/search.cgi uall or mall parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/151144/Webmin-1.890-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/151144/Webmin-1.890-Cross-Site-Scripting.html"
},
{
"name": "http://www.webmin.com/index.html",
"refsource": "CONFIRM",
"url": "http://www.webmin.com/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-19191",
"datePublished": "2019-03-17T21:27:18",
"dateReserved": "2018-11-11T00:00:00",
"dateUpdated": "2024-08-05T11:30:04.199Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-15107
Vulnerability from cvelistv5
Published
2019-08-16 02:44
Modified
2024-08-05 00:34
Severity ?
EPSS score ?
Summary
An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnerability.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:34:53.279Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.webmin.com/security.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/47230"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.pentest.com.tr/exploits/DEFCON-Webmin-1920-Unauthenticated-Remote-Command-Execution.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/154141/Webmin-Remote-Comman-Execution.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/154141/Webmin-1.920-Remote-Command-Execution.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/154197/Webmin-1.920-password_change.cgi-Backdoor.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/154485/Webmin-1.920-Remote-Code-Execution.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://attackerkb.com/topics/hxx3zmiCkR/webmin-password-change-cgi-command-injection"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Webmin \u003c=1.920. The parameter old in password_change.cgi contains a command injection vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-27T20:41:21",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.webmin.com/security.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.exploit-db.com/exploits/47230"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.pentest.com.tr/exploits/DEFCON-Webmin-1920-Unauthenticated-Remote-Command-Execution.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/154141/Webmin-Remote-Comman-Execution.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/154141/Webmin-1.920-Remote-Command-Execution.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/154197/Webmin-1.920-password_change.cgi-Backdoor.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/154485/Webmin-1.920-Remote-Code-Execution.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://attackerkb.com/topics/hxx3zmiCkR/webmin-password-change-cgi-command-injection"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15107",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Webmin \u003c=1.920. The parameter old in password_change.cgi contains a command injection vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.webmin.com/security.html",
"refsource": "MISC",
"url": "http://www.webmin.com/security.html"
},
{
"name": "https://www.exploit-db.com/exploits/47230",
"refsource": "MISC",
"url": "https://www.exploit-db.com/exploits/47230"
},
{
"name": "http://www.pentest.com.tr/exploits/DEFCON-Webmin-1920-Unauthenticated-Remote-Command-Execution.html",
"refsource": "MISC",
"url": "http://www.pentest.com.tr/exploits/DEFCON-Webmin-1920-Unauthenticated-Remote-Command-Execution.html"
},
{
"name": "http://packetstormsecurity.com/files/154141/Webmin-Remote-Comman-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/154141/Webmin-Remote-Comman-Execution.html"
},
{
"name": "http://packetstormsecurity.com/files/154141/Webmin-1.920-Remote-Command-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/154141/Webmin-1.920-Remote-Command-Execution.html"
},
{
"name": "http://packetstormsecurity.com/files/154197/Webmin-1.920-password_change.cgi-Backdoor.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/154197/Webmin-1.920-password_change.cgi-Backdoor.html"
},
{
"name": "http://packetstormsecurity.com/files/154485/Webmin-1.920-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/154485/Webmin-1.920-Remote-Code-Execution.html"
},
{
"name": "https://attackerkb.com/topics/hxx3zmiCkR/webmin-password-change-cgi-command-injection",
"refsource": "MISC",
"url": "https://attackerkb.com/topics/hxx3zmiCkR/webmin-password-change-cgi-command-injection"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-15107",
"datePublished": "2019-08-16T02:44:04",
"dateReserved": "2019-08-15T00:00:00",
"dateUpdated": "2024-08-05T00:34:53.279Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-15641
Vulnerability from cvelistv5
Published
2019-08-26 17:07
Modified
2024-08-05 00:56
Severity ?
EPSS score ?
Summary
xmlrpc.cgi in Webmin through 1.930 allows authenticated XXE attacks. By default, only root, admin, and sysadm can access xmlrpc.cgi.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.calypt.com/blog/index.php/authenticated-xxe-on-webmin/ | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:56:22.070Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.calypt.com/blog/index.php/authenticated-xxe-on-webmin/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "xmlrpc.cgi in Webmin through 1.930 allows authenticated XXE attacks. By default, only root, admin, and sysadm can access xmlrpc.cgi."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-26T17:07:38",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.calypt.com/blog/index.php/authenticated-xxe-on-webmin/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15641",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "xmlrpc.cgi in Webmin through 1.930 allows authenticated XXE attacks. By default, only root, admin, and sysadm can access xmlrpc.cgi."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.calypt.com/blog/index.php/authenticated-xxe-on-webmin/",
"refsource": "MISC",
"url": "https://www.calypt.com/blog/index.php/authenticated-xxe-on-webmin/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-15641",
"datePublished": "2019-08-26T17:07:38",
"dateReserved": "2019-08-26T00:00:00",
"dateUpdated": "2024-08-05T00:56:22.070Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-38309
Vulnerability from cvelistv5
Published
2023-07-31 00:00
Modified
2024-10-22 17:49
Severity ?
EPSS score ?
Summary
An issue was discovered in Webmin 2.021. A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the package search functionality. The vulnerability allows an attacker to inject a malicious payload in the "Search for Package" field, which gets reflected back in the application's response, leading to the execution of arbitrary JavaScript code within the context of the victim's browser.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:39:12.681Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://webmin.com/tags/webmin-changelog/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38309"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38309",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T17:49:21.693543Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T17:49:35.023Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Webmin 2.021. A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the package search functionality. The vulnerability allows an attacker to inject a malicious payload in the \"Search for Package\" field, which gets reflected back in the application\u0027s response, leading to the execution of arbitrary JavaScript code within the context of the victim\u0027s browser."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-31T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://webmin.com/tags/webmin-changelog/"
},
{
"url": "https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38309"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-38309",
"datePublished": "2023-07-31T00:00:00",
"dateReserved": "2023-07-14T00:00:00",
"dateUpdated": "2024-10-22T17:49:35.023Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-38307
Vulnerability from cvelistv5
Published
2023-07-31 00:00
Modified
2024-10-22 17:50
Severity ?
EPSS score ?
Summary
An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the Users and Groups functionality. The vulnerability occurs when an authenticated user adds a new user and inserts an XSS payload into the user's real name.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:39:12.239Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://webmin.com/tags/webmin-changelog/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38307"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38307",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T17:50:31.767656Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T17:50:42.240Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the Users and Groups functionality. The vulnerability occurs when an authenticated user adds a new user and inserts an XSS payload into the user\u0027s real name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-31T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://webmin.com/tags/webmin-changelog/"
},
{
"url": "https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38307"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-38307",
"datePublished": "2023-07-31T00:00:00",
"dateReserved": "2023-07-14T00:00:00",
"dateUpdated": "2024-10-22T17:50:42.240Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-1937
Vulnerability from cvelistv5
Published
2011-05-31 20:00
Modified
2024-08-06 22:46
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Webmin 1.540 and earlier allows local users to inject arbitrary web script or HTML via a chfn command that changes the real (aka Full Name) field, related to useradmin/index.cgi and useradmin/user-lib.pl.
References
| ▼ | URL | Tags |
|---|---|---|
| http://openwall.com/lists/oss-security/2011/05/24/7 | mailing-list, x_refsource_MLIST | |
| http://www.youtube.com/watch?v=CUO7JLIGUf0 | x_refsource_MISC | |
| http://securitytracker.com/id?1025438 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/archive/1/517658 | mailing-list, x_refsource_BUGTRAQ | |
| https://github.com/webmin/webmin/commit/46e3d3ad195dcdc1af1795c96b6e0dc778fb6881 | x_refsource_CONFIRM | |
| http://openwall.com/lists/oss-security/2011/05/22/1 | mailing-list, x_refsource_MLIST | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2011:109 | vendor-advisory, x_refsource_MANDRIVA | |
| http://securityreason.com/securityalert/8264 | third-party-advisory, x_refsource_SREASON | |
| http://javierb.com.ar/2011/04/24/xss-webmin-1-540/ | x_refsource_MISC | |
| http://www.securityfocus.com/bid/47558 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:46:00.806Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20110524 Re: CVE Request: Webmin Local Privilege Escalation Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/05/24/7"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.youtube.com/watch?v=CUO7JLIGUf0"
},
{
"name": "1025438",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1025438"
},
{
"name": "20110424 XSS in Webmin 1.540 + exploit for privilege escalation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/517658"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/webmin/webmin/commit/46e3d3ad195dcdc1af1795c96b6e0dc778fb6881"
},
{
"name": "[oss-security] 20110522 CVE Request: Webmin Local Privilege Escalation Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/05/22/1"
},
{
"name": "MDVSA-2011:109",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:109"
},
{
"name": "8264",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8264"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://javierb.com.ar/2011/04/24/xss-webmin-1-540/"
},
{
"name": "47558",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/47558"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-04-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Webmin 1.540 and earlier allows local users to inject arbitrary web script or HTML via a chfn command that changes the real (aka Full Name) field, related to useradmin/index.cgi and useradmin/user-lib.pl."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-07T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20110524 Re: CVE Request: Webmin Local Privilege Escalation Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/05/24/7"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.youtube.com/watch?v=CUO7JLIGUf0"
},
{
"name": "1025438",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1025438"
},
{
"name": "20110424 XSS in Webmin 1.540 + exploit for privilege escalation",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/517658"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/webmin/webmin/commit/46e3d3ad195dcdc1af1795c96b6e0dc778fb6881"
},
{
"name": "[oss-security] 20110522 CVE Request: Webmin Local Privilege Escalation Vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/05/22/1"
},
{
"name": "MDVSA-2011:109",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:109"
},
{
"name": "8264",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8264"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://javierb.com.ar/2011/04/24/xss-webmin-1-540/"
},
{
"name": "47558",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/47558"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-1937",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Webmin 1.540 and earlier allows local users to inject arbitrary web script or HTML via a chfn command that changes the real (aka Full Name) field, related to useradmin/index.cgi and useradmin/user-lib.pl."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20110524 Re: CVE Request: Webmin Local Privilege Escalation Vulnerability",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/05/24/7"
},
{
"name": "http://www.youtube.com/watch?v=CUO7JLIGUf0",
"refsource": "MISC",
"url": "http://www.youtube.com/watch?v=CUO7JLIGUf0"
},
{
"name": "1025438",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025438"
},
{
"name": "20110424 XSS in Webmin 1.540 + exploit for privilege escalation",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/517658"
},
{
"name": "https://github.com/webmin/webmin/commit/46e3d3ad195dcdc1af1795c96b6e0dc778fb6881",
"refsource": "CONFIRM",
"url": "https://github.com/webmin/webmin/commit/46e3d3ad195dcdc1af1795c96b6e0dc778fb6881"
},
{
"name": "[oss-security] 20110522 CVE Request: Webmin Local Privilege Escalation Vulnerability",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2011/05/22/1"
},
{
"name": "MDVSA-2011:109",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:109"
},
{
"name": "8264",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8264"
},
{
"name": "http://javierb.com.ar/2011/04/24/xss-webmin-1-540/",
"refsource": "MISC",
"url": "http://javierb.com.ar/2011/04/24/xss-webmin-1-540/"
},
{
"name": "47558",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47558"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-1937",
"datePublished": "2011-05-31T20:00:00",
"dateReserved": "2011-05-09T00:00:00",
"dateUpdated": "2024-08-06T22:46:00.806Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-43309
Vulnerability from cvelistv5
Published
2023-09-21 00:00
Modified
2024-09-24 18:21
Severity ?
EPSS score ?
Summary
There is a stored cross-site scripting (XSS) vulnerability in Webmin 2.002 and below via the Cluster Cron Job tab Input field, which allows attackers to run malicious scripts by injecting a specially crafted payload.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:37:23.382Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/TishaManandhar/Webmin_xss_POC/blob/main/XSS"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-43309",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-24T18:21:22.413397Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-24T18:21:30.242Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is a stored cross-site scripting (XSS) vulnerability in Webmin 2.002 and below via the Cluster Cron Job tab Input field, which allows attackers to run malicious scripts by injecting a specially crafted payload."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-21T13:40:52.923212",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/TishaManandhar/Webmin_xss_POC/blob/main/XSS"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-43309",
"datePublished": "2023-09-21T00:00:00",
"dateReserved": "2023-09-18T00:00:00",
"dateUpdated": "2024-09-24T18:21:30.242Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-40984
Vulnerability from cvelistv5
Published
2023-09-15 00:00
Modified
2024-09-25 15:38
Severity ?
EPSS score ?
Summary
A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Replace in Results file.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:46:11.490Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://webmin.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Vi39/Webmin-2.100/blob/main/CVE-2023-40984"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40984",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T15:37:38.309801Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T15:38:02.147Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Replace in Results file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-15T00:46:32.383216",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://webmin.com"
},
{
"url": "https://github.com/Vi39/Webmin-2.100/blob/main/CVE-2023-40984"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-40984",
"datePublished": "2023-09-15T00:00:00",
"dateReserved": "2023-08-22T00:00:00",
"dateUpdated": "2024-09-25T15:38:02.147Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-5066
Vulnerability from cvelistv5
Published
2007-09-24 23:00
Modified
2024-08-07 15:17
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in Webmin before 1.370 on Windows allows remote authenticated users to execute arbitrary commands via a crafted URL.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.webmin.com/security.html | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/36759 | vdb-entry, x_refsource_XF | |
| http://www.vupen.com/english/advisories/2007/3243 | vdb-entry, x_refsource_VUPEN | |
| http://osvdb.org/40772 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/26885 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/25773 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id?1018731 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:17:28.101Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.webmin.com/security.html"
},
{
"name": "webmin-url-command-execution(36759)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36759"
},
{
"name": "ADV-2007-3243",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/3243"
},
{
"name": "40772",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/40772"
},
{
"name": "26885",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26885"
},
{
"name": "25773",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25773"
},
{
"name": "1018731",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018731"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-09-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Webmin before 1.370 on Windows allows remote authenticated users to execute arbitrary commands via a crafted URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.webmin.com/security.html"
},
{
"name": "webmin-url-command-execution(36759)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36759"
},
{
"name": "ADV-2007-3243",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/3243"
},
{
"name": "40772",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/40772"
},
{
"name": "26885",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26885"
},
{
"name": "25773",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25773"
},
{
"name": "1018731",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018731"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5066",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Webmin before 1.370 on Windows allows remote authenticated users to execute arbitrary commands via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.webmin.com/security.html",
"refsource": "CONFIRM",
"url": "http://www.webmin.com/security.html"
},
{
"name": "webmin-url-command-execution(36759)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36759"
},
{
"name": "ADV-2007-3243",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/3243"
},
{
"name": "40772",
"refsource": "OSVDB",
"url": "http://osvdb.org/40772"
},
{
"name": "26885",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26885"
},
{
"name": "25773",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25773"
},
{
"name": "1018731",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018731"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5066",
"datePublished": "2007-09-24T23:00:00",
"dateReserved": "2007-09-24T00:00:00",
"dateUpdated": "2024-08-07T15:17:28.101Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-40986
Vulnerability from cvelistv5
Published
2023-09-15 00:00
Modified
2024-09-25 15:34
Severity ?
EPSS score ?
Summary
A stored cross-site scripting (XSS) vulnerability in the Usermin Configuration function of Webmin v2.100 allows attackers to execute arbitrary web sripts or HTML via a crafted payload injected into the Custom field.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:46:11.273Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://webmin.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Vi39/Webmin-2.100/blob/main/CVE-2023-40986"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40986",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T15:34:21.045135Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T15:34:38.856Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting (XSS) vulnerability in the Usermin Configuration function of Webmin v2.100 allows attackers to execute arbitrary web sripts or HTML via a crafted payload injected into the Custom field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-15T00:23:09.645281",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://webmin.com"
},
{
"url": "https://github.com/Vi39/Webmin-2.100/blob/main/CVE-2023-40986"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-40986",
"datePublished": "2023-09-15T00:00:00",
"dateReserved": "2023-08-22T00:00:00",
"dateUpdated": "2024-09-25T15:34:38.856Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-40985
Vulnerability from cvelistv5
Published
2023-09-15 00:00
Modified
2024-09-25 15:36
Severity ?
EPSS score ?
Summary
An issue was discovered in Webmin 2.100. The File Manager functionality allows an attacker to exploit a Cross-Site Scripting (XSS) vulnerability. By providing a malicious payload, an attacker can inject arbitrary code, which is then executed within the context of the victim's browser when any file is searched/replaced.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:46:11.503Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://webmin.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Vi39/Webmin-2.100/blob/main/CVE-2023-40985"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40985",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T15:36:11.791675Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T15:36:46.617Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Webmin 2.100. The File Manager functionality allows an attacker to exploit a Cross-Site Scripting (XSS) vulnerability. By providing a malicious payload, an attacker can inject arbitrary code, which is then executed within the context of the victim\u0027s browser when any file is searched/replaced."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-15T00:35:18.399295",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://webmin.com"
},
{
"url": "https://github.com/Vi39/Webmin-2.100/blob/main/CVE-2023-40985"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-40985",
"datePublished": "2023-09-15T00:00:00",
"dateReserved": "2023-08-22T00:00:00",
"dateUpdated": "2024-09-25T15:36:46.617Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-0829
Vulnerability from cvelistv5
Published
2022-03-02 12:10
Modified
2024-08-02 23:40
Severity ?
EPSS score ?
Summary
Improper Authorization in GitHub repository webmin/webmin prior to 1.990.
References
| ▼ | URL | Tags |
|---|---|---|
| https://huntr.dev/bounties/f2d0389f-d7d1-4f34-9f9d-268b0a0da05e | x_refsource_CONFIRM | |
| https://github.com/webmin/webmin/commit/eeeea3c097f5cc473770119f7ac61f1dcfa671b9 | x_refsource_MISC | |
| https://notes.netbytesec.com/2022/03/webmin-broken-access-control-to-post-auth-rce.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | webmin | webmin/webmin |
Version: unspecified < 1.990 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:40:04.449Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/f2d0389f-d7d1-4f34-9f9d-268b0a0da05e"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/webmin/webmin/commit/eeeea3c097f5cc473770119f7ac61f1dcfa671b9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://notes.netbytesec.com/2022/03/webmin-broken-access-control-to-post-auth-rce.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "webmin/webmin",
"vendor": "webmin",
"versions": [
{
"lessThan": "1.990",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper Authorization in GitHub repository webmin/webmin prior to 1.990."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285 Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-04T10:05:12",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/f2d0389f-d7d1-4f34-9f9d-268b0a0da05e"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/webmin/webmin/commit/eeeea3c097f5cc473770119f7ac61f1dcfa671b9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://notes.netbytesec.com/2022/03/webmin-broken-access-control-to-post-auth-rce.html"
}
],
"source": {
"advisory": "f2d0389f-d7d1-4f34-9f9d-268b0a0da05e",
"discovery": "EXTERNAL"
},
"title": "Improper Authorization in webmin/webmin",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0829",
"STATE": "PUBLIC",
"TITLE": "Improper Authorization in webmin/webmin"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "webmin/webmin",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.990"
}
]
}
}
]
},
"vendor_name": "webmin"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper Authorization in GitHub repository webmin/webmin prior to 1.990."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285 Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/f2d0389f-d7d1-4f34-9f9d-268b0a0da05e",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/f2d0389f-d7d1-4f34-9f9d-268b0a0da05e"
},
{
"name": "https://github.com/webmin/webmin/commit/eeeea3c097f5cc473770119f7ac61f1dcfa671b9",
"refsource": "MISC",
"url": "https://github.com/webmin/webmin/commit/eeeea3c097f5cc473770119f7ac61f1dcfa671b9"
},
{
"name": "https://notes.netbytesec.com/2022/03/webmin-broken-access-control-to-post-auth-rce.html",
"refsource": "MISC",
"url": "https://notes.netbytesec.com/2022/03/webmin-broken-access-control-to-post-auth-rce.html"
}
]
},
"source": {
"advisory": "f2d0389f-d7d1-4f34-9f9d-268b0a0da05e",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0829",
"datePublished": "2022-03-02T12:10:12",
"dateReserved": "2022-03-02T00:00:00",
"dateUpdated": "2024-08-02T23:40:04.449Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-0339
Vulnerability from cvelistv5
Published
2014-03-16 10:00
Modified
2024-08-06 09:13
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in view.cgi in Webmin before 1.680 allows remote attackers to inject arbitrary web script or HTML via the search parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.webmin.com/changes.html | x_refsource_CONFIRM | |
| http://seclists.org/fulldisclosure/2014/Mar/274 | mailing-list, x_refsource_FULLDISC | |
| http://www.kb.cert.org/vuls/id/381692 | third-party-advisory, x_refsource_CERT-VN | |
| http://www-01.ibm.com/support/docview.wss?uid=swg21679713 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/66248 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:13:09.939Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.webmin.com/changes.html"
},
{
"name": "20140315 Reflected XSS Attacks XSS vulnerabilities in Webmin 1.670 (CVE-2014-0339)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Mar/274"
},
{
"name": "VU#381692",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/381692"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21679713"
},
{
"name": "66248",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/66248"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in view.cgi in Webmin before 1.680 allows remote attackers to inject arbitrary web script or HTML via the search parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-06-02T14:57:00",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.webmin.com/changes.html"
},
{
"name": "20140315 Reflected XSS Attacks XSS vulnerabilities in Webmin 1.670 (CVE-2014-0339)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Mar/274"
},
{
"name": "VU#381692",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/381692"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21679713"
},
{
"name": "66248",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/66248"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2014-0339",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in view.cgi in Webmin before 1.680 allows remote attackers to inject arbitrary web script or HTML via the search parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.webmin.com/changes.html",
"refsource": "CONFIRM",
"url": "http://www.webmin.com/changes.html"
},
{
"name": "20140315 Reflected XSS Attacks XSS vulnerabilities in Webmin 1.670 (CVE-2014-0339)",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Mar/274"
},
{
"name": "VU#381692",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/381692"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21679713",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21679713"
},
{
"name": "66248",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/66248"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2014-0339",
"datePublished": "2014-03-16T10:00:00",
"dateReserved": "2013-12-05T00:00:00",
"dateUpdated": "2024-08-06T09:13:09.939Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-38304
Vulnerability from cvelistv5
Published
2023-07-31 00:00
Modified
2024-10-18 20:26
Severity ?
EPSS score ?
Summary
An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the Users and Groups functionality, allowing an attacker to store a malicious payload in the Group Name field when creating a new group.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:39:12.266Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://webmin.com/tags/webmin-changelog/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38304"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38304",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-18T20:26:02.096186Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-18T20:26:11.110Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the Users and Groups functionality, allowing an attacker to store a malicious payload in the Group Name field when creating a new group."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-31T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://webmin.com/tags/webmin-changelog/"
},
{
"url": "https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38304"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-38304",
"datePublished": "2023-07-31T00:00:00",
"dateReserved": "2023-07-14T00:00:00",
"dateUpdated": "2024-10-18T20:26:11.110Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-3392
Vulnerability from cvelistv5
Published
2006-07-06 20:00
Modified
2024-08-07 18:30
Severity ?
EPSS score ?
Summary
Webmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML, which allows remote attackers to read arbitrary files, as demonstrated using "..%01" sequences, which bypass the removal of "../" sequences before bytes such as "%01" are removed from the filename. NOTE: This is a different issue than CVE-2006-3274.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:30:32.634Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "21365",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21365"
},
{
"name": "GLSA-200608-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200608-11.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.webmin.com/changes.html"
},
{
"name": "20060710 Re: Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/440125/100/0/threaded"
},
{
"name": "21105",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21105"
},
{
"name": "18744",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18744"
},
{
"name": "20060715 Webmin / Usermin Arbitrary File Disclosure Vulnerability Perl",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/440493/100/0/threaded"
},
{
"name": "20060715 Re: Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/440466/100/0/threaded"
},
{
"name": "VU#999601",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/999601"
},
{
"name": "DSA-1199",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1199"
},
{
"name": "20060630 Webmin traversal - changelog",
"tags": [
"mailing-list",
"x_refsource_VIM",
"x_transferred"
],
"url": "http://attrition.org/pipermail/vim/2006-June/000912.html"
},
{
"name": "20892",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20892"
},
{
"name": "MDKSA-2006:125",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:125"
},
{
"name": "ADV-2006-2612",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2612"
},
{
"name": "20060709 Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/439653/100/0/threaded"
},
{
"name": "26772",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/26772"
},
{
"name": "22556",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22556"
},
{
"name": "20060711 Re: Webmin traversal - changelog",
"tags": [
"mailing-list",
"x_refsource_VIM",
"x_transferred"
],
"url": "http://attrition.org/pipermail/vim/2006-July/000923.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-06-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Webmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML, which allows remote attackers to read arbitrary files, as demonstrated using \"..%01\" sequences, which bypass the removal of \"../\" sequences before bytes such as \"%01\" are removed from the filename. NOTE: This is a different issue than CVE-2006-3274."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "21365",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21365"
},
{
"name": "GLSA-200608-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200608-11.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.webmin.com/changes.html"
},
{
"name": "20060710 Re: Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/440125/100/0/threaded"
},
{
"name": "21105",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21105"
},
{
"name": "18744",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18744"
},
{
"name": "20060715 Webmin / Usermin Arbitrary File Disclosure Vulnerability Perl",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/440493/100/0/threaded"
},
{
"name": "20060715 Re: Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/440466/100/0/threaded"
},
{
"name": "VU#999601",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/999601"
},
{
"name": "DSA-1199",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1199"
},
{
"name": "20060630 Webmin traversal - changelog",
"tags": [
"mailing-list",
"x_refsource_VIM"
],
"url": "http://attrition.org/pipermail/vim/2006-June/000912.html"
},
{
"name": "20892",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20892"
},
{
"name": "MDKSA-2006:125",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:125"
},
{
"name": "ADV-2006-2612",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2612"
},
{
"name": "20060709 Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/439653/100/0/threaded"
},
{
"name": "26772",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/26772"
},
{
"name": "22556",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22556"
},
{
"name": "20060711 Re: Webmin traversal - changelog",
"tags": [
"mailing-list",
"x_refsource_VIM"
],
"url": "http://attrition.org/pipermail/vim/2006-July/000923.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-3392",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Webmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML, which allows remote attackers to read arbitrary files, as demonstrated using \"..%01\" sequences, which bypass the removal of \"../\" sequences before bytes such as \"%01\" are removed from the filename. NOTE: This is a different issue than CVE-2006-3274."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21365",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21365"
},
{
"name": "GLSA-200608-11",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200608-11.xml"
},
{
"name": "http://www.webmin.com/changes.html",
"refsource": "CONFIRM",
"url": "http://www.webmin.com/changes.html"
},
{
"name": "20060710 Re: Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/440125/100/0/threaded"
},
{
"name": "21105",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21105"
},
{
"name": "18744",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18744"
},
{
"name": "20060715 Webmin / Usermin Arbitrary File Disclosure Vulnerability Perl",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/440493/100/0/threaded"
},
{
"name": "20060715 Re: Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/440466/100/0/threaded"
},
{
"name": "VU#999601",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/999601"
},
{
"name": "DSA-1199",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1199"
},
{
"name": "20060630 Webmin traversal - changelog",
"refsource": "VIM",
"url": "http://attrition.org/pipermail/vim/2006-June/000912.html"
},
{
"name": "20892",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20892"
},
{
"name": "MDKSA-2006:125",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:125"
},
{
"name": "ADV-2006-2612",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2612"
},
{
"name": "20060709 Webmin / Usermin Arbitrary File Disclosure Vulnerability exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/439653/100/0/threaded"
},
{
"name": "26772",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/26772"
},
{
"name": "22556",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22556"
},
{
"name": "20060711 Re: Webmin traversal - changelog",
"refsource": "VIM",
"url": "http://attrition.org/pipermail/vim/2006-July/000923.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-3392",
"datePublished": "2006-07-06T20:00:00",
"dateReserved": "2006-07-06T00:00:00",
"dateUpdated": "2024-08-07T18:30:32.634Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-32158
Vulnerability from cvelistv5
Published
2022-04-11 05:40
Modified
2024-08-03 23:17
Severity ?
EPSS score ?
Summary
A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via the Upload and Download feature.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/Mesh3l911/CVE-2021-32158 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:17:29.367Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Mesh3l911/CVE-2021-32158"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via the Upload and Download feature."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-11T05:40:27",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Mesh3l911/CVE-2021-32158"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-32158",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via the Upload and Download feature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Mesh3l911/CVE-2021-32158",
"refsource": "MISC",
"url": "https://github.com/Mesh3l911/CVE-2021-32158"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-32158",
"datePublished": "2022-04-11T05:40:27",
"dateReserved": "2021-05-07T00:00:00",
"dateUpdated": "2024-08-03T23:17:29.367Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-38306
Vulnerability from cvelistv5
Published
2023-07-31 00:00
Modified
2024-10-22 17:51
Severity ?
EPSS score ?
Summary
An issue was discovered in Webmin 2.021. A Cross-site Scripting (XSS) Bypass vulnerability was discovered in the file upload functionality. Normally, the application restricts the upload of certain file types such as .svg, .php, etc., and displays an error message if a prohibited file type is detected. However, by following certain steps, an attacker can bypass these restrictions and inject malicious code.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:39:12.246Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://webmin.com/tags/webmin-changelog/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38306"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38306",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T17:51:06.893501Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T17:51:13.901Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Webmin 2.021. A Cross-site Scripting (XSS) Bypass vulnerability was discovered in the file upload functionality. Normally, the application restricts the upload of certain file types such as .svg, .php, etc., and displays an error message if a prohibited file type is detected. However, by following certain steps, an attacker can bypass these restrictions and inject malicious code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-31T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://webmin.com/tags/webmin-changelog/"
},
{
"url": "https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38306"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-38306",
"datePublished": "2023-07-31T00:00:00",
"dateReserved": "2023-07-14T00:00:00",
"dateUpdated": "2024-10-22T17:51:13.901Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-41155
Vulnerability from cvelistv5
Published
2023-09-13 00:00
Modified
2024-09-25 20:39
Severity ?
EPSS score ?
Summary
A Stored Cross-Site Scripting (XSS) vulnerability in the mail forwarding and replies tab in Webmin and Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the forward to field while creating a mail forwarding rule.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:54:04.491Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://webmin.com/tags/webmin-changelog/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/shindeanik/Usermin-2.000/blob/main/CVE-2023-41155"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41155",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T20:39:47.299305Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T20:39:56.424Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Stored Cross-Site Scripting (XSS) vulnerability in the mail forwarding and replies tab in Webmin and Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the forward to field while creating a mail forwarding rule."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-13T21:41:29.263678",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://webmin.com/tags/webmin-changelog/"
},
{
"url": "https://github.com/shindeanik/Usermin-2.000/blob/main/CVE-2023-41155"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-41155",
"datePublished": "2023-09-13T00:00:00",
"dateReserved": "2023-08-24T00:00:00",
"dateUpdated": "2024-09-25T20:39:56.424Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-32157
Vulnerability from cvelistv5
Published
2022-04-11 05:38
Modified
2024-08-03 23:17
Severity ?
EPSS score ?
Summary
A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via the Scheduled Cron Jobs feature.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/Mesh3l911/CVE-2021-32157 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:17:29.177Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Mesh3l911/CVE-2021-32157"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via the Scheduled Cron Jobs feature."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-11T05:38:51",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Mesh3l911/CVE-2021-32157"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-32157",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via the Scheduled Cron Jobs feature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Mesh3l911/CVE-2021-32157",
"refsource": "MISC",
"url": "https://github.com/Mesh3l911/CVE-2021-32157"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-32157",
"datePublished": "2022-04-11T05:38:51",
"dateReserved": "2021-05-07T00:00:00",
"dateUpdated": "2024-08-03T23:17:29.177Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-0101
Vulnerability from cvelistv5
Published
2003-02-26 05:00
Modified
2024-08-08 01:43
Severity ?
EPSS score ?
Summary
miniserv.pl in (1) Webmin before 1.070 and (2) Usermin before 1.000 does not properly handle metacharacters such as line feeds and carriage returns (CRLF) in Base-64 encoded strings during Basic authentication, which allows remote attackers to spoof a session ID and gain root privileges.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:43:35.586Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-319",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2003/dsa-319"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.linuxsecurity.com/advisories/gentoo_advisory-2886.html"
},
{
"name": "20030224 GLSA: usermin (200302-14)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104610336226274\u0026w=2"
},
{
"name": "N-058",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC",
"x_transferred"
],
"url": "http://www.ciac.org/ciac/bulletins/n-058.shtml"
},
{
"name": "8163",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/8163"
},
{
"name": "MDKSA-2003:025",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:025"
},
{
"name": "HPSBUX0303-250",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/hp/2003-q1/0063.html"
},
{
"name": "8115",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/8115"
},
{
"name": "1006160",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1006160"
},
{
"name": "20030224 [SNS Advisory No.62] Webmin/Usermin Session ID Spoofing Vulnerability \"Episode 2\"",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104610300325629\u0026w=2"
},
{
"name": "ESA-20030225-006",
"tags": [
"vendor-advisory",
"x_refsource_ENGARDE",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/linux/engarde/2003-q1/0008.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://marc.info/?l=webmin-announce\u0026m=104587858408101\u0026w=2"
},
{
"name": "20030224 Webmin 1.050 - 1.060 remote exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104610245624895\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.lac.co.jp/security/english/snsadv_e/62_e.html"
},
{
"name": "20030602-01-I",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20030602-01-I"
},
{
"name": "webmin-usermin-root-access(11390)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/11390.php"
},
{
"name": "6915",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6915"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-02-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "miniserv.pl in (1) Webmin before 1.070 and (2) Usermin before 1.000 does not properly handle metacharacters such as line feeds and carriage returns (CRLF) in Base-64 encoded strings during Basic authentication, which allows remote attackers to spoof a session ID and gain root privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-319",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2003/dsa-319"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.linuxsecurity.com/advisories/gentoo_advisory-2886.html"
},
{
"name": "20030224 GLSA: usermin (200302-14)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104610336226274\u0026w=2"
},
{
"name": "N-058",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC"
],
"url": "http://www.ciac.org/ciac/bulletins/n-058.shtml"
},
{
"name": "8163",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/8163"
},
{
"name": "MDKSA-2003:025",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:025"
},
{
"name": "HPSBUX0303-250",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://archives.neohapsis.com/archives/hp/2003-q1/0063.html"
},
{
"name": "8115",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/8115"
},
{
"name": "1006160",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1006160"
},
{
"name": "20030224 [SNS Advisory No.62] Webmin/Usermin Session ID Spoofing Vulnerability \"Episode 2\"",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104610300325629\u0026w=2"
},
{
"name": "ESA-20030225-006",
"tags": [
"vendor-advisory",
"x_refsource_ENGARDE"
],
"url": "http://archives.neohapsis.com/archives/linux/engarde/2003-q1/0008.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://marc.info/?l=webmin-announce\u0026m=104587858408101\u0026w=2"
},
{
"name": "20030224 Webmin 1.050 - 1.060 remote exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104610245624895\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.lac.co.jp/security/english/snsadv_e/62_e.html"
},
{
"name": "20030602-01-I",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20030602-01-I"
},
{
"name": "webmin-usermin-root-access(11390)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/11390.php"
},
{
"name": "6915",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6915"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0101",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "miniserv.pl in (1) Webmin before 1.070 and (2) Usermin before 1.000 does not properly handle metacharacters such as line feeds and carriage returns (CRLF) in Base-64 encoded strings during Basic authentication, which allows remote attackers to spoof a session ID and gain root privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-319",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2003/dsa-319"
},
{
"name": "http://www.linuxsecurity.com/advisories/gentoo_advisory-2886.html",
"refsource": "CONFIRM",
"url": "http://www.linuxsecurity.com/advisories/gentoo_advisory-2886.html"
},
{
"name": "20030224 GLSA: usermin (200302-14)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=104610336226274\u0026w=2"
},
{
"name": "N-058",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/n-058.shtml"
},
{
"name": "8163",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/8163"
},
{
"name": "MDKSA-2003:025",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:025"
},
{
"name": "HPSBUX0303-250",
"refsource": "HP",
"url": "http://archives.neohapsis.com/archives/hp/2003-q1/0063.html"
},
{
"name": "8115",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/8115"
},
{
"name": "1006160",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1006160"
},
{
"name": "20030224 [SNS Advisory No.62] Webmin/Usermin Session ID Spoofing Vulnerability \"Episode 2\"",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=104610300325629\u0026w=2"
},
{
"name": "ESA-20030225-006",
"refsource": "ENGARDE",
"url": "http://archives.neohapsis.com/archives/linux/engarde/2003-q1/0008.html"
},
{
"name": "http://marc.info/?l=webmin-announce\u0026m=104587858408101\u0026w=2",
"refsource": "CONFIRM",
"url": "http://marc.info/?l=webmin-announce\u0026m=104587858408101\u0026w=2"
},
{
"name": "20030224 Webmin 1.050 - 1.060 remote exploit",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=104610245624895\u0026w=2"
},
{
"name": "http://www.lac.co.jp/security/english/snsadv_e/62_e.html",
"refsource": "MISC",
"url": "http://www.lac.co.jp/security/english/snsadv_e/62_e.html"
},
{
"name": "20030602-01-I",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20030602-01-I"
},
{
"name": "webmin-usermin-root-access(11390)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/11390.php"
},
{
"name": "6915",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6915"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0101",
"datePublished": "2003-02-26T05:00:00",
"dateReserved": "2003-02-24T00:00:00",
"dateUpdated": "2024-08-08T01:43:35.586Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-38305
Vulnerability from cvelistv5
Published
2023-07-31 00:00
Modified
2024-10-22 17:57
Severity ?
EPSS score ?
Summary
An issue was discovered in Webmin 2.021. The download functionality allows an attacker to exploit a Cross-Site Scripting (XSS) vulnerability. By providing a crafted download path containing a malicious payload, an attacker can inject arbitrary code, which is then executed within the context of the victim's browser when the download link is accessed.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:39:13.450Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://webmin.com/tags/webmin-changelog/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38305"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-38305",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T17:57:24.792491Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-22T17:57:31.188Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Webmin 2.021. The download functionality allows an attacker to exploit a Cross-Site Scripting (XSS) vulnerability. By providing a crafted download path containing a malicious payload, an attacker can inject arbitrary code, which is then executed within the context of the victim\u0027s browser when the download link is accessed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-31T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://webmin.com/tags/webmin-changelog/"
},
{
"url": "https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38305"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-38305",
"datePublished": "2023-07-31T00:00:00",
"dateReserved": "2023-07-14T00:00:00",
"dateUpdated": "2024-10-22T17:57:31.188Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-0757
Vulnerability from cvelistv5
Published
2002-07-26 04:00
Modified
2024-08-08 03:03
Severity ?
EPSS score ?
Summary
(1) Webmin 0.96 and (2) Usermin 0.90 with password timeouts enabled allow local and possibly remote attackers to bypass authentication and gain privileges via certain control characters in the authentication information, which can force Webmin or Usermin to accept arbitrary username/session ID combinations.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.iss.net/security_center/static/9037.php | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/4700 | vdb-entry, x_refsource_BID | |
| http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-033.php | vendor-advisory, x_refsource_MANDRAKE | |
| http://online.securityfocus.com/archive/1/271466 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:03:47.946Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "webmin-usermin-sessionid-spoof(9037)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9037.php"
},
{
"name": "4700",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4700"
},
{
"name": "MDKSA-2002:033",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-033.php"
},
{
"name": "20020508 [SNS Advisory No.53] Webmin/Usermin Session ID Spoofing Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/271466"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-05-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "(1) Webmin 0.96 and (2) Usermin 0.90 with password timeouts enabled allow local and possibly remote attackers to bypass authentication and gain privileges via certain control characters in the authentication information, which can force Webmin or Usermin to accept arbitrary username/session ID combinations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-07-31T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "webmin-usermin-sessionid-spoof(9037)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9037.php"
},
{
"name": "4700",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4700"
},
{
"name": "MDKSA-2002:033",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-033.php"
},
{
"name": "20020508 [SNS Advisory No.53] Webmin/Usermin Session ID Spoofing Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/271466"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0757",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "(1) Webmin 0.96 and (2) Usermin 0.90 with password timeouts enabled allow local and possibly remote attackers to bypass authentication and gain privileges via certain control characters in the authentication information, which can force Webmin or Usermin to accept arbitrary username/session ID combinations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "webmin-usermin-sessionid-spoof(9037)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9037.php"
},
{
"name": "4700",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4700"
},
{
"name": "MDKSA-2002:033",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-033.php"
},
{
"name": "20020508 [SNS Advisory No.53] Webmin/Usermin Session ID Spoofing Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/271466"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0757",
"datePublished": "2002-07-26T04:00:00",
"dateReserved": "2002-07-25T00:00:00",
"dateUpdated": "2024-08-08T03:03:47.946Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-0559
Vulnerability from cvelistv5
Published
2004-09-24 04:00
Modified
2024-08-08 00:24
Severity ?
EPSS score ?
Summary
The maketemp.pl script in Usermin 1.070 and 1.080 allows local users to overwrite arbitrary files at install time via a symlink attack on the /tmp/.usermin directory.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.webmin.com/uchanges-1.089.html | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/11153 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/12488/ | third-party-advisory, x_refsource_SECUNIA | |
| http://www.gentoo.org/security/en/glsa/glsa-200409-15.xml | vendor-advisory, x_refsource_GENTOO | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/17299 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:24:25.802Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.webmin.com/uchanges-1.089.html"
},
{
"name": "11153",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11153"
},
{
"name": "12488",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12488/"
},
{
"name": "GLSA-200409-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-15.xml"
},
{
"name": "usermin-installation-unspecified(17299)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17299"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-09-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The maketemp.pl script in Usermin 1.070 and 1.080 allows local users to overwrite arbitrary files at install time via a symlink attack on the /tmp/.usermin directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.webmin.com/uchanges-1.089.html"
},
{
"name": "11153",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11153"
},
{
"name": "12488",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12488/"
},
{
"name": "GLSA-200409-15",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-15.xml"
},
{
"name": "usermin-installation-unspecified(17299)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17299"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0559",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The maketemp.pl script in Usermin 1.070 and 1.080 allows local users to overwrite arbitrary files at install time via a symlink attack on the /tmp/.usermin directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.webmin.com/uchanges-1.089.html",
"refsource": "CONFIRM",
"url": "http://www.webmin.com/uchanges-1.089.html"
},
{
"name": "11153",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11153"
},
{
"name": "12488",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12488/"
},
{
"name": "GLSA-200409-15",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-15.xml"
},
{
"name": "usermin-installation-unspecified(17299)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17299"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0559",
"datePublished": "2004-09-24T04:00:00",
"dateReserved": "2004-06-14T00:00:00",
"dateUpdated": "2024-08-08T00:24:25.802Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36452
Vulnerability from cvelistv5
Published
2024-07-10 07:01
Modified
2024-11-05 21:12
Severity ?
EPSS score ?
Summary
Cross-site request forgery vulnerability exists in ajaxterm module of Webmin versions prior to 2.003. If this vulnerability is exploited, unintended operations may be performed when a user views a malicious page while logged in. As a result, data within a system may be referred, a webpage may be altered, or a server may be permanently halted.
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-36452",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-10T13:29:35.481782Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352 Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-05T21:12:24.776Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:37:05.210Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://webmin.com/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN81442045/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Webmin",
"vendor": "Webmin",
"versions": [
{
"status": "affected",
"version": "versions prior to 2.003"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery vulnerability exists in ajaxterm module of Webmin versions prior to 2.003. If this vulnerability is exploited, unintended operations may be performed when a user views a malicious page while logged in. As a result, data within a system may be referred, a webpage may be altered, or a server may be permanently halted."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site request forgery (CSRF)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T07:01:48.896Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://webmin.com/"
},
{
"url": "https://jvn.jp/en/jp/JVN81442045/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-36452",
"datePublished": "2024-07-10T07:01:48.896Z",
"dateReserved": "2024-05-28T05:38:38.739Z",
"dateUpdated": "2024-11-05T21:12:24.776Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-17089
Vulnerability from cvelistv5
Published
2017-12-30 17:00
Modified
2024-08-05 20:43
Severity ?
EPSS score ?
Summary
custom/run.cgi in Webmin before 1.870 allows remote authenticated administrators to conduct XSS attacks via the description field in the custom command functionality.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/102339 | vdb-entry, x_refsource_BID | |
| https://github.com/webmin/webmin/commit/a9c97eea6c268fb83d93a817d58bac75e0d2599e | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:43:59.825Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "102339",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102339"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/webmin/webmin/commit/a9c97eea6c268fb83d93a817d58bac75e0d2599e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-12-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "custom/run.cgi in Webmin before 1.870 allows remote authenticated administrators to conduct XSS attacks via the description field in the custom command functionality."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-03T10:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "102339",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102339"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/webmin/webmin/commit/a9c97eea6c268fb83d93a817d58bac75e0d2599e"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-17089",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "custom/run.cgi in Webmin before 1.870 allows remote authenticated administrators to conduct XSS attacks via the description field in the custom command functionality."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102339",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102339"
},
{
"name": "https://github.com/webmin/webmin/commit/a9c97eea6c268fb83d93a817d58bac75e0d2599e",
"refsource": "CONFIRM",
"url": "https://github.com/webmin/webmin/commit/a9c97eea6c268fb83d93a817d58bac75e0d2599e"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-17089",
"datePublished": "2017-12-30T17:00:00",
"dateReserved": "2017-12-01T00:00:00",
"dateUpdated": "2024-08-05T20:43:59.825Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2001-1530
Vulnerability from cvelistv5
Published
2005-07-14 04:00
Modified
2024-09-16 20:43
Severity ?
EPSS score ?
Summary
run.cgi in Webmin 0.80 and 0.88 creates temporary files with world-writable permissions, which allows local users to execute arbitrary commands.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/vulnwatch/2001-q4/0015.html | mailing-list, x_refsource_VULNWATCH | |
| http://www.securiteam.com/unixfocus/6R00M0K2UC.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:58:11.438Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20011022 Webmin 0.88 temporary insecure file creation, root compromise",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2001-q4/0015.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securiteam.com/unixfocus/6R00M0K2UC.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "run.cgi in Webmin 0.80 and 0.88 creates temporary files with world-writable permissions, which allows local users to execute arbitrary commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-07-14T04:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20011022 Webmin 0.88 temporary insecure file creation, root compromise",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2001-q4/0015.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securiteam.com/unixfocus/6R00M0K2UC.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1530",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "run.cgi in Webmin 0.80 and 0.88 creates temporary files with world-writable permissions, which allows local users to execute arbitrary commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20011022 Webmin 0.88 temporary insecure file creation, root compromise",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2001-q4/0015.html"
},
{
"name": "http://www.securiteam.com/unixfocus/6R00M0K2UC.html",
"refsource": "MISC",
"url": "http://www.securiteam.com/unixfocus/6R00M0K2UC.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1530",
"datePublished": "2005-07-14T04:00:00Z",
"dateReserved": "2005-07-14T00:00:00Z",
"dateUpdated": "2024-09-16T20:43:21.612Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-31761
Vulnerability from cvelistv5
Published
2021-04-25 18:30
Modified
2024-08-03 23:03
Severity ?
EPSS score ?
Summary
Webmin 1.973 is affected by reflected Cross Site Scripting (XSS) to achieve Remote Command Execution through Webmin's running process feature.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/webmin/webmin | x_refsource_MISC | |
| https://youtu.be/23VvUMu-28c | x_refsource_MISC | |
| https://github.com/Mesh3l911/CVE-2021-31761 | x_refsource_MISC | |
| https://github.com/electronicbots/CVE-2021-31761 | x_refsource_MISC | |
| http://packetstormsecurity.com/files/163559/Webmin-1.973-Cross-Site-Request-Forgery.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:03:33.750Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/webmin/webmin"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://youtu.be/23VvUMu-28c"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Mesh3l911/CVE-2021-31761"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/electronicbots/CVE-2021-31761"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/163559/Webmin-1.973-Cross-Site-Request-Forgery.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Webmin 1.973 is affected by reflected Cross Site Scripting (XSS) to achieve Remote Command Execution through Webmin\u0027s running process feature."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-20T15:06:11",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/webmin/webmin"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://youtu.be/23VvUMu-28c"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Mesh3l911/CVE-2021-31761"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/electronicbots/CVE-2021-31761"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/163559/Webmin-1.973-Cross-Site-Request-Forgery.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-31761",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Webmin 1.973 is affected by reflected Cross Site Scripting (XSS) to achieve Remote Command Execution through Webmin\u0027s running process feature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/webmin/webmin",
"refsource": "MISC",
"url": "https://github.com/webmin/webmin"
},
{
"name": "https://youtu.be/23VvUMu-28c",
"refsource": "MISC",
"url": "https://youtu.be/23VvUMu-28c"
},
{
"name": "https://github.com/Mesh3l911/CVE-2021-31761",
"refsource": "MISC",
"url": "https://github.com/Mesh3l911/CVE-2021-31761"
},
{
"name": "https://github.com/electronicbots/CVE-2021-31761",
"refsource": "MISC",
"url": "https://github.com/electronicbots/CVE-2021-31761"
},
{
"name": "http://packetstormsecurity.com/files/163559/Webmin-1.973-Cross-Site-Request-Forgery.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/163559/Webmin-1.973-Cross-Site-Request-Forgery.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-31761",
"datePublished": "2021-04-25T18:30:40",
"dateReserved": "2021-04-23T00:00:00",
"dateUpdated": "2024-08-03T23:03:33.750Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-15646
Vulnerability from cvelistv5
Published
2017-10-19 22:00
Modified
2024-09-17 00:11
Severity ?
EPSS score ?
Summary
Webmin before 1.860 has XSS with resultant remote code execution. Under the 'Others/File Manager' menu, there is a 'Download from remote URL' option to download a file from a remote server. After setting up a malicious server, one can wait for a file download request and then send an XSS payload that will lead to Remote Code Execution, as demonstrated by an OS command in the value attribute of a name='cmd' input element.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.webmin.com/security.html | x_refsource_MISC | |
| https://github.com/webmin/webmin/commit/0c58892732ee7610a7abba5507614366d382c9c9 | x_refsource_MISC | |
| https://blogs.securiteam.com/index.php/archives/3430 | x_refsource_MISC | |
| http://www.webmin.com/changes.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:57:27.458Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.webmin.com/security.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/webmin/webmin/commit/0c58892732ee7610a7abba5507614366d382c9c9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blogs.securiteam.com/index.php/archives/3430"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.webmin.com/changes.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Webmin before 1.860 has XSS with resultant remote code execution. Under the \u0027Others/File Manager\u0027 menu, there is a \u0027Download from remote URL\u0027 option to download a file from a remote server. After setting up a malicious server, one can wait for a file download request and then send an XSS payload that will lead to Remote Code Execution, as demonstrated by an OS command in the value attribute of a name=\u0027cmd\u0027 input element."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-19T22:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.webmin.com/security.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/webmin/webmin/commit/0c58892732ee7610a7abba5507614366d382c9c9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blogs.securiteam.com/index.php/archives/3430"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.webmin.com/changes.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15646",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Webmin before 1.860 has XSS with resultant remote code execution. Under the \u0027Others/File Manager\u0027 menu, there is a \u0027Download from remote URL\u0027 option to download a file from a remote server. After setting up a malicious server, one can wait for a file download request and then send an XSS payload that will lead to Remote Code Execution, as demonstrated by an OS command in the value attribute of a name=\u0027cmd\u0027 input element."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.webmin.com/security.html",
"refsource": "MISC",
"url": "http://www.webmin.com/security.html"
},
{
"name": "https://github.com/webmin/webmin/commit/0c58892732ee7610a7abba5507614366d382c9c9",
"refsource": "MISC",
"url": "https://github.com/webmin/webmin/commit/0c58892732ee7610a7abba5507614366d382c9c9"
},
{
"name": "https://blogs.securiteam.com/index.php/archives/3430",
"refsource": "MISC",
"url": "https://blogs.securiteam.com/index.php/archives/3430"
},
{
"name": "http://www.webmin.com/changes.html",
"refsource": "MISC",
"url": "http://www.webmin.com/changes.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15646",
"datePublished": "2017-10-19T22:00:00Z",
"dateReserved": "2017-10-19T00:00:00Z",
"dateUpdated": "2024-09-17T00:11:41.559Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-8821
Vulnerability from cvelistv5
Published
2020-10-12 15:54
Modified
2024-08-04 10:12
Severity ?
EPSS score ?
Summary
An Improper Data Validation Vulnerability exists in Webmin 1.941 and earlier affecting the Command Shell Endpoint. A user may enter HTML code into the Command field and submit it. Then, after visiting the Action Logs Menu and displaying logs, the HTML code will be rendered (however, JavaScript is not executed). Changes are kept across users.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.webmin.com/security.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:12:10.584Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.webmin.com/security.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-10-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An Improper Data Validation Vulnerability exists in Webmin 1.941 and earlier affecting the Command Shell Endpoint. A user may enter HTML code into the Command field and submit it. Then, after visiting the Action Logs Menu and displaying logs, the HTML code will be rendered (however, JavaScript is not executed). Changes are kept across users."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-12T15:54:34",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.webmin.com/security.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-8821",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Improper Data Validation Vulnerability exists in Webmin 1.941 and earlier affecting the Command Shell Endpoint. A user may enter HTML code into the Command field and submit it. Then, after visiting the Action Logs Menu and displaying logs, the HTML code will be rendered (however, JavaScript is not executed). Changes are kept across users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.webmin.com/security.html",
"refsource": "MISC",
"url": "https://www.webmin.com/security.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-8821",
"datePublished": "2020-10-12T15:54:34",
"dateReserved": "2020-02-10T00:00:00",
"dateUpdated": "2024-08-04T10:12:10.584Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-36451
Vulnerability from cvelistv5
Published
2024-07-10 07:01
Modified
2024-08-02 03:37
Severity ?
EPSS score ?
Summary
Improper handling of insufficient permissions or privileges vulnerability exists in ajaxterm module of Webmin prior to 2.003. If this vulnerability is exploited, a console session may be hijacked by an unauthorized user. As a result, data within a system may be referred, a webpage may be altered, or a server may be permanently halted.
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:gentoo:webmin:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "webmin",
"vendor": "gentoo",
"versions": [
{
"lessThan": "2.003",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-36451",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-10T13:43:10.942023Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-280",
"description": "CWE-280 Improper Handling of Insufficient Permissions or Privileges ",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T13:44:57.574Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T03:37:05.144Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://webmin.com/"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN81442045/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Webmin",
"vendor": "Webmin",
"versions": [
{
"status": "affected",
"version": "prior to 2.003"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper handling of insufficient permissions or privileges vulnerability exists in ajaxterm module of Webmin prior to 2.003. If this vulnerability is exploited, a console session may be hijacked by an unauthorized user. As a result, data within a system may be referred, a webpage may be altered, or a server may be permanently halted."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Handling of Insufficient Permissions or Privileges",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T07:01:26.121Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://webmin.com/"
},
{
"url": "https://jvn.jp/en/jp/JVN81442045/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-36451",
"datePublished": "2024-07-10T07:01:26.121Z",
"dateReserved": "2024-05-28T05:38:38.739Z",
"dateUpdated": "2024-08-02T03:37:05.144Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-32159
Vulnerability from cvelistv5
Published
2022-04-11 05:41
Modified
2024-08-03 23:17
Severity ?
EPSS score ?
Summary
A Cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 via the Upload and Download feature.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/Mesh3l911/CVE-2021-32159 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:17:29.156Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Mesh3l911/CVE-2021-32159"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 via the Upload and Download feature."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-11T05:41:36",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Mesh3l911/CVE-2021-32159"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-32159",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 via the Upload and Download feature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Mesh3l911/CVE-2021-32159",
"refsource": "MISC",
"url": "https://github.com/Mesh3l911/CVE-2021-32159"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-32159",
"datePublished": "2022-04-11T05:41:36",
"dateReserved": "2021-05-07T00:00:00",
"dateUpdated": "2024-08-03T23:17:29.156Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2019-12840
Vulnerability from cvelistv5
Published
2019-06-15 19:52
Modified
2024-08-04 23:32
Severity ?
EPSS score ?
Summary
In Webmin through 1.910, any user authorized to the "Package Updates" module can execute arbitrary commands with root privileges via the data parameter to update.cgi.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.exploit-db.com/exploits/46984 | x_refsource_MISC | |
| https://pentest.com.tr/exploits/Webmin-1910-Package-Updates-Remote-Command-Execution.html | x_refsource_MISC | |
| http://www.securityfocus.com/bid/108790 | vdb-entry, x_refsource_BID | |
| http://packetstormsecurity.com/files/153372/Webmin-1.910-Remote-Command-Execution.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:32:55.415Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/46984"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pentest.com.tr/exploits/Webmin-1910-Package-Updates-Remote-Command-Execution.html"
},
{
"name": "108790",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/108790"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/153372/Webmin-1.910-Remote-Command-Execution.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Webmin through 1.910, any user authorized to the \"Package Updates\" module can execute arbitrary commands with root privileges via the data parameter to update.cgi."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-20T20:06:05",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.exploit-db.com/exploits/46984"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pentest.com.tr/exploits/Webmin-1910-Package-Updates-Remote-Command-Execution.html"
},
{
"name": "108790",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/108790"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/153372/Webmin-1.910-Remote-Command-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12840",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Webmin through 1.910, any user authorized to the \"Package Updates\" module can execute arbitrary commands with root privileges via the data parameter to update.cgi."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.exploit-db.com/exploits/46984",
"refsource": "MISC",
"url": "https://www.exploit-db.com/exploits/46984"
},
{
"name": "https://pentest.com.tr/exploits/Webmin-1910-Package-Updates-Remote-Command-Execution.html",
"refsource": "MISC",
"url": "https://pentest.com.tr/exploits/Webmin-1910-Package-Updates-Remote-Command-Execution.html"
},
{
"name": "108790",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/108790"
},
{
"name": "http://packetstormsecurity.com/files/153372/Webmin-1.910-Remote-Command-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/153372/Webmin-1.910-Remote-Command-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12840",
"datePublished": "2019-06-15T19:52:10",
"dateReserved": "2019-06-15T00:00:00",
"dateUpdated": "2024-08-04T23:32:55.415Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-32160
Vulnerability from cvelistv5
Published
2022-04-11 05:43
Modified
2024-08-03 23:17
Severity ?
EPSS score ?
Summary
A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 through the Add Users feature.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/Mesh3l911/CVE-2021-32160 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:17:29.338Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Mesh3l911/CVE-2021-32160"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 through the Add Users feature."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-11T05:43:44",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Mesh3l911/CVE-2021-32160"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-32160",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 through the Add Users feature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Mesh3l911/CVE-2021-32160",
"refsource": "MISC",
"url": "https://github.com/Mesh3l911/CVE-2021-32160"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-32160",
"datePublished": "2022-04-11T05:43:44",
"dateReserved": "2021-05-07T00:00:00",
"dateUpdated": "2024-08-03T23:17:29.338Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2019-03-07 05:29
Modified
2024-11-21 04:51
Severity ?
Summary
Webmin 1.900 allows remote attackers to execute arbitrary code by leveraging the "Java file manager" and "Upload and Download" privileges to upload a crafted .cgi file via the /updown/upload.cgi URI.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.rapid7.com/db/modules/exploit/unix/webapp/webmin_upload_exec | Third Party Advisory | |
| cve@mitre.org | https://pentest.com.tr/exploits/Webmin-1900-Remote-Command-Execution.html | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.exploit-db.com/exploits/46201 | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.rapid7.com/db/modules/exploit/unix/webapp/webmin_upload_exec | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://pentest.com.tr/exploits/Webmin-1900-Remote-Command-Execution.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/46201 | Exploit, Third Party Advisory, VDB Entry |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:1.900:*:*:*:*:*:*:*",
"matchCriteriaId": "5CFDA9D0-AACA-4E88-9C05-B1E6195AF408",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Webmin 1.900 allows remote attackers to execute arbitrary code by leveraging the \"Java file manager\" and \"Upload and Download\" privileges to upload a crafted .cgi file via the /updown/upload.cgi URI."
},
{
"lang": "es",
"value": "Webmin 1.900 permite a los atacantes remotos ejecutar c\u00f3digo arbitrario, aprovechando los privilegios \"Java file manager\" y \"Upload and Download\" para subir un archivo .cgi manipulado mediante el URI /updown/upload.cgi."
}
],
"id": "CVE-2019-9624",
"lastModified": "2024-11-21T04:51:59.507",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-07T05:29:01.410",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.rapid7.com/db/modules/exploit/unix/webapp/webmin_upload_exec"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://pentest.com.tr/exploits/Webmin-1900-Remote-Command-Execution.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/46201"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.rapid7.com/db/modules/exploit/unix/webapp/webmin_upload_exec"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://pentest.com.tr/exploits/Webmin-1900-Remote-Command-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/46201"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-269"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-01-25 21:15
Modified
2024-11-21 08:39
Severity ?
Summary
Cross Site Scripting vulnerability (XSS) in webmin v.2.105 and earlier allows a remote attacker to execute arbitrary code via a crafted payload to the "Execute cron job as" tab Input field.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Acklee/webadmin_xss/blob/main/xss.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Acklee/webadmin_xss/blob/main/xss.md | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "31EF125F-925E-4A9B-B100-2A9840924559",
"versionEndIncluding": "2.105",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability (XSS) in webmin v.2.105 and earlier allows a remote attacker to execute arbitrary code via a crafted payload to the \"Execute cron job as\" tab Input field."
},
{
"lang": "es",
"value": "Vulnerabilidad de cross site scripting (XSS) en webmin v.2.105 y versiones anteriores permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de un payload manipulado en el campo de entrada de la pesta\u00f1a \"Execute cron job as\"."
}
],
"id": "CVE-2023-52046",
"lastModified": "2024-11-21T08:39:04.817",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-01-25T21:15:08.730",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Acklee/webadmin_xss/blob/main/xss.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Acklee/webadmin_xss/blob/main/xss.md"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-08-30 22:15
Modified
2024-11-21 08:20
Severity ?
Summary
A Reflected Cross-site scripting (XSS) vulnerability in the file manager tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the replace in results field while replacing the results under the tools drop down.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:2.000:*:*:*:*:*:*:*",
"matchCriteriaId": "32C6CF7F-1287-4AB2-B4C0-801AC1EC3CB5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Reflected Cross-site scripting (XSS) vulnerability in the file manager tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the replace in results field while replacing the results under the tools drop down."
}
],
"id": "CVE-2023-41163",
"lastModified": "2024-11-21T08:20:42.290",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-30T22:15:10.297",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/shindeanik/Usermin-2.000/blob/main/CVE-2023-41163"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://webmin.com/tags/webmin-changelog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/shindeanik/Usermin-2.000/blob/main/CVE-2023-41163"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://webmin.com/tags/webmin-changelog/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-08-12 04:00
Modified
2024-11-20 23:39
Severity ?
Summary
Cross-site scripting vulnerability in the authentication page for (1) Webmin 0.96 and (2) Usermin 0.90 allows remote attackers to insert script into an error page and possibly steal cookies.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://archives.neohapsis.com/archives/bugtraq/2002-05/0040.html | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.iss.net/security_center/static/9036.php | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/4694 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://archives.neohapsis.com/archives/bugtraq/2002-05/0040.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.iss.net/security_center/static/9036.php | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/4694 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:usermin:usermin:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CD343610-8BE2-4916-AF30-66B21330D84C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0D54B4D9-5218-41F9-A701-F960199EE520",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B352FF6B-989C-4540-B434-9452851F745C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.91:*:*:*:*:*:*:*",
"matchCriteriaId": "0B0813F3-1886-481E-8822-4BD199C4934F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.92:*:*:*:*:*:*:*",
"matchCriteriaId": "6D25A7CA-ED9D-4562-8965-D4906D1BE5FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.92.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5C38C77-246F-41A9-A3D5-99C2DDA1DAE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.93:*:*:*:*:*:*:*",
"matchCriteriaId": "C1F2D028-F2F9-4CE0-A24B-7DB44D488D4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.94:*:*:*:*:*:*:*",
"matchCriteriaId": "82EE7A9B-5688-4933-95B9-476873D44A65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.95:*:*:*:*:*:*:*",
"matchCriteriaId": "30A57D7A-B989-4D82-B667-029A245AA6D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.96:*:*:*:*:*:*:*",
"matchCriteriaId": "C664186B-DD40-490B-B2DE-4279B00102F2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in the authentication page for (1) Webmin 0.96 and (2) Usermin 0.90 allows remote attackers to insert script into an error page and possibly steal cookies."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados en la p\u00e1gina de autenticaci\u00f3n de:\r\n\r\n Webmin 0.96\r\n Usermin 0.90\r\n\r\nque permite a atacantes remotos la inserci\u00f3n de c\u00f3digo en una p\u00e1gina de error y posiblemente el robo de cookies."
}
],
"id": "CVE-2002-0756",
"lastModified": "2024-11-20T23:39:47.873",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-08-12T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-05/0040.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/9036.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/4694"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-05/0040.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/9036.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/4694"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-04-25 19:15
Modified
2024-11-21 06:06
Severity ?
Summary
Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to create a privileged user through Webmin's add users feature, and then get a reverse shell through Webmin's running process feature.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:1.973:*:*:*:*:*:*:*",
"matchCriteriaId": "36AF9E26-A663-4BCE-AD76-CABD6DA36B66",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to create a privileged user through Webmin\u0027s add users feature, and then get a reverse shell through Webmin\u0027s running process feature."
},
{
"lang": "es",
"value": "Webmin versi\u00f3n 1.973, esta afectado por una vulnerabilidad de tipo Cross Site Request Forgery (CSRF) para crear un usuario privilegiado mediante la funcionalidad Webmin\u0027s add users, y luego obtener un shell inverso mediante la funcionalidad Webmin\u0027s running process"
}
],
"id": "CVE-2021-31762",
"lastModified": "2024-11-21T06:06:11.810",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-25T19:15:08.240",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/163492/Webmin-1.973-Cross-Site-Request-Forgery.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Mesh3l911/CVE-2021-31762"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/electronicbots/CVE-2021-31762"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://github.com/webmin/webmin"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://youtu.be/qCvEXwyaF5U"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/163492/Webmin-1.973-Cross-Site-Request-Forgery.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Mesh3l911/CVE-2021-31762"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/electronicbots/CVE-2021-31762"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://github.com/webmin/webmin"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://youtu.be/qCvEXwyaF5U"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-12-29 06:15
Modified
2024-11-21 05:28
Severity ?
Summary
miniserv.pl in Webmin 1.962 on Windows mishandles special characters in query arguments to the CGI program.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:1.962:*:*:*:*:*:*:*",
"matchCriteriaId": "89E73E98-9324-4DC9-8A7E-4A06D8C3A686",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "miniserv.pl in Webmin 1.962 on Windows mishandles special characters in query arguments to the CGI program."
},
{
"lang": "es",
"value": "El archivo miniserv.pl en Webmin versi\u00f3n 1.962 en Windows, maneja inapropiadamente unos caracteres especiales en los argumentos de consulta para el programa CGI"
}
],
"id": "CVE-2020-35769",
"lastModified": "2024-11-21T05:28:02.853",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-29T06:15:13.773",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/webmin/webmin/commit/1163f3a7f418f249af64890f4636575e687e9de7#diff-9b33fd8f5603d4f0d1428689bc36f24af4770608a22c0d92b7a8bcc522450dc6"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://vigilance.fr/vulnerability/Webmin-code-execution-via-miniserv-pl-handle-request-34220"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/webmin/webmin/commit/1163f3a7f418f249af64890f4636575e687e9de7#diff-9b33fd8f5603d4f0d1428689bc36f24af4770608a22c0d92b7a8bcc522450dc6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://vigilance.fr/vulnerability/Webmin-code-execution-via-miniserv-pl-handle-request-34220"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-19 22:29
Modified
2024-11-21 03:14
Severity ?
Summary
CSRF exists in Webmin 1.850. By sending a GET request to at/create_job.cgi containing dir=/&cmd= in the URI, an attacker to execute arbitrary commands.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.webmin.com/changes.html | Release Notes, Vendor Advisory | |
| cve@mitre.org | http://www.webmin.com/security.html | Vendor Advisory | |
| cve@mitre.org | https://blogs.securiteam.com/index.php/archives/3430 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://github.com/webmin/webmin/commit/0c58892732ee7610a7abba5507614366d382c9c9 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.webmin.com/changes.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.webmin.com/security.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blogs.securiteam.com/index.php/archives/3430 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/webmin/webmin/commit/0c58892732ee7610a7abba5507614366d382c9c9 | Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A946EA8C-A37B-497C-96F0-68F5AD312139",
"versionEndIncluding": "1.850",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CSRF exists in Webmin 1.850. By sending a GET request to at/create_job.cgi containing dir=/\u0026cmd= in the URI, an attacker to execute arbitrary commands."
},
{
"lang": "es",
"value": "Existe CSRF en Webmin 1.850. Enviando una petici\u00f3n GET a at/create_job.cgi que contenga dir=/cmd= en la URI, un atacante puede ejecutar comandos arbitrarios."
}
],
"id": "CVE-2017-15645",
"lastModified": "2024-11-21T03:14:56.593",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-19T22:29:00.277",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://www.webmin.com/changes.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.webmin.com/security.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blogs.securiteam.com/index.php/archives/3430"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/webmin/webmin/commit/0c58892732ee7610a7abba5507614366d382c9c9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://www.webmin.com/changes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.webmin.com/security.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blogs.securiteam.com/index.php/archives/3430"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/webmin/webmin/commit/0c58892732ee7610a7abba5507614366d382c9c9"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-03-16 14:06
Modified
2024-11-21 02:01
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in view.cgi in Webmin before 1.680 allows remote attackers to inject arbitrary web script or HTML via the search parameter.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4B0BF214-8325-44C1-88F1-722E50F04A72",
"versionEndIncluding": "1.670",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.600:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDBEEF5-0D51-4585-9AFF-E317E1E81C4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.610:*:*:*:*:*:*:*",
"matchCriteriaId": "79D5E434-C5D0-476C-991C-E82355AE32B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.620:*:*:*:*:*:*:*",
"matchCriteriaId": "523DF9D1-7E6D-458E-93AD-906AAE97E1CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.630:*:*:*:*:*:*:*",
"matchCriteriaId": "76BD5561-78F2-416F-BDE1-365D887FC061",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.640:*:*:*:*:*:*:*",
"matchCriteriaId": "E5D20433-B154-4CD2-BF7E-2B0F6E93E81C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.650:*:*:*:*:*:*:*",
"matchCriteriaId": "2403CB58-22C6-4B71-B007-4F2B8D942C5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.660:*:*:*:*:*:*:*",
"matchCriteriaId": "6321F048-D25F-4E4C-9994-7FA0D619418D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in view.cgi in Webmin before 1.680 allows remote attackers to inject arbitrary web script or HTML via the search parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en view.cgi en Webmin anterior a 1.680 permite a atacantes remotos inyectar script Web o HTML arbitrarios a trav\u00e9s del par\u00e1metro search."
}
],
"id": "CVE-2014-0339",
"lastModified": "2024-11-21T02:01:54.570",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-03-16T14:06:45.147",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2014/Mar/274"
},
{
"source": "cret@cert.org",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21679713"
},
{
"source": "cret@cert.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/381692"
},
{
"source": "cret@cert.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/66248"
},
{
"source": "cret@cert.org",
"url": "http://www.webmin.com/changes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2014/Mar/274"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21679713"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/381692"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/66248"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.webmin.com/changes.html"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-19 22:29
Modified
2024-11-21 03:14
Severity ?
Summary
Webmin before 1.860 has XSS with resultant remote code execution. Under the 'Others/File Manager' menu, there is a 'Download from remote URL' option to download a file from a remote server. After setting up a malicious server, one can wait for a file download request and then send an XSS payload that will lead to Remote Code Execution, as demonstrated by an OS command in the value attribute of a name='cmd' input element.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.webmin.com/changes.html | Release Notes, Vendor Advisory | |
| cve@mitre.org | http://www.webmin.com/security.html | Vendor Advisory | |
| cve@mitre.org | https://blogs.securiteam.com/index.php/archives/3430 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://github.com/webmin/webmin/commit/0c58892732ee7610a7abba5507614366d382c9c9 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.webmin.com/changes.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.webmin.com/security.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blogs.securiteam.com/index.php/archives/3430 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/webmin/webmin/commit/0c58892732ee7610a7abba5507614366d382c9c9 | Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A946EA8C-A37B-497C-96F0-68F5AD312139",
"versionEndIncluding": "1.850",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Webmin before 1.860 has XSS with resultant remote code execution. Under the \u0027Others/File Manager\u0027 menu, there is a \u0027Download from remote URL\u0027 option to download a file from a remote server. After setting up a malicious server, one can wait for a file download request and then send an XSS payload that will lead to Remote Code Execution, as demonstrated by an OS command in the value attribute of a name=\u0027cmd\u0027 input element."
},
{
"lang": "es",
"value": "Webmin, en versiones anteriores a la 1.860, tiene XSS que puede resultar en la ejecuci\u00f3n remota de c\u00f3digo. En el men\u00fa \"Others/File Manager\", hay una opci\u00f3n \"Download from remote URL\" (descarga desde URL remota) para descargar un archivo desde un servidor remoto. Despu\u00e9s de establecer un servidor malicioso, el atacante puede esperar una petici\u00f3n de descarga de archivo y entonces enviar un payload XSS que dar\u00e1 lugar a la ejecuci\u00f3n remota de c\u00f3digo. Esto ha sido demostrado por un comando de sistema operativo en el atributo valor de un elemento de entrada name=\u0027cmd\u0027."
}
],
"id": "CVE-2017-15646",
"lastModified": "2024-11-21T03:14:56.730",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-19T22:29:00.323",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://www.webmin.com/changes.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.webmin.com/security.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blogs.securiteam.com/index.php/archives/3430"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/webmin/webmin/commit/0c58892732ee7610a7abba5507614366d382c9c9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://www.webmin.com/changes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.webmin.com/security.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blogs.securiteam.com/index.php/archives/3430"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/webmin/webmin/commit/0c58892732ee7610a7abba5507614366d382c9c9"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-04-25 19:15
Modified
2024-11-21 06:06
Severity ?
Summary
Webmin 1.973 is affected by reflected Cross Site Scripting (XSS) to achieve Remote Command Execution through Webmin's running process feature.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:1.973:*:*:*:*:*:*:*",
"matchCriteriaId": "36AF9E26-A663-4BCE-AD76-CABD6DA36B66",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Webmin 1.973 is affected by reflected Cross Site Scripting (XSS) to achieve Remote Command Execution through Webmin\u0027s running process feature."
},
{
"lang": "es",
"value": "Webmin versi\u00f3n 1.973, esta afectado por una vulnerabilidad de tipo Cross Site Scripting (XSS) reflejado para lograr una ejecuci\u00f3n de comandos remota por medio de la funcionalidad Webmin\u0027s running process"
}
],
"id": "CVE-2021-31761",
"lastModified": "2024-11-21T06:06:11.657",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-25T19:15:08.207",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/163559/Webmin-1.973-Cross-Site-Request-Forgery.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Mesh3l911/CVE-2021-31761"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/electronicbots/CVE-2021-31761"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://github.com/webmin/webmin"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://youtu.be/23VvUMu-28c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/163559/Webmin-1.973-Cross-Site-Request-Forgery.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Mesh3l911/CVE-2021-31761"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/electronicbots/CVE-2021-31761"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://github.com/webmin/webmin"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://youtu.be/23VvUMu-28c"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-11-30 11:03
Modified
2024-11-21 00:03
Severity ?
Summary
Format string vulnerability in miniserv.pl Perl web server in Webmin before 1.250 and Usermin before 1.180, with syslog logging enabled, allows remote attackers to cause a denial of service (crash or memory consumption) and possibly execute arbitrary code via format string specifiers in the username parameter to the login form, which is ultimately used in a syslog call. NOTE: the code execution might be associated with an issue in Perl.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "52FDD9E6-97F7-48AB-ACB8-689E3470143C",
"versionEndExcluding": "1.180",
"versionStartIncluding": "1.100",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8A834E83-26D4-4B71-AE8B-46EF532464B0",
"versionEndExcluding": "1.250",
"versionStartIncluding": "1.200",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A2E0C1F8-31F5-4F61-9DF7-E49B43D3C873",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in miniserv.pl Perl web server in Webmin before 1.250 and Usermin before 1.180, with syslog logging enabled, allows remote attackers to cause a denial of service (crash or memory consumption) and possibly execute arbitrary code via format string specifiers in the username parameter to the login form, which is ultimately used in a syslog call. NOTE: the code execution might be associated with an issue in Perl."
}
],
"id": "CVE-2005-3912",
"lastModified": "2024-11-21T00:03:02.547",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-11-30T11:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://lists.immunitysec.com/pipermail/dailydave/2005-November/002685.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/17749"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/17817"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/17878"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/17942"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/18101"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/22556"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2006/dsa-1199"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.dyadsecurity.com/webmin-0001.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-02.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:223"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.novell.com/linux/security/advisories/2005_30_sr.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/418093/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2005/2660"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.webmin.com/changes-1.250.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.webmin.com/security.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.webmin.com/uchanges-1.180.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://lists.immunitysec.com/pipermail/dailydave/2005-November/002685.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/17749"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/17817"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/17878"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/17942"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/18101"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://secunia.com/advisories/22556"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2006/dsa-1199"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://www.dyadsecurity.com/webmin-0001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-02.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:223"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.novell.com/linux/security/advisories/2005_30_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/418093/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.vupen.com/english/advisories/2005/2660"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.webmin.com/changes-1.250.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.webmin.com/security.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.webmin.com/uchanges-1.180.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-07-06 20:05
Modified
2024-11-21 00:13
Severity ?
Summary
Webmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML, which allows remote attackers to read arbitrary files, as demonstrated using "..%01" sequences, which bypass the removal of "../" sequences before bytes such as "%01" are removed from the filename. NOTE: This is a different issue than CVE-2006-3274.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:usermin:usermin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26B92F53-3598-44F5-8CE1-A04A28EFF92E",
"versionEndIncluding": "1.210",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3A061012-19EE-4A9E-9AFC-75DF24D316C5",
"versionEndIncluding": "1.2.80",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Webmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML, which allows remote attackers to read arbitrary files, as demonstrated using \"..%01\" sequences, which bypass the removal of \"../\" sequences before bytes such as \"%01\" are removed from the filename. NOTE: This is a different issue than CVE-2006-3274."
},
{
"lang": "es",
"value": "Las aplicaciones Webmin antes de su versi\u00f3n 1.290 y Usermin antes de la 1.220 llaman a la funci\u00f3n simplify_path antes de decodificar HTML, lo que permite a atacantes remotos leer ficheros arbitrarios, como se ha demostrado utilizando secuencias \"..% 01\", evitando de esta manera la supresi\u00f3n del nombre de fichero de las secuencias \"../\" anteriores a octetos del estilo de \"%01\". NOTA: Se trata de una vulnerabilidad diferente a CVE-2006-3274."
}
],
"id": "CVE-2006-3392",
"lastModified": "2024-11-21T00:13:31.093",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-07-06T20:05:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://attrition.org/pipermail/vim/2006-July/000923.html"
},
{
"source": "cve@mitre.org",
"url": "http://attrition.org/pipermail/vim/2006-June/000912.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20892"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21105"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21365"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22556"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200608-11.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2006/dsa-1199"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/999601"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:125"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.osvdb.org/26772"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/439653/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/440125/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/440466/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/440493/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/18744"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/2612"
},
{
"source": "cve@mitre.org",
"url": "http://www.webmin.com/changes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://attrition.org/pipermail/vim/2006-July/000923.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://attrition.org/pipermail/vim/2006-June/000912.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20892"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21105"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21365"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/22556"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200608-11.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2006/dsa-1199"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/999601"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:125"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.osvdb.org/26772"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/439653/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/440125/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/440466/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/440493/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/18744"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/2612"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.webmin.com/changes.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-09-05 23:04
Modified
2024-11-21 00:16
Severity ?
Summary
Webmin before 1.296 and Usermin before 1.226 do not properly handle a URL with a null ("%00") character, which allows remote attackers to conduct cross-site scripting (XSS), read CGI program source code, list directories, and possibly execute programs.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:usermin:usermin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "876EE957-11A6-4B93-9EE5-820FD954324F",
"versionEndIncluding": "1.220",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1AD41B8B-72C0-411F-83E7-A82E1642FA26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "65A99166-28DF-4651-985F-922DBB06687E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0F9EACC7-1464-4476-9AA1-50DD902A3489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CD343610-8BE2-4916-AF30-66B21330D84C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0D54B4D9-5218-41F9-A701-F960199EE520",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B352FF6B-989C-4540-B434-9452851F745C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.91:*:*:*:*:*:*:*",
"matchCriteriaId": "F83F9841-49C7-410A-891F-365BBA043D2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.92:*:*:*:*:*:*:*",
"matchCriteriaId": "711485C5-F16A-4481-AEE3-E2AF1BAA09DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.93:*:*:*:*:*:*:*",
"matchCriteriaId": "FD5B9395-DCEA-4615-825E-1C4B42F25E2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.94:*:*:*:*:*:*:*",
"matchCriteriaId": "0B7162DD-DFE1-478D-B87C-28C393E20941",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.95:*:*:*:*:*:*:*",
"matchCriteriaId": "A01D1150-FCDE-47F5-BFE6-F06A294D7B29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.96:*:*:*:*:*:*:*",
"matchCriteriaId": "2D673B88-A9D9-4D22-9531-7F06791BC551",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.97:*:*:*:*:*:*:*",
"matchCriteriaId": "538021A3-2A6E-446F-B14D-4DCC7A470E55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.98:*:*:*:*:*:*:*",
"matchCriteriaId": "BB1A2A26-1187-46BE-8EFC-F3C325679245",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.99:*:*:*:*:*:*:*",
"matchCriteriaId": "6E70B0A6-31C9-4D78-B4B9-E75B45B6368C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.000:*:*:*:*:*:*:*",
"matchCriteriaId": "C70274C3-7CA0-49A2-B63C-7DAF492CCD0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.010:*:*:*:*:*:*:*",
"matchCriteriaId": "A7C4A319-0EA6-47E0-831A-27530DCF714E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.020:*:*:*:*:*:*:*",
"matchCriteriaId": "D1009D90-9851-441B-A2E2-FA5B676E8182",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.030:*:*:*:*:*:*:*",
"matchCriteriaId": "934A3D3F-CF10-478C-9206-DB468BCA4702",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.040:*:*:*:*:*:*:*",
"matchCriteriaId": "77B42570-F094-4C25-B246-6439D3FF4B30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.051:*:*:*:*:*:*:*",
"matchCriteriaId": "69A30BB5-2C3F-4C39-8CDC-CC0CC280384C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.060:*:*:*:*:*:*:*",
"matchCriteriaId": "753BF8DE-D225-4301-A6A6-50CD60B34234",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.070:*:*:*:*:*:*:*",
"matchCriteriaId": "FC37A972-11D7-4C85-A8DC-5EDE808629F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.080:*:*:*:*:*:*:*",
"matchCriteriaId": "EA7131C0-4FE1-4D69-9B21-8A9BFADE2A2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.090:*:*:*:*:*:*:*",
"matchCriteriaId": "6499BF74-CA64-4192-A45F-0D8B30C1FF37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.100:*:*:*:*:*:*:*",
"matchCriteriaId": "C0E9BC53-C2EC-43B8-9B5D-40675CF4C335",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.110:*:*:*:*:*:*:*",
"matchCriteriaId": "4702AEBE-E774-4015-974C-761901D50697",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.120:*:*:*:*:*:*:*",
"matchCriteriaId": "9AC9875A-3D23-4E4B-9A18-F8F86A62E5DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.130:*:*:*:*:*:*:*",
"matchCriteriaId": "8AED1941-33C5-4C29-BC85-F43B0BE3920B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.140:*:*:*:*:*:*:*",
"matchCriteriaId": "D05ED34F-0D69-4A4F-B59B-15437E991075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.150:*:*:*:*:*:*:*",
"matchCriteriaId": "B443FCF7-5949-4084-BA55-74F45A8ADB66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.210:*:*:*:*:*:*:*",
"matchCriteriaId": "D42C312D-82DE-48A5-9FDE-00D547A57416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "63F9D04D-D42B-47E1-B63A-BD7C943EB03D",
"versionEndIncluding": "1.2.90",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "30E3CF12-D0B7-4C7F-96C8-36A3FAFA8EDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C808C470-F0A1-4338-A988-3968EABE78E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C16685C0-94E9-4AE6-8221-1D32112808F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EDACA626-1687-4192-A2E8-C74823B715A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A9641C23-B30A-4CB2-A348-BD708F68F90A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0852A462-22ED-422D-A454-0A6E026D9AD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "97FEF73D-767D-4BF2-AA12-67268719A404",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "84B5A02C-96AB-46FD-A958-86AC0DFD1F2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "BB1B8073-C512-4ACA-8E3F-92D46D63FBCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.31:*:*:*:*:*:*:*",
"matchCriteriaId": "B368FAD0-39A7-4115-9327-1D32BECF2F7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.41:*:*:*:*:*:*:*",
"matchCriteriaId": "2B3D7B7A-0426-4176-A759-E96024DC492D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.42:*:*:*:*:*:*:*",
"matchCriteriaId": "1E3EFDEE-A99B-4D0E-B6A7-E7C285A5DFBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.51:*:*:*:*:*:*:*",
"matchCriteriaId": "50C3D4D4-246A-4287-AA42-CFDD0C1AE22A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.76:*:*:*:*:*:*:*",
"matchCriteriaId": "F05CF0BA-0606-42E5-A631-D302FF1D59F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.77:*:*:*:*:*:*:*",
"matchCriteriaId": "6A79B7B3-708A-42E4-B4EF-7746F6292DB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.78:*:*:*:*:*:*:*",
"matchCriteriaId": "E2F06BC0-0418-4A1C-BD4A-B7429A6CEA39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.79:*:*:*:*:*:*:*",
"matchCriteriaId": "1817FDA9-31F4-4D4A-A867-386D2F1CDB1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.80:*:*:*:*:*:*:*",
"matchCriteriaId": "23522A64-FD03-4C5B-9A8A-5E7CDDC65CEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.83:*:*:*:*:*:*:*",
"matchCriteriaId": "DFD94AA9-CABA-4FC8-8367-D5D9D8B4F623",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.84:*:*:*:*:*:*:*",
"matchCriteriaId": "35B136CA-47BF-46DE-885A-9E74EBDE5306",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.85:*:*:*:*:*:*:*",
"matchCriteriaId": "E9A3F522-6E6D-446C-8694-7AE91F19F1C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.88:*:*:*:*:*:*:*",
"matchCriteriaId": "DBB86BC7-4A99-4C5B-9460-CDDA7C4E4041",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.90:*:*:*:*:*:*:*",
"matchCriteriaId": "957C7CA1-DD36-409C-B7E5-01B719B4695E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.91:*:*:*:*:*:*:*",
"matchCriteriaId": "0B0813F3-1886-481E-8822-4BD199C4934F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.92:*:*:*:*:*:*:*",
"matchCriteriaId": "6D25A7CA-ED9D-4562-8965-D4906D1BE5FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.92.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5C38C77-246F-41A9-A3D5-99C2DDA1DAE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.93:*:*:*:*:*:*:*",
"matchCriteriaId": "C1F2D028-F2F9-4CE0-A24B-7DB44D488D4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.94:*:*:*:*:*:*:*",
"matchCriteriaId": "82EE7A9B-5688-4933-95B9-476873D44A65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.95:*:*:*:*:*:*:*",
"matchCriteriaId": "30A57D7A-B989-4D82-B667-029A245AA6D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.96:*:*:*:*:*:*:*",
"matchCriteriaId": "C664186B-DD40-490B-B2DE-4279B00102F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.97:*:*:*:*:*:*:*",
"matchCriteriaId": "88E1D6C5-20FE-4514-B618-312BB19E5F6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.98:*:*:*:*:*:*:*",
"matchCriteriaId": "B5017EA5-7188-4293-9FDF-5D23DCB40B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.99:*:*:*:*:*:*:*",
"matchCriteriaId": "FF6C5F07-330D-46C5-8A8B-8DF734F4640F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.00:*:*:*:*:*:*:*",
"matchCriteriaId": "2B4A574A-5B2A-4769-B932-E1736564160A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C644D728-1DD4-48E0-9E42-35E836006F41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "D9425C1F-5E6A-489A-9A8B-9156E79FEAA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.30:*:*:*:*:*:*:*",
"matchCriteriaId": "8B8347DA-13F8-40E9-B9EA-2703C049AFA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.40:*:*:*:*:*:*:*",
"matchCriteriaId": "BD9C3443-526E-4D68-9C7E-F3432BECE6C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.50:*:*:*:*:*:*:*",
"matchCriteriaId": "C968FBE9-191A-40B1-9A69-BF24511E40B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.51:*:*:*:*:*:*:*",
"matchCriteriaId": "FC77E1B6-E368-4ECD-8459-69C718CE5409",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.60:*:*:*:*:*:*:*",
"matchCriteriaId": "D89047FD-39F0-4614-B1EC-D13BAF57405E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.70:*:*:*:*:*:*:*",
"matchCriteriaId": "6CDF2120-F341-4C2E-88C1-A6C76626BFF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.80:*:*:*:*:*:*:*",
"matchCriteriaId": "01DFC15C-3513-4E94-B46D-94FEA0D627FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.90:*:*:*:*:*:*:*",
"matchCriteriaId": "F4E068D3-F6B5-4102-B9FA-949E2FAA33D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.00:*:*:*:*:*:*:*",
"matchCriteriaId": "7E6BD551-EC6A-4C77-B9E7-B9CF3DC21021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "01B0FE2D-02BC-4081-B172-64A74389C5F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "43433ECE-8225-43EE-9F5E-FBB170B60CFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "1615ACA2-32CC-48B7-AB5A-0BB0FDA7F190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.30:*:*:*:*:*:*:*",
"matchCriteriaId": "F5ABAE43-0EEF-44D5-AB36-44DA54290122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.40:*:*:*:*:*:*:*",
"matchCriteriaId": "AD33CE40-DFC9-4BDC-BF4F-9E0B268B8503",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.50:*:*:*:*:*:*:*",
"matchCriteriaId": "8608F5A2-B6FA-43C6-9862-43DBAF01EB1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "E815171B-B054-450F-A9B3-2D522161DD02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "CD941A62-A41E-41CB-80C0-8B780AC39FB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "786287DD-2565-4931-BBA0-2CACD7671352",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.2.50:*:*:*:*:*:*:*",
"matchCriteriaId": "4784DC04-D2C5-46C6-831F-23D69B4B0513",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.2.60:*:*:*:*:*:*:*",
"matchCriteriaId": "9C219DAB-C13C-4232-8B98-2D7A9ED16E30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.2.70:*:*:*:*:*:*:*",
"matchCriteriaId": "F88507A8-6143-4FB7-8027-EFB0C981ED8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.2.80:*:*:*:*:*:*:*",
"matchCriteriaId": "E35C0772-8265-415F-A390-530640DB9599",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Webmin before 1.296 and Usermin before 1.226 do not properly handle a URL with a null (\"%00\") character, which allows remote attackers to conduct cross-site scripting (XSS), read CGI program source code, list directories, and possibly execute programs."
},
{
"lang": "es",
"value": "Webmin anterior a 1.296 y Usermin anterior a 1.226 no dirigidas adecuadamente una URL con un caracter nulo (\"%00\"), lo cual permite a un atacante remoto dirigir una secuencia de comandos de sitios cruzados (XSS), leer el c\u00f3digo fuente del programa CGI, lista de directorios, y posiblemente ejecutar programas."
}
],
"evaluatorSolution": "This vulnerability is addressed in the following product releases:\r\nWebmin, Webmin, 1.296\r\nUsermin, Usermin, 1.226",
"id": "CVE-2006-4542",
"lastModified": "2024-11-21T00:16:12.620",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-09-05T23:04:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://jvn.jp/jp/JVN%2399776858/index.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21690"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/22087"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/22114"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/22556"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1016776"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1016777"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://webmin.com/security.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2006/dsa-1199"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/89_e.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:170"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/28337"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/28338"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/19820"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/3424"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28699"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://jvn.jp/jp/JVN%2399776858/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21690"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22087"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22114"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22556"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016776"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016777"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://webmin.com/security.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2006/dsa-1199"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/89_e.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:170"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/28337"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/28338"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/19820"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/3424"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28699"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-07-10 07:15
Modified
2024-11-21 09:22
Severity ?
Summary
Cross-site scripting vulnerability exists in sysinfo.cgi of Webmin versions prior to 1.910. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product. As a result, a session ID may be obtained, a webpage may be altered, or a server may be halted.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://jvn.jp/en/jp/JVN81442045/ | Third Party Advisory | |
| vultures@jpcert.or.jp | https://webmin.com/ | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/jp/JVN81442045/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://webmin.com/ | Product |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "681492C6-0496-4F86-9D53-EA041BDEDE55",
"versionEndExcluding": "1.910",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability exists in sysinfo.cgi of Webmin versions prior to 1.910. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product. As a result, a session ID may be obtained, a webpage may be altered, or a server may be halted."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de Cross Site Scripting en sysinfo.cgi de versiones de Webmin anteriores a la 1.910. Si se explota esta vulnerabilidad, se puede ejecutar un script arbitrario en el navegador web del usuario que accedi\u00f3 al sitio web utilizando el producto. Como resultado, se puede obtener una ID de sesi\u00f3n, se puede modificar una p\u00e1gina web o se puede detener un servidor."
}
],
"id": "CVE-2024-36450",
"lastModified": "2024-11-21T09:22:12.533",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-07-10T07:15:02.893",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN81442045/"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Product"
],
"url": "https://webmin.com/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/jp/JVN81442045/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://webmin.com/"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-26 18:15
Modified
2024-11-21 04:29
Severity ?
Summary
xmlrpc.cgi in Webmin through 1.930 allows authenticated XXE attacks. By default, only root, admin, and sysadm can access xmlrpc.cgi.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.calypt.com/blog/index.php/authenticated-xxe-on-webmin/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.calypt.com/blog/index.php/authenticated-xxe-on-webmin/ | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D6E473E7-13BE-452A-A7DA-3C0BEC89866E",
"versionEndIncluding": "1.930",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "xmlrpc.cgi in Webmin through 1.930 allows authenticated XXE attacks. By default, only root, admin, and sysadm can access xmlrpc.cgi."
},
{
"lang": "es",
"value": "xmlrpc.cgi en Webmin a trav\u00e9s de 1.930 permite ataques XXE autenticados. De forma predeterminada, solo root, admin y sysadm pueden tener acceso a xmlrpc.cgi."
}
],
"id": "CVE-2019-15641",
"lastModified": "2024-11-21T04:29:10.867",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-26T18:15:12.920",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.calypt.com/blog/index.php/authenticated-xxe-on-webmin/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.calypt.com/blog/index.php/authenticated-xxe-on-webmin/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-12-31 05:00
Modified
2024-11-20 23:43
Severity ?
Summary
The RPC module in Webmin 0.21 through 0.99, when installed without root or admin privileges, allows remote attackers to read and write to arbitrary files and execute arbitrary commands via remote_foreign_require and remote_foreign_call requests.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| webmin | webmin | 0.21 | |
| webmin | webmin | 0.22 | |
| webmin | webmin | 0.31 | |
| webmin | webmin | 0.41 | |
| webmin | webmin | 0.42 | |
| webmin | webmin | 0.51 | |
| webmin | webmin | 0.76 | |
| webmin | webmin | 0.77 | |
| webmin | webmin | 0.78 | |
| webmin | webmin | 0.79 | |
| webmin | webmin | 0.80 | |
| webmin | webmin | 0.85 | |
| webmin | webmin | 0.88 | |
| webmin | webmin | 0.91 | |
| webmin | webmin | 0.92 | |
| webmin | webmin | 0.93 | |
| webmin | webmin | 0.94 | |
| webmin | webmin | 0.950 | |
| webmin | webmin | 0.960 | |
| webmin | webmin | 0.970 | |
| webmin | webmin | 0.980 | |
| webmin | webmin | 0.990 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "84B5A02C-96AB-46FD-A958-86AC0DFD1F2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "BB1B8073-C512-4ACA-8E3F-92D46D63FBCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.31:*:*:*:*:*:*:*",
"matchCriteriaId": "B368FAD0-39A7-4115-9327-1D32BECF2F7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.41:*:*:*:*:*:*:*",
"matchCriteriaId": "2B3D7B7A-0426-4176-A759-E96024DC492D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.42:*:*:*:*:*:*:*",
"matchCriteriaId": "1E3EFDEE-A99B-4D0E-B6A7-E7C285A5DFBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.51:*:*:*:*:*:*:*",
"matchCriteriaId": "50C3D4D4-246A-4287-AA42-CFDD0C1AE22A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.76:*:*:*:*:*:*:*",
"matchCriteriaId": "F05CF0BA-0606-42E5-A631-D302FF1D59F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.77:*:*:*:*:*:*:*",
"matchCriteriaId": "6A79B7B3-708A-42E4-B4EF-7746F6292DB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.78:*:*:*:*:*:*:*",
"matchCriteriaId": "E2F06BC0-0418-4A1C-BD4A-B7429A6CEA39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.79:*:*:*:*:*:*:*",
"matchCriteriaId": "1817FDA9-31F4-4D4A-A867-386D2F1CDB1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.80:*:*:*:*:*:*:*",
"matchCriteriaId": "23522A64-FD03-4C5B-9A8A-5E7CDDC65CEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.85:*:*:*:*:*:*:*",
"matchCriteriaId": "E9A3F522-6E6D-446C-8694-7AE91F19F1C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.88:*:*:*:*:*:*:*",
"matchCriteriaId": "DBB86BC7-4A99-4C5B-9460-CDDA7C4E4041",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.91:*:*:*:*:*:*:*",
"matchCriteriaId": "0B0813F3-1886-481E-8822-4BD199C4934F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.92:*:*:*:*:*:*:*",
"matchCriteriaId": "6D25A7CA-ED9D-4562-8965-D4906D1BE5FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.93:*:*:*:*:*:*:*",
"matchCriteriaId": "C1F2D028-F2F9-4CE0-A24B-7DB44D488D4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.94:*:*:*:*:*:*:*",
"matchCriteriaId": "82EE7A9B-5688-4933-95B9-476873D44A65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.950:*:*:*:*:*:*:*",
"matchCriteriaId": "08068E84-9EE5-4742-B70A-567CD4199604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.960:*:*:*:*:*:*:*",
"matchCriteriaId": "5C6D5F6A-B34F-4134-959F-C31FC84EBCF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.970:*:*:*:*:*:*:*",
"matchCriteriaId": "DB4FEC51-DD03-418D-8E55-CEE696BE2D74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.980:*:*:*:*:*:*:*",
"matchCriteriaId": "4B9F8F43-F9EC-4BC0-BDF6-EC3EDF5A71F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.990:*:*:*:*:*:*:*",
"matchCriteriaId": "DB6865E9-F244-4019-AA4C-3DB1655A6AA0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The RPC module in Webmin 0.21 through 0.99, when installed without root or admin privileges, allows remote attackers to read and write to arbitrary files and execute arbitrary commands via remote_foreign_require and remote_foreign_call requests."
}
],
"id": "CVE-2002-2360",
"lastModified": "2024-11-20T23:43:29.847",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2002-08/0403.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/9983.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.securiteam.com/unixfocus/5CP0R1P80G.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/5591"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2002-08/0403.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/9983.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securiteam.com/unixfocus/5CP0R1P80G.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/5591"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-06-11 22:30
Modified
2024-11-21 00:32
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in pam_login.cgi in Webmin before 1.350 and Usermin before 1.280 allow remote attackers to inject arbitrary web script or HTML via the (1) cid, (2) message, or (3) question parameter. NOTE: some of these details are obtained from third party information.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:usermin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DD9A726E-9D24-40A5-A82A-B7D1B4EE3677",
"versionEndIncluding": "1.280",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E60E962F-8A39-481D-B272-BEA4A2E02A99",
"versionEndIncluding": "1.340",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in pam_login.cgi in Webmin before 1.350 and Usermin before 1.280 allow remote attackers to inject arbitrary web script or HTML via the (1) cid, (2) message, or (3) question parameter. NOTE: some of these details are obtained from third party information."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de tipo cross-site scripting (XSS) en el archivo pam_login.cgi en webmin versiones anteriores a 1.350 y Usermin versiones anteriores a 1.280, permiten a atacantes remotos inyectar script web o HTML arbitrario por medio del par\u00e1metro (1) cid, (2) message o (3) question. NOTA: algunos de estos datos son obtenidos a partir de la informaci\u00f3n de terceros."
}
],
"id": "CVE-2007-3156",
"lastModified": "2024-11-21T00:32:32.250",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-06-11T22:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/36932"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25580"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25785"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25956"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200707-05.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:135"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/24381"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/2117"
},
{
"source": "cve@mitre.org",
"url": "http://www.webmin.com/changes-1.350.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.webmin.com/security.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/36932"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25580"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25785"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25956"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200707-05.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:135"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/24381"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/2117"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.webmin.com/changes-1.350.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.webmin.com/security.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-11 06:15
Modified
2024-11-21 06:06
Severity ?
Summary
A cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 via the Scheduled Cron Jobs feature.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Mesh3l911/CVE-2021-32156 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Mesh3l911/CVE-2021-32156 | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:1.973:*:*:*:*:*:*:*",
"matchCriteriaId": "36AF9E26-A663-4BCE-AD76-CABD6DA36B66",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 via the Scheduled Cron Jobs feature."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de tipo cross-site request forgery (CSRF) en Webmin versi\u00f3n 1.973, por medio de la funcionalidad Scheduled Cron Jobs"
}
],
"id": "CVE-2021-32156",
"lastModified": "2024-11-21T06:06:52.717",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-11T06:15:08.160",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Mesh3l911/CVE-2021-32156"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Mesh3l911/CVE-2021-32156"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-03-03 05:00
Modified
2024-11-20 23:43
Severity ?
Summary
miniserv.pl in (1) Webmin before 1.070 and (2) Usermin before 1.000 does not properly handle metacharacters such as line feeds and carriage returns (CRLF) in Base-64 encoded strings during Basic authentication, which allows remote attackers to spoof a session ID and gain root privileges.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| engardelinux | guardian_digital_webtool | 1.2 | |
| usermin | usermin | 0.4 | |
| usermin | usermin | 0.5 | |
| usermin | usermin | 0.6 | |
| usermin | usermin | 0.7 | |
| usermin | usermin | 0.8 | |
| usermin | usermin | 0.9 | |
| usermin | usermin | 0.91 | |
| usermin | usermin | 0.92 | |
| usermin | usermin | 0.93 | |
| usermin | usermin | 0.94 | |
| usermin | usermin | 0.95 | |
| usermin | usermin | 0.96 | |
| usermin | usermin | 0.97 | |
| usermin | usermin | 0.98 | |
| usermin | usermin | 0.99 | |
| webmin | webmin | 1.0.50 | |
| webmin | webmin | 1.0.60 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:engardelinux:guardian_digital_webtool:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "91EB3988-0BFD-4BE8-A170-A99A32222540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1AD41B8B-72C0-411F-83E7-A82E1642FA26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "65A99166-28DF-4651-985F-922DBB06687E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0F9EACC7-1464-4476-9AA1-50DD902A3489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CD343610-8BE2-4916-AF30-66B21330D84C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0D54B4D9-5218-41F9-A701-F960199EE520",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B352FF6B-989C-4540-B434-9452851F745C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.91:*:*:*:*:*:*:*",
"matchCriteriaId": "F83F9841-49C7-410A-891F-365BBA043D2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.92:*:*:*:*:*:*:*",
"matchCriteriaId": "711485C5-F16A-4481-AEE3-E2AF1BAA09DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.93:*:*:*:*:*:*:*",
"matchCriteriaId": "FD5B9395-DCEA-4615-825E-1C4B42F25E2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.94:*:*:*:*:*:*:*",
"matchCriteriaId": "0B7162DD-DFE1-478D-B87C-28C393E20941",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.95:*:*:*:*:*:*:*",
"matchCriteriaId": "A01D1150-FCDE-47F5-BFE6-F06A294D7B29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.96:*:*:*:*:*:*:*",
"matchCriteriaId": "2D673B88-A9D9-4D22-9531-7F06791BC551",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.97:*:*:*:*:*:*:*",
"matchCriteriaId": "538021A3-2A6E-446F-B14D-4DCC7A470E55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.98:*:*:*:*:*:*:*",
"matchCriteriaId": "BB1A2A26-1187-46BE-8EFC-F3C325679245",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.99:*:*:*:*:*:*:*",
"matchCriteriaId": "6E70B0A6-31C9-4D78-B4B9-E75B45B6368C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.50:*:*:*:*:*:*:*",
"matchCriteriaId": "C968FBE9-191A-40B1-9A69-BF24511E40B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.60:*:*:*:*:*:*:*",
"matchCriteriaId": "D89047FD-39F0-4614-B1EC-D13BAF57405E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "miniserv.pl in (1) Webmin before 1.070 and (2) Usermin before 1.000 does not properly handle metacharacters such as line feeds and carriage returns (CRLF) in Base-64 encoded strings during Basic authentication, which allows remote attackers to spoof a session ID and gain root privileges."
},
{
"lang": "es",
"value": "miniserv.pl en Webmin anterior a 1.070 y Usermin antes de 1.000 no maneja adecuadamente metacaract\u00e9res como avance de l\u00ednea y retorno de carro (CRLF) en cadenas codificadas en Base-64 durante la autenticaci\u00f3n b\u00e1sica, lo que permite a atacantes remotos suplantar un ID de sesi\u00f3n y ganar privilegios de root."
}
],
"id": "CVE-2003-0101",
"lastModified": "2024-11-20T23:43:57.447",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-03-03T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20030602-01-I"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/hp/2003-q1/0063.html"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/linux/engarde/2003-q1/0008.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=104610245624895\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=104610300325629\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=104610336226274\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=webmin-announce\u0026m=104587858408101\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/8115"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/8163"
},
{
"source": "cve@mitre.org",
"url": "http://www.ciac.org/ciac/bulletins/n-058.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2003/dsa-319"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/11390.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.lac.co.jp/security/english/snsadv_e/62_e.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.linuxsecurity.com/advisories/gentoo_advisory-2886.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:025"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/6915"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1006160"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20030602-01-I"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/hp/2003-q1/0063.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/linux/engarde/2003-q1/0008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=104610245624895\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=104610300325629\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=104610336226274\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=webmin-announce\u0026m=104587858408101\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/8115"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/8163"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ciac.org/ciac/bulletins/n-058.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2003/dsa-319"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/11390.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.lac.co.jp/security/english/snsadv_e/62_e.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.linuxsecurity.com/advisories/gentoo_advisory-2886.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2003:025"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/6915"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1006160"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-03-02 12:15
Modified
2024-11-21 06:39
Severity ?
Summary
Improper Access Control to Remote Code Execution in GitHub repository webmin/webmin prior to 1.990.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CCBB705F-B54E-4537-A487-7BA0B97FC389",
"versionEndExcluding": "1.990",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Access Control to Remote Code Execution in GitHub repository webmin/webmin prior to 1.990."
},
{
"lang": "es",
"value": "Un Control de Acceso Inapropiado para una Ejecuci\u00f3n de C\u00f3digo Remota en el repositorio de GitHub webmin/webmin versiones anteriores a 1.990"
}
],
"id": "CVE-2022-0824",
"lastModified": "2024-11-21T06:39:28.280",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.5,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-02T12:15:07.777",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/166240/Webmin-1.984-Remote-Code-Execution.html"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/169700/Webmin-1.984-File-Manager-Remote-Code-Execution.html"
},
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/webmin/webmin/commit/39ea464f0c40b325decd6a5bfb7833fa4a142e38"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/d0049a96-de90-4b1a-9111-94de1044f295"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://notes.netbytesec.com/2022/03/webmin-broken-access-control-to-post-auth-rce.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/166240/Webmin-1.984-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/169700/Webmin-1.984-File-Manager-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/webmin/webmin/commit/39ea464f0c40b325decd6a5bfb7833fa4a142e38"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/d0049a96-de90-4b1a-9111-94de1044f295"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://notes.netbytesec.com/2022/03/webmin-broken-access-control-to-post-auth-rce.html"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "security@huntr.dev",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-31 15:15
Modified
2024-11-21 08:13
Severity ?
Summary
An issue was discovered in Webmin 2.021. The download functionality allows an attacker to exploit a Cross-Site Scripting (XSS) vulnerability. By providing a crafted download path containing a malicious payload, an attacker can inject arbitrary code, which is then executed within the context of the victim's browser when the download link is accessed.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38305 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://webmin.com/tags/webmin-changelog/ | Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38305 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://webmin.com/tags/webmin-changelog/ | Release Notes |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:2.021:*:*:*:*:*:*:*",
"matchCriteriaId": "80238B58-DA47-4036-900B-61044249B404",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Webmin 2.021. The download functionality allows an attacker to exploit a Cross-Site Scripting (XSS) vulnerability. By providing a crafted download path containing a malicious payload, an attacker can inject arbitrary code, which is then executed within the context of the victim\u0027s browser when the download link is accessed."
}
],
"id": "CVE-2023-38305",
"lastModified": "2024-11-21T08:13:17.233",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-31T15:15:10.607",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38305"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://webmin.com/tags/webmin-changelog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38305"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://webmin.com/tags/webmin-changelog/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-31 15:15
Modified
2024-11-21 08:13
Severity ?
Summary
An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the Users and Groups functionality, allowing an attacker to store a malicious payload in the Group Name field when creating a new group.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38304 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://webmin.com/tags/webmin-changelog/ | Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38304 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://webmin.com/tags/webmin-changelog/ | Release Notes |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:2.021:*:*:*:*:*:*:*",
"matchCriteriaId": "80238B58-DA47-4036-900B-61044249B404",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the Users and Groups functionality, allowing an attacker to store a malicious payload in the Group Name field when creating a new group."
}
],
"id": "CVE-2023-38304",
"lastModified": "2024-11-21T08:13:17.080",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-31T15:15:10.547",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38304"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://webmin.com/tags/webmin-changelog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38304"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://webmin.com/tags/webmin-changelog/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-07-20 11:12
Modified
2024-11-21 02:09
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Webmin before 1.690, when referrer checking is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2014-3924.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN02213197/index.html | Vendor Advisory | |
| vultures@jpcert.or.jp | http://jvndb.jvn.jp/jvndb/JVNDB-2014-000060 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN02213197/index.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvndb.jvn.jp/jvndb/JVNDB-2014-000060 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C7098876-1831-4013-AFDC-4B87AEBECEDA",
"versionEndIncluding": "1.680",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.600:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDBEEF5-0D51-4585-9AFF-E317E1E81C4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.610:*:*:*:*:*:*:*",
"matchCriteriaId": "79D5E434-C5D0-476C-991C-E82355AE32B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.620:*:*:*:*:*:*:*",
"matchCriteriaId": "523DF9D1-7E6D-458E-93AD-906AAE97E1CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.630:*:*:*:*:*:*:*",
"matchCriteriaId": "76BD5561-78F2-416F-BDE1-365D887FC061",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.640:*:*:*:*:*:*:*",
"matchCriteriaId": "E5D20433-B154-4CD2-BF7E-2B0F6E93E81C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.650:*:*:*:*:*:*:*",
"matchCriteriaId": "2403CB58-22C6-4B71-B007-4F2B8D942C5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.660:*:*:*:*:*:*:*",
"matchCriteriaId": "6321F048-D25F-4E4C-9994-7FA0D619418D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.670:*:*:*:*:*:*:*",
"matchCriteriaId": "AE07D5AE-0277-493F-8362-C09285A024E6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Webmin before 1.690, when referrer checking is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2014-3924."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en Webmin anterior a 1.690, cuando la comprobaci\u00f3n de referenciadores est\u00e1 deshabilitada, permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores no especificados. NOTA: esto podr\u00eda solaparse con CVE-2014-3924."
}
],
"id": "CVE-2014-3886",
"lastModified": "2024-11-21T02:09:03.790",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-07-20T11:12:50.527",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://jvn.jp/en/jp/JVN02213197/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000060"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://jvn.jp/en/jp/JVN02213197/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000060"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:50
Severity ?
Summary
The web mail functionality in Usermin 1.x and Webmin 1.x allows remote attackers to execute arbitrary commands via shell metacharacters in an e-mail message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| usermin | usermin | 1.000 | |
| usermin | usermin | 1.010 | |
| usermin | usermin | 1.020 | |
| usermin | usermin | 1.030 | |
| usermin | usermin | 1.040 | |
| usermin | usermin | 1.051 | |
| usermin | usermin | 1.060 | |
| usermin | usermin | 1.070 | |
| usermin | usermin | 1.080 | |
| webmin | webmin | 1.0.00 | |
| webmin | webmin | 1.0.20 | |
| webmin | webmin | 1.0.50 | |
| webmin | webmin | 1.0.60 | |
| webmin | webmin | 1.0.70 | |
| webmin | webmin | 1.0.80 | |
| webmin | webmin | 1.0.90 | |
| webmin | webmin | 1.1.00 | |
| webmin | webmin | 1.1.10 | |
| webmin | webmin | 1.1.21 | |
| webmin | webmin | 1.1.30 | |
| webmin | webmin | 1.1.40 | |
| webmin | webmin | 1.1.50 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:usermin:usermin:1.000:*:*:*:*:*:*:*",
"matchCriteriaId": "C70274C3-7CA0-49A2-B63C-7DAF492CCD0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.010:*:*:*:*:*:*:*",
"matchCriteriaId": "A7C4A319-0EA6-47E0-831A-27530DCF714E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.020:*:*:*:*:*:*:*",
"matchCriteriaId": "D1009D90-9851-441B-A2E2-FA5B676E8182",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.030:*:*:*:*:*:*:*",
"matchCriteriaId": "934A3D3F-CF10-478C-9206-DB468BCA4702",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.040:*:*:*:*:*:*:*",
"matchCriteriaId": "77B42570-F094-4C25-B246-6439D3FF4B30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.051:*:*:*:*:*:*:*",
"matchCriteriaId": "69A30BB5-2C3F-4C39-8CDC-CC0CC280384C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.060:*:*:*:*:*:*:*",
"matchCriteriaId": "753BF8DE-D225-4301-A6A6-50CD60B34234",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.070:*:*:*:*:*:*:*",
"matchCriteriaId": "FC37A972-11D7-4C85-A8DC-5EDE808629F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.080:*:*:*:*:*:*:*",
"matchCriteriaId": "EA7131C0-4FE1-4D69-9B21-8A9BFADE2A2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.00:*:*:*:*:*:*:*",
"matchCriteriaId": "2B4A574A-5B2A-4769-B932-E1736564160A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "D9425C1F-5E6A-489A-9A8B-9156E79FEAA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.50:*:*:*:*:*:*:*",
"matchCriteriaId": "C968FBE9-191A-40B1-9A69-BF24511E40B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.60:*:*:*:*:*:*:*",
"matchCriteriaId": "D89047FD-39F0-4614-B1EC-D13BAF57405E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.70:*:*:*:*:*:*:*",
"matchCriteriaId": "6CDF2120-F341-4C2E-88C1-A6C76626BFF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.80:*:*:*:*:*:*:*",
"matchCriteriaId": "01DFC15C-3513-4E94-B46D-94FEA0D627FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.90:*:*:*:*:*:*:*",
"matchCriteriaId": "F4E068D3-F6B5-4102-B9FA-949E2FAA33D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.00:*:*:*:*:*:*:*",
"matchCriteriaId": "7E6BD551-EC6A-4C77-B9E7-B9CF3DC21021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "01B0FE2D-02BC-4081-B172-64A74389C5F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "1615ACA2-32CC-48B7-AB5A-0BB0FDA7F190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.30:*:*:*:*:*:*:*",
"matchCriteriaId": "F5ABAE43-0EEF-44D5-AB36-44DA54290122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.40:*:*:*:*:*:*:*",
"matchCriteriaId": "AD33CE40-DFC9-4BDC-BF4F-9E0B268B8503",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.50:*:*:*:*:*:*:*",
"matchCriteriaId": "8608F5A2-B6FA-43C6-9862-43DBAF01EB1C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The web mail functionality in Usermin 1.x and Webmin 1.x allows remote attackers to execute arbitrary commands via shell metacharacters in an e-mail message."
}
],
"id": "CVE-2004-1468",
"lastModified": "2024-11-20T23:50:57.420",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/12488/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-15.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/77_e.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/11122"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17293"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/12488/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-15.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/77_e.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/11122"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17293"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-11 06:15
Modified
2024-11-21 06:06
Severity ?
Summary
A Cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 via the Upload and Download feature.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Mesh3l911/CVE-2021-32159 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Mesh3l911/CVE-2021-32159 | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:1.973:*:*:*:*:*:*:*",
"matchCriteriaId": "36AF9E26-A663-4BCE-AD76-CABD6DA36B66",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 via the Upload and Download feature."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de tipo Cross-site request forgery (CSRF) en Webmin versi\u00f3n 1.973, por medio de la funcionalidad Upload and Download"
}
],
"id": "CVE-2021-32159",
"lastModified": "2024-11-21T06:06:53.143",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-11T06:15:08.393",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Mesh3l911/CVE-2021-32159"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Mesh3l911/CVE-2021-32159"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-03-02 12:15
Modified
2024-11-21 06:39
Severity ?
Summary
Improper Authorization in GitHub repository webmin/webmin prior to 1.990.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/webmin/webmin/commit/eeeea3c097f5cc473770119f7ac61f1dcfa671b9 | Patch, Third Party Advisory | |
| security@huntr.dev | https://huntr.dev/bounties/f2d0389f-d7d1-4f34-9f9d-268b0a0da05e | Exploit, Third Party Advisory | |
| security@huntr.dev | https://notes.netbytesec.com/2022/03/webmin-broken-access-control-to-post-auth-rce.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/webmin/webmin/commit/eeeea3c097f5cc473770119f7ac61f1dcfa671b9 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.dev/bounties/f2d0389f-d7d1-4f34-9f9d-268b0a0da05e | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://notes.netbytesec.com/2022/03/webmin-broken-access-control-to-post-auth-rce.html | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CCBB705F-B54E-4537-A487-7BA0B97FC389",
"versionEndExcluding": "1.990",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Authorization in GitHub repository webmin/webmin prior to 1.990."
},
{
"lang": "es",
"value": "Una Autorizaci\u00f3n Inapropiada en el repositorio de GitHub webmin/webmin versiones anteriores a 1.990"
}
],
"id": "CVE-2022-0829",
"lastModified": "2024-11-21T06:39:28.880",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "security@huntr.dev",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-03-02T12:15:07.847",
"references": [
{
"source": "security@huntr.dev",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/webmin/webmin/commit/eeeea3c097f5cc473770119f7ac61f1dcfa671b9"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/f2d0389f-d7d1-4f34-9f9d-268b0a0da05e"
},
{
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://notes.netbytesec.com/2022/03/webmin-broken-access-control-to-post-auth-rce.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/webmin/webmin/commit/eeeea3c097f5cc473770119f7ac61f1dcfa671b9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://huntr.dev/bounties/f2d0389f-d7d1-4f34-9f9d-268b0a0da05e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://notes.netbytesec.com/2022/03/webmin-broken-access-control-to-post-auth-rce.html"
}
],
"sourceIdentifier": "security@huntr.dev",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-285"
}
],
"source": "security@huntr.dev",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-863"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-12-31 05:00
Modified
2024-11-20 23:41
Severity ?
Summary
The web interface for Webmin 0.92 does not properly quote or filter script code in files that are displayed to the interface, which allows local users to execute script and possibly steal cookies by inserting the script into certain files or fields, such as a real user name entry in the passwd file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| webmin | webmin | 0.1 | |
| webmin | webmin | 0.2 | |
| webmin | webmin | 0.3 | |
| webmin | webmin | 0.4 | |
| webmin | webmin | 0.5 | |
| webmin | webmin | 0.6 | |
| webmin | webmin | 0.7 | |
| webmin | webmin | 0.21 | |
| webmin | webmin | 0.22 | |
| webmin | webmin | 0.31 | |
| webmin | webmin | 0.41 | |
| webmin | webmin | 0.42 | |
| webmin | webmin | 0.51 | |
| webmin | webmin | 0.76 | |
| webmin | webmin | 0.77 | |
| webmin | webmin | 0.78 | |
| webmin | webmin | 0.79 | |
| webmin | webmin | 0.80 | |
| webmin | webmin | 0.83 | |
| webmin | webmin | 0.84 | |
| webmin | webmin | 0.85 | |
| webmin | webmin | 0.88 | |
| webmin | webmin | 0.91 | |
| webmin | webmin | 0.92 | |
| webmin | webmin | 0.92.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "30E3CF12-D0B7-4C7F-96C8-36A3FAFA8EDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C808C470-F0A1-4338-A988-3968EABE78E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C16685C0-94E9-4AE6-8221-1D32112808F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EDACA626-1687-4192-A2E8-C74823B715A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A9641C23-B30A-4CB2-A348-BD708F68F90A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0852A462-22ED-422D-A454-0A6E026D9AD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "97FEF73D-767D-4BF2-AA12-67268719A404",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "84B5A02C-96AB-46FD-A958-86AC0DFD1F2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "BB1B8073-C512-4ACA-8E3F-92D46D63FBCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.31:*:*:*:*:*:*:*",
"matchCriteriaId": "B368FAD0-39A7-4115-9327-1D32BECF2F7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.41:*:*:*:*:*:*:*",
"matchCriteriaId": "2B3D7B7A-0426-4176-A759-E96024DC492D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.42:*:*:*:*:*:*:*",
"matchCriteriaId": "1E3EFDEE-A99B-4D0E-B6A7-E7C285A5DFBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.51:*:*:*:*:*:*:*",
"matchCriteriaId": "50C3D4D4-246A-4287-AA42-CFDD0C1AE22A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.76:*:*:*:*:*:*:*",
"matchCriteriaId": "F05CF0BA-0606-42E5-A631-D302FF1D59F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.77:*:*:*:*:*:*:*",
"matchCriteriaId": "6A79B7B3-708A-42E4-B4EF-7746F6292DB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.78:*:*:*:*:*:*:*",
"matchCriteriaId": "E2F06BC0-0418-4A1C-BD4A-B7429A6CEA39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.79:*:*:*:*:*:*:*",
"matchCriteriaId": "1817FDA9-31F4-4D4A-A867-386D2F1CDB1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.80:*:*:*:*:*:*:*",
"matchCriteriaId": "23522A64-FD03-4C5B-9A8A-5E7CDDC65CEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.83:*:*:*:*:*:*:*",
"matchCriteriaId": "DFD94AA9-CABA-4FC8-8367-D5D9D8B4F623",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.84:*:*:*:*:*:*:*",
"matchCriteriaId": "35B136CA-47BF-46DE-885A-9E74EBDE5306",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.85:*:*:*:*:*:*:*",
"matchCriteriaId": "E9A3F522-6E6D-446C-8694-7AE91F19F1C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.88:*:*:*:*:*:*:*",
"matchCriteriaId": "DBB86BC7-4A99-4C5B-9460-CDDA7C4E4041",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.91:*:*:*:*:*:*:*",
"matchCriteriaId": "0B0813F3-1886-481E-8822-4BD199C4934F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.92:*:*:*:*:*:*:*",
"matchCriteriaId": "6D25A7CA-ED9D-4562-8965-D4906D1BE5FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.92.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5C38C77-246F-41A9-A3D5-99C2DDA1DAE1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The web interface for Webmin 0.92 does not properly quote or filter script code in files that are displayed to the interface, which allows local users to execute script and possibly steal cookies by inserting the script into certain files or fields, such as a real user name entry in the passwd file."
}
],
"id": "CVE-2002-1673",
"lastModified": "2024-11-20T23:41:51.370",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://online.securityfocus.com/archive/1/263181"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/4329"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8596"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://online.securityfocus.com/archive/1/263181"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/bid/4329"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8596"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-11 06:15
Modified
2024-11-21 06:06
Severity ?
Summary
A Cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 through the File Manager feature.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Mesh3l911/CVE-2021-32162 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Mesh3l911/CVE-2021-32162 | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:1.973:*:*:*:*:*:*:*",
"matchCriteriaId": "36AF9E26-A663-4BCE-AD76-CABD6DA36B66",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 through the File Manager feature."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de tipo Cross-site request forgery (CSRF) en Webmin versi\u00f3n 1.973, mediante la funcionalidad File Manager"
}
],
"id": "CVE-2021-32162",
"lastModified": "2024-11-21T06:06:53.547",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-11T06:15:08.543",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Mesh3l911/CVE-2021-32162"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Mesh3l911/CVE-2021-32162"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-19 22:29
Modified
2024-11-21 03:14
Severity ?
Summary
SSRF exists in Webmin 1.850 via the PATH_INFO to tunnel/link.cgi, as demonstrated by a GET request for tunnel/link.cgi/http://INTRANET-IP:8000.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.webmin.com/changes.html | Release Notes, Vendor Advisory | |
| cve@mitre.org | http://www.webmin.com/security.html | Vendor Advisory | |
| cve@mitre.org | https://blogs.securiteam.com/index.php/archives/3430 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://github.com/webmin/webmin/commit/0c58892732ee7610a7abba5507614366d382c9c9 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.webmin.com/changes.html | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.webmin.com/security.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blogs.securiteam.com/index.php/archives/3430 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/webmin/webmin/commit/0c58892732ee7610a7abba5507614366d382c9c9 | Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A946EA8C-A37B-497C-96F0-68F5AD312139",
"versionEndIncluding": "1.850",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SSRF exists in Webmin 1.850 via the PATH_INFO to tunnel/link.cgi, as demonstrated by a GET request for tunnel/link.cgi/http://INTRANET-IP:8000."
},
{
"lang": "es",
"value": "Existe SSRF en Webmin 1.850 mediante PATH_INFO a tunnel/link.cgi, como se ha demostrado por una petici\u00f3n GET para tunnel/link.cgi/http://INTRANET-IP:8000."
}
],
"id": "CVE-2017-15644",
"lastModified": "2024-11-21T03:14:56.453",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-19T22:29:00.230",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://www.webmin.com/changes.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.webmin.com/security.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blogs.securiteam.com/index.php/archives/3430"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/webmin/webmin/commit/0c58892732ee7610a7abba5507614366d382c9c9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://www.webmin.com/changes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.webmin.com/security.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://blogs.securiteam.com/index.php/archives/3430"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/webmin/webmin/commit/0c58892732ee7610a7abba5507614366d382c9c9"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-15 04:15
Modified
2024-11-21 08:20
Severity ?
Summary
A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Find in Results file.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://webmin.com | Product | |
| cve@mitre.org | https://github.com/Vi39/Webmin-2.100/blob/main/CVE-2023-40983 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://webmin.com | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Vi39/Webmin-2.100/blob/main/CVE-2023-40983 | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:2.100:*:*:*:*:*:*:*",
"matchCriteriaId": "C1B4BC89-37BB-4538-887D-DE2B0930BDED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Find in Results file."
},
{
"lang": "es",
"value": "Una vulnerabilidad de cross-site scripting (XSS) reflejada en la funci\u00f3n Administrador de Archivos de Webmin v2.100 permite a los atacantes ejecutar secuencias de comandos maliciosas mediante la inyecci\u00f3n de un payload preparado en el archivo Buscar en Resultados."
}
],
"id": "CVE-2023-40983",
"lastModified": "2024-11-21T08:20:22.010",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-15T04:15:10.243",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "http://webmin.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Vi39/Webmin-2.100/blob/main/CVE-2023-40983"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "http://webmin.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Vi39/Webmin-2.100/blob/main/CVE-2023-40983"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-12-21 20:15
Modified
2024-11-21 05:27
Severity ?
Summary
Arbitrary command execution can occur in Webmin through 1.962. Any user authorized for the Package Updates module can execute arbitrary commands with root privileges via vectors involving %0A and %0C. NOTE: this issue exists because of an incomplete fix for CVE-2019-12840.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/160676/Webmin-1.962-Remote-Command-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://www.exploit-db.com/exploits/49318 | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://www.pentest.com.tr/exploits/Webmin-1962-PU-Escape-Bypass-Remote-Command-Execution.html | Exploit, Third Party Advisory | |
| cve@mitre.org | https://www.webmin.com/download.html | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/160676/Webmin-1.962-Remote-Command-Execution.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.exploit-db.com/exploits/49318 | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.pentest.com.tr/exploits/Webmin-1962-PU-Escape-Bypass-Remote-Command-Execution.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.webmin.com/download.html | Product |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7C8B8FAE-EA82-4465-9186-6ECE6C031521",
"versionEndIncluding": "1.962",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Arbitrary command execution can occur in Webmin through 1.962. Any user authorized for the Package Updates module can execute arbitrary commands with root privileges via vectors involving %0A and %0C. NOTE: this issue exists because of an incomplete fix for CVE-2019-12840."
},
{
"lang": "es",
"value": "Una ejecuci\u00f3n de comandos arbitraria puede ocurrir en Webmin versiones hasta 1.962.\u0026#xa0;Cualquier usuario autorizado para el m\u00f3dulo Package Updates puede ejecutar comandos arbitrarios con privilegios root por medio de vectores que involucran %0A y %0C.\u0026#xa0;NOTA: este problema se presenta debido a una correcci\u00f3n incompleta para el CVE-2019-12840"
}
],
"id": "CVE-2020-35606",
"lastModified": "2024-11-21T05:27:41.330",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-12-21T20:15:12.617",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/160676/Webmin-1.962-Remote-Command-Execution.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/49318"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.pentest.com.tr/exploits/Webmin-1962-PU-Escape-Bypass-Remote-Command-Execution.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://www.webmin.com/download.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/160676/Webmin-1.962-Remote-Command-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/49318"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.pentest.com.tr/exploits/Webmin-1962-PU-Escape-Bypass-Remote-Command-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://www.webmin.com/download.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-15 01:15
Modified
2024-11-21 08:20
Severity ?
Summary
A stored cross-site scripting (XSS) vulnerability in the Usermin Configuration function of Webmin v2.100 allows attackers to execute arbitrary web sripts or HTML via a crafted payload injected into the Custom field.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://webmin.com | Product | |
| cve@mitre.org | https://github.com/Vi39/Webmin-2.100/blob/main/CVE-2023-40986 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://webmin.com | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Vi39/Webmin-2.100/blob/main/CVE-2023-40986 | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:2.100:*:*:*:*:*:*:*",
"matchCriteriaId": "C1B4BC89-37BB-4538-887D-DE2B0930BDED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting (XSS) vulnerability in the Usermin Configuration function of Webmin v2.100 allows attackers to execute arbitrary web sripts or HTML via a crafted payload injected into the Custom field."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Cross-Site Scripting (XSS) almacenado en la funci\u00f3n de Usermin Configuration de Webmin v2.100 permite a los atacantes ejecutar scripts web o HTML arbitrarios a trav\u00e9s de un payload manipulado inyectado en el campo Custom."
}
],
"id": "CVE-2023-40986",
"lastModified": "2024-11-21T08:20:22.477",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-15T01:15:07.910",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "http://webmin.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Vi39/Webmin-2.100/blob/main/CVE-2023-40986"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "http://webmin.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Vi39/Webmin-2.100/blob/main/CVE-2023-40986"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-08-12 04:00
Modified
2024-11-20 23:39
Severity ?
Summary
(1) Webmin 0.96 and (2) Usermin 0.90 with password timeouts enabled allow local and possibly remote attackers to bypass authentication and gain privileges via certain control characters in the authentication information, which can force Webmin or Usermin to accept arbitrary username/session ID combinations.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://online.securityfocus.com/archive/1/271466 | Exploit, Patch, Vendor Advisory | |
| cve@mitre.org | http://www.iss.net/security_center/static/9037.php | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-033.php | Patch | |
| cve@mitre.org | http://www.securityfocus.com/bid/4700 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://online.securityfocus.com/archive/1/271466 | Exploit, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.iss.net/security_center/static/9037.php | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-033.php | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/4700 | Patch, Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:usermin:usermin:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CD343610-8BE2-4916-AF30-66B21330D84C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0D54B4D9-5218-41F9-A701-F960199EE520",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B352FF6B-989C-4540-B434-9452851F745C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.91:*:*:*:*:*:*:*",
"matchCriteriaId": "0B0813F3-1886-481E-8822-4BD199C4934F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.92:*:*:*:*:*:*:*",
"matchCriteriaId": "6D25A7CA-ED9D-4562-8965-D4906D1BE5FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.92.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5C38C77-246F-41A9-A3D5-99C2DDA1DAE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.93:*:*:*:*:*:*:*",
"matchCriteriaId": "C1F2D028-F2F9-4CE0-A24B-7DB44D488D4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.94:*:*:*:*:*:*:*",
"matchCriteriaId": "82EE7A9B-5688-4933-95B9-476873D44A65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.95:*:*:*:*:*:*:*",
"matchCriteriaId": "30A57D7A-B989-4D82-B667-029A245AA6D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.96:*:*:*:*:*:*:*",
"matchCriteriaId": "C664186B-DD40-490B-B2DE-4279B00102F2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "(1) Webmin 0.96 and (2) Usermin 0.90 with password timeouts enabled allow local and possibly remote attackers to bypass authentication and gain privileges via certain control characters in the authentication information, which can force Webmin or Usermin to accept arbitrary username/session ID combinations."
},
{
"lang": "es",
"value": "Webmin 0.96 y Usermin 0.90 con tiempo de espera para contrase\u00f1as habilitado, permite a atacantes locales y posiblemente a remotos, evitar la autenticaci\u00f3n y obtener privilegios mediante ciertos caracteres de control en la informaci\u00f3n de autenticaci\u00f3n, que podr\u00eda forzar a Webmin o Usermin a aceptar combinaciones arbitrarias de usuario/sesi\u00f3n (username/session ID)."
}
],
"id": "CVE-2002-0757",
"lastModified": "2024-11-20T23:39:48.003",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-08-12T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://online.securityfocus.com/archive/1/271466"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/9037.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-033.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/4700"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://online.securityfocus.com/archive/1/271466"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/9037.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-033.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/4700"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-12-31 05:00
Modified
2024-11-20 23:43
Severity ?
Summary
The Printer Administration module for Webmin 0.990 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the printer name.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F52798C-8D7B-46CD-A27A-E4378C631568",
"versionEndIncluding": "0.99",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Printer Administration module for Webmin 0.990 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the printer name."
}
],
"id": "CVE-2002-2201",
"lastModified": "2024-11-20T23:43:07.060",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:05.asc"
},
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/10052.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.webmin.com/updates.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:05.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/10052.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.webmin.com/updates.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-12-31 05:00
Modified
2024-11-20 23:42
Severity ?
Summary
Webmin 0.21 through 1.0 uses the same built-in SSL key for all installations, which allows remote attackers to eavesdrop or highjack the SSL session.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| webmin | webmin | 0.21 | |
| webmin | webmin | 0.22 | |
| webmin | webmin | 0.31 | |
| webmin | webmin | 0.41 | |
| webmin | webmin | 0.42 | |
| webmin | webmin | 0.51 | |
| webmin | webmin | 0.76 | |
| webmin | webmin | 0.77 | |
| webmin | webmin | 0.78 | |
| webmin | webmin | 0.79 | |
| webmin | webmin | 0.80 | |
| webmin | webmin | 0.85 | |
| webmin | webmin | 0.88 | |
| webmin | webmin | 0.91 | |
| webmin | webmin | 0.92 | |
| webmin | webmin | 0.93 | |
| webmin | webmin | 0.94 | |
| webmin | webmin | 0.95 | |
| webmin | webmin | 0.96 | |
| webmin | webmin | 0.97 | |
| webmin | webmin | 0.98 | |
| webmin | webmin | 0.99 | |
| webmin | webmin | 1.0.00 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "84B5A02C-96AB-46FD-A958-86AC0DFD1F2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "BB1B8073-C512-4ACA-8E3F-92D46D63FBCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.31:*:*:*:*:*:*:*",
"matchCriteriaId": "B368FAD0-39A7-4115-9327-1D32BECF2F7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.41:*:*:*:*:*:*:*",
"matchCriteriaId": "2B3D7B7A-0426-4176-A759-E96024DC492D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.42:*:*:*:*:*:*:*",
"matchCriteriaId": "1E3EFDEE-A99B-4D0E-B6A7-E7C285A5DFBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.51:*:*:*:*:*:*:*",
"matchCriteriaId": "50C3D4D4-246A-4287-AA42-CFDD0C1AE22A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.76:*:*:*:*:*:*:*",
"matchCriteriaId": "F05CF0BA-0606-42E5-A631-D302FF1D59F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.77:*:*:*:*:*:*:*",
"matchCriteriaId": "6A79B7B3-708A-42E4-B4EF-7746F6292DB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.78:*:*:*:*:*:*:*",
"matchCriteriaId": "E2F06BC0-0418-4A1C-BD4A-B7429A6CEA39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.79:*:*:*:*:*:*:*",
"matchCriteriaId": "1817FDA9-31F4-4D4A-A867-386D2F1CDB1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.80:*:*:*:*:*:*:*",
"matchCriteriaId": "23522A64-FD03-4C5B-9A8A-5E7CDDC65CEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.85:*:*:*:*:*:*:*",
"matchCriteriaId": "E9A3F522-6E6D-446C-8694-7AE91F19F1C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.88:*:*:*:*:*:*:*",
"matchCriteriaId": "DBB86BC7-4A99-4C5B-9460-CDDA7C4E4041",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.91:*:*:*:*:*:*:*",
"matchCriteriaId": "0B0813F3-1886-481E-8822-4BD199C4934F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.92:*:*:*:*:*:*:*",
"matchCriteriaId": "6D25A7CA-ED9D-4562-8965-D4906D1BE5FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.93:*:*:*:*:*:*:*",
"matchCriteriaId": "C1F2D028-F2F9-4CE0-A24B-7DB44D488D4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.94:*:*:*:*:*:*:*",
"matchCriteriaId": "82EE7A9B-5688-4933-95B9-476873D44A65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.95:*:*:*:*:*:*:*",
"matchCriteriaId": "30A57D7A-B989-4D82-B667-029A245AA6D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.96:*:*:*:*:*:*:*",
"matchCriteriaId": "C664186B-DD40-490B-B2DE-4279B00102F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.97:*:*:*:*:*:*:*",
"matchCriteriaId": "88E1D6C5-20FE-4514-B618-312BB19E5F6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.98:*:*:*:*:*:*:*",
"matchCriteriaId": "B5017EA5-7188-4293-9FDF-5D23DCB40B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.99:*:*:*:*:*:*:*",
"matchCriteriaId": "FF6C5F07-330D-46C5-8A8B-8DF734F4640F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.00:*:*:*:*:*:*:*",
"matchCriteriaId": "2B4A574A-5B2A-4769-B932-E1736564160A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Webmin 0.21 through 1.0 uses the same built-in SSL key for all installations, which allows remote attackers to eavesdrop or highjack the SSL session."
}
],
"id": "CVE-2002-1947",
"lastModified": "2024-11-20T23:42:29.833",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02%3A06.asc"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.iss.net/security_center/static/10381.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/5936"
},
{
"source": "cve@mitre.org",
"url": "http://www.webmin.com/changes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02%3A06.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.iss.net/security_center/static/10381.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/5936"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.webmin.com/changes.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-04-28 16:59
Modified
2024-11-21 03:22
Severity ?
Summary
Multiple cross-site scripting vulnerabilities in Webmin versions prior to 1.830 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN34207650/index.html | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | http://www.securityfocus.com/bid/96227 | Third Party Advisory, VDB Entry | |
| vultures@jpcert.or.jp | https://github.com/webmin/webmin/commit/475cc4fbdf51c865b291d252d81a58bad05de0c7 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN34207650/index.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/96227 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/webmin/webmin/commit/475cc4fbdf51c865b291d252d81a58bad05de0c7 | Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "137D2A3A-5ED0-4BE5-8E6B-73531C4100B8",
"versionEndIncluding": "1.820",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting vulnerabilities in Webmin versions prior to 1.830 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Varias vulnerabilidades de secuencias de comandos entre sitios en Webmin versiones anteriores a 1.830 permiten a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2017-2106",
"lastModified": "2024-11-21T03:22:54.640",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-28T16:59:00.887",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvn.jp/en/jp/JVN34207650/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/96227"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/webmin/webmin/commit/475cc4fbdf51c865b291d252d81a58bad05de0c7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://jvn.jp/en/jp/JVN34207650/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/96227"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/webmin/webmin/commit/475cc4fbdf51c865b291d252d81a58bad05de0c7"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-06-28 22:05
Modified
2024-11-21 00:13
Severity ?
Summary
Directory traversal vulnerability in Webmin before 1.280, when run on Windows, allows remote attackers to read arbitrary files via \ (backslash) characters in the URL to certain directories under the web root, such as the image directory.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "72A55881-A6A1-47F7-BEE5-E27981B2FE36",
"versionEndIncluding": "1.2.70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "CD941A62-A41E-41CB-80C0-8B780AC39FB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "786287DD-2565-4931-BBA0-2CACD7671352",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.2.50:*:*:*:*:*:*:*",
"matchCriteriaId": "4784DC04-D2C5-46C6-831F-23D69B4B0513",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.2.60:*:*:*:*:*:*:*",
"matchCriteriaId": "9C219DAB-C13C-4232-8B98-2D7A9ED16E30",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Webmin before 1.280, when run on Windows, allows remote attackers to read arbitrary files via \\ (backslash) characters in the URL to certain directories under the web root, such as the image directory."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en versiones de Webmin anteriores a la v1.280, cuando se ejecuta en Windows, permite a atacantes remotos leer ficheros arbitrarios a trav\u00e9s del car\u00e1cter \\ (barra invertida) en la URL a determinados directorios bajo la ra\u00edz Web, tales como el directorio de imagenes."
}
],
"evaluatorSolution": "Update to version 1.280.",
"id": "CVE-2006-3274",
"lastModified": "2024-11-21T00:13:13.753",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-06-28T22:05:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://jvn.jp/jp/JVN%2367974490/index.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20777"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/1161"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1016375"
},
{
"source": "cve@mitre.org",
"url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/88_e.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/438149/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/18613"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/2493"
},
{
"source": "cve@mitre.org",
"url": "http://www.webmin.com/changes.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27366"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/jp/JVN%2367974490/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20777"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/1161"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016375"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/88_e.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/438149/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/18613"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/2493"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.webmin.com/changes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27366"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-08-06 04:00
Modified
2024-11-20 23:48
Severity ?
Summary
Unknown vulnerability in Webmin 1.140 allows remote attackers to bypass access control rules and gain read access to configuration information for a module.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.40:*:*:*:*:*:*:*",
"matchCriteriaId": "AD33CE40-DFC9-4BDC-BF4F-9E0B268B8503",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unknown vulnerability in Webmin 1.140 allows remote attackers to bypass access control rules and gain read access to configuration information for a module."
},
{
"lang": "es",
"value": "Vulnerabilidad desconocidad en Webmin 1.140 permite a atacantes remotos saltarse reglas de control de acceso y conseguir acceso de lectura a informaci\u00f3n de configuraci\u00f3n de un m\u00f3dulo."
}
],
"id": "CVE-2004-0582",
"lastModified": "2024-11-20T23:48:54.503",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-08-06T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000848"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108697184602191\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2004/dsa-526"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200406-12.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/74_e.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:074"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10474"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10522"
},
{
"source": "cve@mitre.org",
"url": "http://www.webmin.com/changes-1.150.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16333"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000848"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108697184602191\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2004/dsa-526"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200406-12.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/74_e.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:074"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10474"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10522"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.webmin.com/changes-1.150.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16333"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-01-05 19:00
Modified
2024-11-21 01:09
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Webmin before 1.500 and Usermin before 1.430 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:usermin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F3175C6B-A8BC-478B-A86B-D67DF656777C",
"versionEndIncluding": "1.32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:usermin:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3046F962-BD9C-4E67-B2A8-9664440317A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:usermin:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A83F4A87-03D8-461B-B64A-81E171C88119",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:usermin:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E777B661-B6A5-4033-85BA-4B17A7FDF905",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:usermin:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "866EC157-2F84-4382-B081-AB7BF9D5B649",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:usermin:0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E4DB1944-7DD9-480E-9479-69DC284F8A1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:usermin:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "842A041C-7252-49BF-AF8C-57CD61D875C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:usermin:0.91:*:*:*:*:*:*:*",
"matchCriteriaId": "BACD9446-5C6C-486F-AA95-C89435BD24B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:usermin:0.92:*:*:*:*:*:*:*",
"matchCriteriaId": "DBF2E55D-D1A5-4CB0-99AB-3FBAA16E79B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:usermin:0.93:*:*:*:*:*:*:*",
"matchCriteriaId": "D1EA5D74-C150-479E-8A8B-4E1251A04895",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:usermin:0.94:*:*:*:*:*:*:*",
"matchCriteriaId": "5783CE2F-D0AD-4871-BD4E-31DE40887F56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:usermin:0.95:*:*:*:*:*:*:*",
"matchCriteriaId": "94611B8F-EFD0-47DD-8F96-37A74FFA7E00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:usermin:0.96:*:*:*:*:*:*:*",
"matchCriteriaId": "A8AB5C49-4D3E-4A71-82CC-6866D7113671",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:usermin:0.97:*:*:*:*:*:*:*",
"matchCriteriaId": "A9F3973E-03E5-416F-9B88-61CDB51B9E3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:usermin:0.98:*:*:*:*:*:*:*",
"matchCriteriaId": "560E8A6D-93B8-4252-ACE2-7BA9AE97A97F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:usermin:0.99:*:*:*:*:*:*:*",
"matchCriteriaId": "3A282895-E367-4445-84B9-07BF204B5100",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:usermin:1.000:*:*:*:*:*:*:*",
"matchCriteriaId": "973363CE-6A66-4BAF-8C11-D9B4911BF9A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:usermin:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "74E28AB1-D60A-4CFC-9133-552B7AA12D8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:usermin:1.010:*:*:*:*:*:*:*",
"matchCriteriaId": "20B5FDD4-AD31-4985-97E2-179C0F6A6525",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:usermin:1.020:*:*:*:*:*:*:*",
"matchCriteriaId": "0C3551D4-9B28-4A29-9C30-D91C5D81F195",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:usermin:1.030:*:*:*:*:*:*:*",
"matchCriteriaId": "8EEF1E3D-F633-4594-8E65-6AB0B941E95A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:usermin:1.040:*:*:*:*:*:*:*",
"matchCriteriaId": "D32B0E0C-B72B-4F3D-ABAC-BBA5A6E242ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:usermin:1.051:*:*:*:*:*:*:*",
"matchCriteriaId": "70AC0911-928C-4087-9EA8-BF0CB25BDD56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:usermin:1.060:*:*:*:*:*:*:*",
"matchCriteriaId": "35B34A95-A9D1-454D-AE3A-A68AE11A60AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:usermin:1.070:*:*:*:*:*:*:*",
"matchCriteriaId": "EDE9ABF8-331F-4268-8D2A-692BEC8F98DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:usermin:1.080:*:*:*:*:*:*:*",
"matchCriteriaId": "8BD93C56-DE08-4CAC-A345-7C40C2CB0598",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:usermin:1.090:*:*:*:*:*:*:*",
"matchCriteriaId": "F540CEF3-C21D-48E5-84AD-81CF7C62A948",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:usermin:1.100:*:*:*:*:*:*:*",
"matchCriteriaId": "E554657F-DF48-41F9-A2F6-4C311C2AC99A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:usermin:1.110:*:*:*:*:*:*:*",
"matchCriteriaId": "CA039A97-F28A-4216-B909-79EEBD8A6FC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:usermin:1.120:*:*:*:*:*:*:*",
"matchCriteriaId": "75B0C24B-7A62-4157-8CA8-5FA800F67C33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:usermin:1.130:*:*:*:*:*:*:*",
"matchCriteriaId": "F3652F8E-A163-4337-BAE0-210757FC421D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:usermin:1.140:*:*:*:*:*:*:*",
"matchCriteriaId": "87E84FE0-ACF0-43D9-ACC2-D662D5488B8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:usermin:1.150:*:*:*:*:*:*:*",
"matchCriteriaId": "83419D0A-7C03-4F3E-9A95-25BA299D5961",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:usermin:1.210:*:*:*:*:*:*:*",
"matchCriteriaId": "72D4AAAF-A284-4FD9-B011-C822ED2DBAC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:usermin:1.220:*:*:*:*:*:*:*",
"matchCriteriaId": "490DBC72-DADD-491E-AC18-4D4C178ABECD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:usermin:1.230:*:*:*:*:*:*:*",
"matchCriteriaId": "A455B1DC-03F9-4338-9BD5-9184434F7AA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:usermin:1.240:*:*:*:*:*:*:*",
"matchCriteriaId": "36C87163-EBC2-47DC-9865-9455CF066DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:usermin:1.250:*:*:*:*:*:*:*",
"matchCriteriaId": "EDBED527-4698-44DC-8DFE-E107702C2D9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:usermin:1.260:*:*:*:*:*:*:*",
"matchCriteriaId": "15CFE78E-22EB-47B1-9BD3-0A093645304A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:usermin:1.270:*:*:*:*:*:*:*",
"matchCriteriaId": "D8CAB5C2-2F68-46F6-BF7D-12AEEB03BF66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:usermin:1.280:*:*:*:*:*:*:*",
"matchCriteriaId": "A5E20E3B-AC6A-4059-9C49-9AF4FADDFF30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E7664DA2-5AC8-4A10-A7E9-4EA9AF5ABAEF",
"versionEndIncluding": "1.390",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "30E3CF12-D0B7-4C7F-96C8-36A3FAFA8EDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C808C470-F0A1-4338-A988-3968EABE78E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C16685C0-94E9-4AE6-8221-1D32112808F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EDACA626-1687-4192-A2E8-C74823B715A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A9641C23-B30A-4CB2-A348-BD708F68F90A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0852A462-22ED-422D-A454-0A6E026D9AD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "97FEF73D-767D-4BF2-AA12-67268719A404",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "84B5A02C-96AB-46FD-A958-86AC0DFD1F2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "BB1B8073-C512-4ACA-8E3F-92D46D63FBCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.31:*:*:*:*:*:*:*",
"matchCriteriaId": "B368FAD0-39A7-4115-9327-1D32BECF2F7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.41:*:*:*:*:*:*:*",
"matchCriteriaId": "2B3D7B7A-0426-4176-A759-E96024DC492D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.42:*:*:*:*:*:*:*",
"matchCriteriaId": "1E3EFDEE-A99B-4D0E-B6A7-E7C285A5DFBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.51:*:*:*:*:*:*:*",
"matchCriteriaId": "50C3D4D4-246A-4287-AA42-CFDD0C1AE22A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.76:*:*:*:*:*:*:*",
"matchCriteriaId": "F05CF0BA-0606-42E5-A631-D302FF1D59F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.77:*:*:*:*:*:*:*",
"matchCriteriaId": "6A79B7B3-708A-42E4-B4EF-7746F6292DB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.78:*:*:*:*:*:*:*",
"matchCriteriaId": "E2F06BC0-0418-4A1C-BD4A-B7429A6CEA39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.79:*:*:*:*:*:*:*",
"matchCriteriaId": "1817FDA9-31F4-4D4A-A867-386D2F1CDB1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.80:*:*:*:*:*:*:*",
"matchCriteriaId": "23522A64-FD03-4C5B-9A8A-5E7CDDC65CEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.83:*:*:*:*:*:*:*",
"matchCriteriaId": "DFD94AA9-CABA-4FC8-8367-D5D9D8B4F623",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.84:*:*:*:*:*:*:*",
"matchCriteriaId": "35B136CA-47BF-46DE-885A-9E74EBDE5306",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.85:*:*:*:*:*:*:*",
"matchCriteriaId": "E9A3F522-6E6D-446C-8694-7AE91F19F1C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.88:*:*:*:*:*:*:*",
"matchCriteriaId": "DBB86BC7-4A99-4C5B-9460-CDDA7C4E4041",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.90:*:*:*:*:*:*:*",
"matchCriteriaId": "957C7CA1-DD36-409C-B7E5-01B719B4695E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.91:*:*:*:*:*:*:*",
"matchCriteriaId": "0B0813F3-1886-481E-8822-4BD199C4934F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.92:*:*:*:*:*:*:*",
"matchCriteriaId": "6D25A7CA-ED9D-4562-8965-D4906D1BE5FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.92.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5C38C77-246F-41A9-A3D5-99C2DDA1DAE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.93:*:*:*:*:*:*:*",
"matchCriteriaId": "C1F2D028-F2F9-4CE0-A24B-7DB44D488D4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.94:*:*:*:*:*:*:*",
"matchCriteriaId": "82EE7A9B-5688-4933-95B9-476873D44A65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.95:*:*:*:*:*:*:*",
"matchCriteriaId": "30A57D7A-B989-4D82-B667-029A245AA6D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.96:*:*:*:*:*:*:*",
"matchCriteriaId": "C664186B-DD40-490B-B2DE-4279B00102F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.97:*:*:*:*:*:*:*",
"matchCriteriaId": "88E1D6C5-20FE-4514-B618-312BB19E5F6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.98:*:*:*:*:*:*:*",
"matchCriteriaId": "B5017EA5-7188-4293-9FDF-5D23DCB40B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.99:*:*:*:*:*:*:*",
"matchCriteriaId": "FF6C5F07-330D-46C5-8A8B-8DF734F4640F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.950:*:*:*:*:*:*:*",
"matchCriteriaId": "08068E84-9EE5-4742-B70A-567CD4199604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.960:*:*:*:*:*:*:*",
"matchCriteriaId": "5C6D5F6A-B34F-4134-959F-C31FC84EBCF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.970:*:*:*:*:*:*:*",
"matchCriteriaId": "DB4FEC51-DD03-418D-8E55-CEE696BE2D74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.980:*:*:*:*:*:*:*",
"matchCriteriaId": "4B9F8F43-F9EC-4BC0-BDF6-EC3EDF5A71F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.990:*:*:*:*:*:*:*",
"matchCriteriaId": "DB6865E9-F244-4019-AA4C-3DB1655A6AA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C644D728-1DD4-48E0-9E42-35E836006F41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "D9425C1F-5E6A-489A-9A8B-9156E79FEAA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.30:*:*:*:*:*:*:*",
"matchCriteriaId": "8B8347DA-13F8-40E9-B9EA-2703C049AFA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.40:*:*:*:*:*:*:*",
"matchCriteriaId": "BD9C3443-526E-4D68-9C7E-F3432BECE6C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.50:*:*:*:*:*:*:*",
"matchCriteriaId": "C968FBE9-191A-40B1-9A69-BF24511E40B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.51:*:*:*:*:*:*:*",
"matchCriteriaId": "FC77E1B6-E368-4ECD-8459-69C718CE5409",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.60:*:*:*:*:*:*:*",
"matchCriteriaId": "D89047FD-39F0-4614-B1EC-D13BAF57405E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.70:*:*:*:*:*:*:*",
"matchCriteriaId": "6CDF2120-F341-4C2E-88C1-A6C76626BFF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.80:*:*:*:*:*:*:*",
"matchCriteriaId": "01DFC15C-3513-4E94-B46D-94FEA0D627FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.90:*:*:*:*:*:*:*",
"matchCriteriaId": "F4E068D3-F6B5-4102-B9FA-949E2FAA33D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.00:*:*:*:*:*:*:*",
"matchCriteriaId": "7E6BD551-EC6A-4C77-B9E7-B9CF3DC21021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "01B0FE2D-02BC-4081-B172-64A74389C5F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "43433ECE-8225-43EE-9F5E-FBB170B60CFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "1615ACA2-32CC-48B7-AB5A-0BB0FDA7F190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.30:*:*:*:*:*:*:*",
"matchCriteriaId": "F5ABAE43-0EEF-44D5-AB36-44DA54290122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.40:*:*:*:*:*:*:*",
"matchCriteriaId": "AD33CE40-DFC9-4BDC-BF4F-9E0B268B8503",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.50:*:*:*:*:*:*:*",
"matchCriteriaId": "8608F5A2-B6FA-43C6-9862-43DBAF01EB1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.60:*:*:*:*:*:*:*",
"matchCriteriaId": "53663534-8617-47D7-B4B7-A6C0D6168E86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "E815171B-B054-450F-A9B3-2D522161DD02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "CD941A62-A41E-41CB-80C0-8B780AC39FB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "786287DD-2565-4931-BBA0-2CACD7671352",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.2.50:*:*:*:*:*:*:*",
"matchCriteriaId": "4784DC04-D2C5-46C6-831F-23D69B4B0513",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.2.60:*:*:*:*:*:*:*",
"matchCriteriaId": "9C219DAB-C13C-4232-8B98-2D7A9ED16E30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.2.70:*:*:*:*:*:*:*",
"matchCriteriaId": "F88507A8-6143-4FB7-8027-EFB0C981ED8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.2.80:*:*:*:*:*:*:*",
"matchCriteriaId": "E35C0772-8265-415F-A390-530640DB9599",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.2.90:*:*:*:*:*:*:*",
"matchCriteriaId": "BFA35DAA-1DC2-41D2-ADC7-F922FA658CAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.3.20:*:*:*:*:*:*:*",
"matchCriteriaId": "4C02919F-4201-4D1E-8395-04C6A7193077",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.3.30:*:*:*:*:*:*:*",
"matchCriteriaId": "727B060B-7600-4AD4-B66E-1A559B6EDA2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.335:*:*:*:*:*:*:*",
"matchCriteriaId": "7E3FF2E4-F2EF-43E7-911A-7744C4206216",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.336:*:*:*:*:*:*:*",
"matchCriteriaId": "09557B9C-3813-4466-995C-9FE3DC86B284",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.337:*:*:*:*:*:*:*",
"matchCriteriaId": "215FE3BC-30AB-40DD-A9F9-13E8F1F25CC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.340:*:*:*:*:*:*:*",
"matchCriteriaId": "85A8F9EA-7A8D-4BA9-9732-DE93388800A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.343:*:*:*:*:*:*:*",
"matchCriteriaId": "4272E132-D632-4E88-BB68-BBA15FA68546",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.360:*:*:*:*:*:*:*",
"matchCriteriaId": "080FCFDE-557E-4D35-8701-96AC28381ADF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.370:*:*:*:*:*:*:*",
"matchCriteriaId": "E948F223-D365-4D5B-9C2B-FB064F8DC00B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Webmin before 1.500 and Usermin before 1.430 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Webmin anterior a 1.500 y Usermin anterior a 1.430, permite a atacantes remotos inyectar secuencias de comandos Web o HTML de su elecci\u00f3n a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2009-4568",
"lastModified": "2024-11-21T01:09:56.447",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-01-05T19:00:00.340",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37648"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:036"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/37259"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3457"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.webmin.com/security.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37648"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:036"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/37259"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3457"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.webmin.com/security.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-10-12 16:15
Modified
2024-11-21 05:39
Severity ?
Summary
An XSS Vulnerability exists in Webmin 1.941 and earlier affecting the Cluster Shell Commands Endpoint. A user may enter any XSS Payload into the Command field and execute it. Then, after revisiting the Cluster Shell Commands Menu, the XSS Payload will be rendered and executed.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.webmin.com/security.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.webmin.com/security.html | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "10FD4323-6E4B-4F7A-AB7B-D4F1A7635685",
"versionEndIncluding": "1.941",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An XSS Vulnerability exists in Webmin 1.941 and earlier affecting the Cluster Shell Commands Endpoint. A user may enter any XSS Payload into the Command field and execute it. Then, after revisiting the Cluster Shell Commands Menu, the XSS Payload will be rendered and executed."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de tipo XSS en Webmin versiones 1.941 y anteriores, afectando al Endpoint Cluster Shell Commands.\u0026#xa0;Un usuario puede ingresar cualquier Carga \u00datil XSS en el campo Command y ejecutarlo.\u0026#xa0;Luego, despu\u00e9s de volver a visitar al Men\u00fa de Cluster Shell Commands, la carga \u00fatil de tipo XSS ser\u00e1 renderizada y ejecutada"
}
],
"id": "CVE-2020-8820",
"lastModified": "2024-11-21T05:39:30.267",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-12T16:15:12.513",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.webmin.com/security.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.webmin.com/security.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:56
Severity ?
Summary
Unknown vulnerability in (1) Webmin and (2) Usermin before 1.200 causes Webmin to change permissions and ownership of configuration files, with unknown impact.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:usermin:usermin:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1AD41B8B-72C0-411F-83E7-A82E1642FA26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "65A99166-28DF-4651-985F-922DBB06687E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0F9EACC7-1464-4476-9AA1-50DD902A3489",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CD343610-8BE2-4916-AF30-66B21330D84C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0D54B4D9-5218-41F9-A701-F960199EE520",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B352FF6B-989C-4540-B434-9452851F745C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.91:*:*:*:*:*:*:*",
"matchCriteriaId": "F83F9841-49C7-410A-891F-365BBA043D2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.92:*:*:*:*:*:*:*",
"matchCriteriaId": "711485C5-F16A-4481-AEE3-E2AF1BAA09DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.93:*:*:*:*:*:*:*",
"matchCriteriaId": "FD5B9395-DCEA-4615-825E-1C4B42F25E2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.94:*:*:*:*:*:*:*",
"matchCriteriaId": "0B7162DD-DFE1-478D-B87C-28C393E20941",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.95:*:*:*:*:*:*:*",
"matchCriteriaId": "A01D1150-FCDE-47F5-BFE6-F06A294D7B29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.96:*:*:*:*:*:*:*",
"matchCriteriaId": "2D673B88-A9D9-4D22-9531-7F06791BC551",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.97:*:*:*:*:*:*:*",
"matchCriteriaId": "538021A3-2A6E-446F-B14D-4DCC7A470E55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.98:*:*:*:*:*:*:*",
"matchCriteriaId": "BB1A2A26-1187-46BE-8EFC-F3C325679245",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:0.99:*:*:*:*:*:*:*",
"matchCriteriaId": "6E70B0A6-31C9-4D78-B4B9-E75B45B6368C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.000:*:*:*:*:*:*:*",
"matchCriteriaId": "C70274C3-7CA0-49A2-B63C-7DAF492CCD0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.010:*:*:*:*:*:*:*",
"matchCriteriaId": "A7C4A319-0EA6-47E0-831A-27530DCF714E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.020:*:*:*:*:*:*:*",
"matchCriteriaId": "D1009D90-9851-441B-A2E2-FA5B676E8182",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.030:*:*:*:*:*:*:*",
"matchCriteriaId": "934A3D3F-CF10-478C-9206-DB468BCA4702",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.040:*:*:*:*:*:*:*",
"matchCriteriaId": "77B42570-F094-4C25-B246-6439D3FF4B30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.051:*:*:*:*:*:*:*",
"matchCriteriaId": "69A30BB5-2C3F-4C39-8CDC-CC0CC280384C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.060:*:*:*:*:*:*:*",
"matchCriteriaId": "753BF8DE-D225-4301-A6A6-50CD60B34234",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.070:*:*:*:*:*:*:*",
"matchCriteriaId": "FC37A972-11D7-4C85-A8DC-5EDE808629F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.080:*:*:*:*:*:*:*",
"matchCriteriaId": "EA7131C0-4FE1-4D69-9B21-8A9BFADE2A2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.090:*:*:*:*:*:*:*",
"matchCriteriaId": "6499BF74-CA64-4192-A45F-0D8B30C1FF37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.100:*:*:*:*:*:*:*",
"matchCriteriaId": "C0E9BC53-C2EC-43B8-9B5D-40675CF4C335",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.110:*:*:*:*:*:*:*",
"matchCriteriaId": "4702AEBE-E774-4015-974C-761901D50697",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.120:*:*:*:*:*:*:*",
"matchCriteriaId": "9AC9875A-3D23-4E4B-9A18-F8F86A62E5DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.130:*:*:*:*:*:*:*",
"matchCriteriaId": "8AED1941-33C5-4C29-BC85-F43B0BE3920B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.140:*:*:*:*:*:*:*",
"matchCriteriaId": "D05ED34F-0D69-4A4F-B59B-15437E991075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EDACA626-1687-4192-A2E8-C74823B715A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A9641C23-B30A-4CB2-A348-BD708F68F90A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0852A462-22ED-422D-A454-0A6E026D9AD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "97FEF73D-767D-4BF2-AA12-67268719A404",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.80:*:*:*:*:*:*:*",
"matchCriteriaId": "23522A64-FD03-4C5B-9A8A-5E7CDDC65CEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.90:*:*:*:*:*:*:*",
"matchCriteriaId": "957C7CA1-DD36-409C-B7E5-01B719B4695E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.91:*:*:*:*:*:*:*",
"matchCriteriaId": "0B0813F3-1886-481E-8822-4BD199C4934F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.92:*:*:*:*:*:*:*",
"matchCriteriaId": "6D25A7CA-ED9D-4562-8965-D4906D1BE5FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.93:*:*:*:*:*:*:*",
"matchCriteriaId": "C1F2D028-F2F9-4CE0-A24B-7DB44D488D4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.94:*:*:*:*:*:*:*",
"matchCriteriaId": "82EE7A9B-5688-4933-95B9-476873D44A65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.95:*:*:*:*:*:*:*",
"matchCriteriaId": "30A57D7A-B989-4D82-B667-029A245AA6D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.96:*:*:*:*:*:*:*",
"matchCriteriaId": "C664186B-DD40-490B-B2DE-4279B00102F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.97:*:*:*:*:*:*:*",
"matchCriteriaId": "88E1D6C5-20FE-4514-B618-312BB19E5F6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.98:*:*:*:*:*:*:*",
"matchCriteriaId": "B5017EA5-7188-4293-9FDF-5D23DCB40B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.99:*:*:*:*:*:*:*",
"matchCriteriaId": "FF6C5F07-330D-46C5-8A8B-8DF734F4640F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.00:*:*:*:*:*:*:*",
"matchCriteriaId": "2B4A574A-5B2A-4769-B932-E1736564160A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C644D728-1DD4-48E0-9E42-35E836006F41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "D9425C1F-5E6A-489A-9A8B-9156E79FEAA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.30:*:*:*:*:*:*:*",
"matchCriteriaId": "8B8347DA-13F8-40E9-B9EA-2703C049AFA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.40:*:*:*:*:*:*:*",
"matchCriteriaId": "BD9C3443-526E-4D68-9C7E-F3432BECE6C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.51:*:*:*:*:*:*:*",
"matchCriteriaId": "FC77E1B6-E368-4ECD-8459-69C718CE5409",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.60:*:*:*:*:*:*:*",
"matchCriteriaId": "D89047FD-39F0-4614-B1EC-D13BAF57405E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.70:*:*:*:*:*:*:*",
"matchCriteriaId": "6CDF2120-F341-4C2E-88C1-A6C76626BFF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.80:*:*:*:*:*:*:*",
"matchCriteriaId": "01DFC15C-3513-4E94-B46D-94FEA0D627FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.90:*:*:*:*:*:*:*",
"matchCriteriaId": "F4E068D3-F6B5-4102-B9FA-949E2FAA33D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.00:*:*:*:*:*:*:*",
"matchCriteriaId": "7E6BD551-EC6A-4C77-B9E7-B9CF3DC21021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "01B0FE2D-02BC-4081-B172-64A74389C5F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "43433ECE-8225-43EE-9F5E-FBB170B60CFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.30:*:*:*:*:*:*:*",
"matchCriteriaId": "F5ABAE43-0EEF-44D5-AB36-44DA54290122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.40:*:*:*:*:*:*:*",
"matchCriteriaId": "AD33CE40-DFC9-4BDC-BF4F-9E0B268B8503",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unknown vulnerability in (1) Webmin and (2) Usermin before 1.200 causes Webmin to change permissions and ownership of configuration files, with unknown impact."
}
],
"id": "CVE-2005-1177",
"lastModified": "2024-11-20T23:56:47.107",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-02T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1013723"
},
{
"source": "cve@mitre.org",
"url": "http://www.webmin.com/changes.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.webmin.com/uchanges.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20607"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1013723"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.webmin.com/changes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.webmin.com/uchanges.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20607"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-11-02 20:15
Modified
2024-11-21 07:20
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability, which was classified as problematic, was found in Webmin 2.001. Affected is an unknown function of the file xterm/index.cgi. The manipulation leads to basic cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.003 is able to address this issue. The patch is identified as d3d33af3c0c3fd3a889c84e287a038b7a457d811. It is recommended to upgrade the affected component. VDB-212862 is the identifier assigned to this vulnerability.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/webmin/webmin/commit/d3d33af3c0c3fd3a889c84e287a038b7a457d811 | Patch | |
| cna@vuldb.com | https://github.com/webmin/webmin/releases/tag/2.003 | Release Notes | |
| cna@vuldb.com | https://vuldb.com/?ctiid.212862 | Third Party Advisory, VDB Entry | |
| cna@vuldb.com | https://vuldb.com/?id.212862 | Permissions Required, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/webmin/webmin/commit/d3d33af3c0c3fd3a889c84e287a038b7a457d811 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/webmin/webmin/releases/tag/2.003 | Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?ctiid.212862 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://vuldb.com/?id.212862 | Permissions Required, Third Party Advisory, VDB Entry |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:2.001:*:*:*:*:*:*:*",
"matchCriteriaId": "21C2886F-985F-41E4-9503-D775AFA80A40",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in Webmin 2.001. Affected is an unknown function of the file xterm/index.cgi. The manipulation leads to basic cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.003 is able to address this issue. The patch is identified as d3d33af3c0c3fd3a889c84e287a038b7a457d811. It is recommended to upgrade the affected component. VDB-212862 is the identifier assigned to this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en Webmin 2.001 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del archivo xterm/index.cgi es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a Cross-Site Scripting (XSS). Es posible lanzar el ataque de forma remota. La actualizaci\u00f3n a la versi\u00f3n 2.003 puede solucionar este problema. El nombre del parche es d3d33af3c0c3fd3a889c84e287a038b7a457d811. Se recomienda actualizar el componente afectado. VDB-212862 es el identificador asignado a esta vulnerabilidad."
}
],
"id": "CVE-2022-3844",
"lastModified": "2024-11-21T07:20:21.160",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "cna@vuldb.com",
"type": "Secondary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4,
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-11-02T20:15:11.023",
"references": [
{
"source": "cna@vuldb.com",
"tags": [
"Patch"
],
"url": "https://github.com/webmin/webmin/commit/d3d33af3c0c3fd3a889c84e287a038b7a457d811"
},
{
"source": "cna@vuldb.com",
"tags": [
"Release Notes"
],
"url": "https://github.com/webmin/webmin/releases/tag/2.003"
},
{
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.212862"
},
{
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.212862"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/webmin/webmin/commit/d3d33af3c0c3fd3a889c84e287a038b7a457d811"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://github.com/webmin/webmin/releases/tag/2.003"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?ctiid.212862"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://vuldb.com/?id.212862"
}
],
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-80"
}
],
"source": "cna@vuldb.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-31 15:15
Modified
2024-11-21 08:13
Severity ?
Summary
An issue was discovered in Webmin 2.021. A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the package search functionality. The vulnerability allows an attacker to inject a malicious payload in the "Search for Package" field, which gets reflected back in the application's response, leading to the execution of arbitrary JavaScript code within the context of the victim's browser.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38309 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://webmin.com/tags/webmin-changelog/ | Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38309 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://webmin.com/tags/webmin-changelog/ | Release Notes |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:2.021:*:*:*:*:*:*:*",
"matchCriteriaId": "80238B58-DA47-4036-900B-61044249B404",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Webmin 2.021. A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the package search functionality. The vulnerability allows an attacker to inject a malicious payload in the \"Search for Package\" field, which gets reflected back in the application\u0027s response, leading to the execution of arbitrary JavaScript code within the context of the victim\u0027s browser."
}
],
"id": "CVE-2023-38309",
"lastModified": "2024-11-21T08:13:17.847",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-31T15:15:10.847",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38309"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://webmin.com/tags/webmin-changelog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38309"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://webmin.com/tags/webmin-changelog/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-09-22 10:03
Modified
2024-11-21 00:00
Severity ?
Summary
miniserv.pl in Webmin before 1.230 and Usermin before 1.160, when "full PAM conversations" is enabled, allows remote attackers to bypass authentication by spoofing session IDs via certain metacharacters (line feed or carriage return).
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:usermin:usermin:1.150:*:*:*:*:*:*:*",
"matchCriteriaId": "B443FCF7-5949-4084-BA55-74F45A8ADB66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "E815171B-B054-450F-A9B3-2D522161DD02",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "miniserv.pl in Webmin before 1.230 and Usermin before 1.160, when \"full PAM conversations\" is enabled, allows remote attackers to bypass authentication by spoofing session IDs via certain metacharacters (line feed or carriage return)."
}
],
"id": "CVE-2005-3042",
"lastModified": "2024-11-21T00:00:59.760",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-09-22T10:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2005-09/0257.html"
},
{
"source": "cve@mitre.org",
"url": "http://jvn.jp/jp/JVN%2340940493/index.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/16858"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/17282"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/17"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-17.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/83_e.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:176"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2005_24_sr.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/19575"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/14889"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2005/1791"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.webmin.com/changes-1.230.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.webmin.com/uchanges-1.160.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2005-09/0257.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/jp/JVN%2340940493/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/16858"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17282"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-17.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/83_e.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:176"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2005_24_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/19575"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/14889"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/1791"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.webmin.com/changes-1.230.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.webmin.com/uchanges-1.160.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-13 22:15
Modified
2024-11-21 08:20
Severity ?
Summary
A Stored Cross-Site Scripting (XSS) vulnerability in the mail forwarding and replies tab in Webmin and Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the forward to field while creating a mail forwarding rule.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:usermin:2.000:*:*:*:*:*:*:*",
"matchCriteriaId": "ED13897E-B6FB-4976-9037-2136FDFE1A50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:2.000:*:*:*:*:*:*:*",
"matchCriteriaId": "32C6CF7F-1287-4AB2-B4C0-801AC1EC3CB5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Stored Cross-Site Scripting (XSS) vulnerability in the mail forwarding and replies tab in Webmin and Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the forward to field while creating a mail forwarding rule."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Cross-Site Scripting (XSS) almacenado en la pesta\u00f1a de reenv\u00edo de correo y respuestas en Webmin y Usermin 2.000 permite a atacantes remotos inyectar scripts web o HTML de su elecci\u00f3n a trav\u00e9s del campo reenviar a mientras crean una regla de reenv\u00edo de correo."
}
],
"id": "CVE-2023-41155",
"lastModified": "2024-11-21T08:20:41.027",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-13T22:15:08.747",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/shindeanik/Usermin-2.000/blob/main/CVE-2023-41155"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://webmin.com/tags/webmin-changelog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/shindeanik/Usermin-2.000/blob/main/CVE-2023-41155"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://webmin.com/tags/webmin-changelog/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-11 06:15
Modified
2024-11-21 06:06
Severity ?
Summary
A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 through the File Manager feature.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Mesh3l911/CVE-2021-32161 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Mesh3l911/CVE-2021-32161 | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:1.973:*:*:*:*:*:*:*",
"matchCriteriaId": "36AF9E26-A663-4BCE-AD76-CABD6DA36B66",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 through the File Manager feature."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de tipo Cross-Site Scripting (XSS) en Webmin versi\u00f3n 1.973 mediante la funci\u00f3n File Manager"
}
],
"id": "CVE-2021-32161",
"lastModified": "2024-11-21T06:06:53.413",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-11T06:15:08.493",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Mesh3l911/CVE-2021-32161"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Mesh3l911/CVE-2021-32161"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-31 15:15
Modified
2024-11-21 08:13
Severity ?
Summary
An issue was discovered in Webmin 2.021. One can exploit a stored Cross-Site Scripting (XSS) attack to achieve Remote Command Execution (RCE) through the Users and Group's real name parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38303 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://webmin.com/tags/webmin-changelog/ | Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38303 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://webmin.com/tags/webmin-changelog/ | Release Notes |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:2.021:*:*:*:*:*:*:*",
"matchCriteriaId": "80238B58-DA47-4036-900B-61044249B404",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Webmin 2.021. One can exploit a stored Cross-Site Scripting (XSS) attack to achieve Remote Command Execution (RCE) through the Users and Group\u0027s real name parameter."
}
],
"id": "CVE-2023-38303",
"lastModified": "2024-11-21T08:13:16.927",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-31T15:15:10.487",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38303"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://webmin.com/tags/webmin-changelog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38303"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://webmin.com/tags/webmin-changelog/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-26 18:15
Modified
2024-11-21 04:29
Severity ?
Summary
rpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execution via a crafted object name because unserialise_variable makes an eval call. NOTE: the Webmin_Servers_Index documentation states "RPC can be used to run any command or modify any file on a server, which is why access to it must not be granted to un-trusted Webmin users."
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0662557D-EC4E-4850-BC78-AA3A5B67CAE8",
"versionEndIncluding": "1.920",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "rpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execution via a crafted object name because unserialise_variable makes an eval call. NOTE: the Webmin_Servers_Index documentation states \"RPC can be used to run any command or modify any file on a server, which is why access to it must not be granted to un-trusted Webmin users.\""
},
{
"lang": "es",
"value": "rpc.cgi en Webmin hasta la version 1.920 permite la ejecuci\u00f3n remota de c\u00f3digo autenticada a trav\u00e9s de un nombre de objeto dise\u00f1ado porque unserialise_variable realiza una llamada de evaluaci\u00f3n. NOTA: la documentaci\u00f3n de Webmin_Servers_Index establece que \"RPC se puede usar para ejecutar cualquier comando o modificar cualquier archivo en un servidor, por lo que no se debe otorgar acceso a los usuarios de Webmin que no son de confianza\"."
}
],
"id": "CVE-2019-15642",
"lastModified": "2024-11-21T04:29:11.003",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-26T18:15:12.983",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://doxfer.webmin.com/Webmin/Webmin_Servers_Index"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/webmin/webmin/blob/ab5e00e41ea1ecc1e24b8f8693f3495a0abb1aed/rpc.cgi#L26-L37"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/webmin/webmin/commit/df8a43fb4bdc9c858874f72773bcba597ae9432c"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://www.calypt.com/blog/index.php/authenticated-rce-on-webmin/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://doxfer.webmin.com/Webmin/Webmin_Servers_Index"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/webmin/webmin/blob/ab5e00e41ea1ecc1e24b8f8693f3495a0abb1aed/rpc.cgi#L26-L37"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/webmin/webmin/commit/df8a43fb4bdc9c858874f72773bcba597ae9432c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://www.calypt.com/blog/index.php/authenticated-rce-on-webmin/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-05-15 03:15
Modified
2024-11-21 07:03
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Webmin through 1.991, when the Authentic theme is used, allows remote code execution when a user has been manually created (i.e., not created in Virtualmin or Cloudmin). This occurs because settings-editor_write.cgi does not properly restrict the file parameter.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E7E66E77-42F1-435A-A63C-00C63E08F2AF",
"versionEndIncluding": "1.991",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Webmin through 1.991, when the Authentic theme is used, allows remote code execution when a user has been manually created (i.e., not created in Virtualmin or Cloudmin). This occurs because settings-editor_write.cgi does not properly restrict the file parameter."
},
{
"lang": "es",
"value": "Webmin versiones hasta 1.991, cuando es usado el tema Authentic, permite una ejecuci\u00f3n de c\u00f3digo remota cuando un usuario ha sido creado manualmente (es decir, no ha sido creado en Virtualmin o Cloudmin). Esto ocurre porque settings-editor_write.cgi no restringe apropiadamente el par\u00e1metro de archivo"
}
],
"id": "CVE-2022-30708",
"lastModified": "2024-11-21T07:03:13.387",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "cve@mitre.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-05-15T03:15:07.060",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/esp0xdeadbeef/rce_webmin"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/esp0xdeadbeef/rce_webmin/blob/main/exploit.py"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/webmin/authentic-theme/releases"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/webmin/webmin/commit/6a2334bf8b27d55c7edf0b2825cd14f3f8a69d4d"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/webmin/webmin/issues/1635"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/webmin/webmin/releases"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://webmin.com/changes.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.twitch.tv/videos/1483029790"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/esp0xdeadbeef/rce_webmin"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/esp0xdeadbeef/rce_webmin/blob/main/exploit.py"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/webmin/authentic-theme/releases"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/webmin/webmin/commit/6a2334bf8b27d55c7edf0b2825cd14f3f8a69d4d"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/webmin/webmin/issues/1635"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/webmin/webmin/releases"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://webmin.com/changes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.twitch.tv/videos/1483029790"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-10-20 04:00
Modified
2024-11-20 23:48
Severity ?
Summary
The maketemp.pl script in Usermin 1.070 and 1.080 allows local users to overwrite arbitrary files at install time via a symlink attack on the /tmp/.usermin directory.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| usermin | usermin | 1.000 | |
| usermin | usermin | 1.010 | |
| usermin | usermin | 1.020 | |
| usermin | usermin | 1.030 | |
| usermin | usermin | 1.040 | |
| usermin | usermin | 1.051 | |
| usermin | usermin | 1.060 | |
| usermin | usermin | 1.070 | |
| usermin | usermin | 1.080 | |
| webmin | webmin | 1.0.00 | |
| webmin | webmin | 1.0.20 | |
| webmin | webmin | 1.0.50 | |
| webmin | webmin | 1.0.60 | |
| webmin | webmin | 1.0.70 | |
| webmin | webmin | 1.0.80 | |
| webmin | webmin | 1.0.90 | |
| webmin | webmin | 1.1.00 | |
| webmin | webmin | 1.1.10 | |
| webmin | webmin | 1.1.21 | |
| webmin | webmin | 1.1.30 | |
| webmin | webmin | 1.1.40 | |
| webmin | webmin | 1.1.50 | |
| mandrakesoft | mandrake_linux | 9.2 | |
| mandrakesoft | mandrake_linux | 9.2 | |
| mandrakesoft | mandrake_linux | 10.0 | |
| mandrakesoft | mandrake_linux | 10.0 | |
| mandrakesoft | mandrake_linux_corporate_server | 2.1 | |
| mandrakesoft | mandrake_linux_corporate_server | 2.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:usermin:usermin:1.000:*:*:*:*:*:*:*",
"matchCriteriaId": "C70274C3-7CA0-49A2-B63C-7DAF492CCD0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.010:*:*:*:*:*:*:*",
"matchCriteriaId": "A7C4A319-0EA6-47E0-831A-27530DCF714E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.020:*:*:*:*:*:*:*",
"matchCriteriaId": "D1009D90-9851-441B-A2E2-FA5B676E8182",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.030:*:*:*:*:*:*:*",
"matchCriteriaId": "934A3D3F-CF10-478C-9206-DB468BCA4702",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.040:*:*:*:*:*:*:*",
"matchCriteriaId": "77B42570-F094-4C25-B246-6439D3FF4B30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.051:*:*:*:*:*:*:*",
"matchCriteriaId": "69A30BB5-2C3F-4C39-8CDC-CC0CC280384C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.060:*:*:*:*:*:*:*",
"matchCriteriaId": "753BF8DE-D225-4301-A6A6-50CD60B34234",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.070:*:*:*:*:*:*:*",
"matchCriteriaId": "FC37A972-11D7-4C85-A8DC-5EDE808629F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.080:*:*:*:*:*:*:*",
"matchCriteriaId": "EA7131C0-4FE1-4D69-9B21-8A9BFADE2A2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.00:*:*:*:*:*:*:*",
"matchCriteriaId": "2B4A574A-5B2A-4769-B932-E1736564160A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "D9425C1F-5E6A-489A-9A8B-9156E79FEAA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.50:*:*:*:*:*:*:*",
"matchCriteriaId": "C968FBE9-191A-40B1-9A69-BF24511E40B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.60:*:*:*:*:*:*:*",
"matchCriteriaId": "D89047FD-39F0-4614-B1EC-D13BAF57405E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.70:*:*:*:*:*:*:*",
"matchCriteriaId": "6CDF2120-F341-4C2E-88C1-A6C76626BFF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.80:*:*:*:*:*:*:*",
"matchCriteriaId": "01DFC15C-3513-4E94-B46D-94FEA0D627FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.90:*:*:*:*:*:*:*",
"matchCriteriaId": "F4E068D3-F6B5-4102-B9FA-949E2FAA33D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.00:*:*:*:*:*:*:*",
"matchCriteriaId": "7E6BD551-EC6A-4C77-B9E7-B9CF3DC21021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "01B0FE2D-02BC-4081-B172-64A74389C5F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "1615ACA2-32CC-48B7-AB5A-0BB0FDA7F190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.30:*:*:*:*:*:*:*",
"matchCriteriaId": "F5ABAE43-0EEF-44D5-AB36-44DA54290122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.40:*:*:*:*:*:*:*",
"matchCriteriaId": "AD33CE40-DFC9-4BDC-BF4F-9E0B268B8503",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.50:*:*:*:*:*:*:*",
"matchCriteriaId": "8608F5A2-B6FA-43C6-9862-43DBAF01EB1C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4177C378-7729-46AB-B49B-C6DAED3200E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:9.2:*:amd64:*:*:*:*:*",
"matchCriteriaId": "2164D10D-D1A4-418A-A9C8-CA8FAB1E90A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A06E5CD0-8BEC-4F4C-9E11-1FEE0563946C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:amd64:*:*:*:*:*",
"matchCriteriaId": "A3BDD466-84C9-4CFC-A3A8-7AC0F752FB53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E0F0D201-B1DC-4024-AF77-A284673618F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:x86_64:*:*:*:*:*",
"matchCriteriaId": "052E3862-BFB7-42E7-889D-8590AFA8EF37",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The maketemp.pl script in Usermin 1.070 and 1.080 allows local users to overwrite arbitrary files at install time via a symlink attack on the /tmp/.usermin directory."
},
{
"lang": "es",
"value": "El script maketemp.pl en Usermin 1.070 y 1.080 permite a usuarios locales sobreescribir ficheros de su elecci\u00f3n durante la instalaci\u00f3n mediante un ataque de enlaces simb\u00f3licos en el directorio /tmp/.usermin"
}
],
"id": "CVE-2004-0559",
"lastModified": "2024-11-20T23:48:51.420",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-10-20T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12488/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-15.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/11153"
},
{
"source": "cve@mitre.org",
"url": "http://www.webmin.com/uchanges-1.089.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17299"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12488/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-15.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/11153"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.webmin.com/uchanges-1.089.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17299"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-15 01:15
Modified
2024-11-21 08:20
Severity ?
Summary
An issue was discovered in Webmin 2.100. The File Manager functionality allows an attacker to exploit a Cross-Site Scripting (XSS) vulnerability. By providing a malicious payload, an attacker can inject arbitrary code, which is then executed within the context of the victim's browser when any file is searched/replaced.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://webmin.com | Product | |
| cve@mitre.org | https://github.com/Vi39/Webmin-2.100/blob/main/CVE-2023-40985 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://webmin.com | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Vi39/Webmin-2.100/blob/main/CVE-2023-40985 | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:2.100:*:*:*:*:*:*:*",
"matchCriteriaId": "C1B4BC89-37BB-4538-887D-DE2B0930BDED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Webmin 2.100. The File Manager functionality allows an attacker to exploit a Cross-Site Scripting (XSS) vulnerability. By providing a malicious payload, an attacker can inject arbitrary code, which is then executed within the context of the victim\u0027s browser when any file is searched/replaced."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Webmin 2.100. La funcionalidad del Administrador de Archivos permite a un atacante explotar una vulnerabilidad de Cross-Site Scripting (XSS). Al proporcionar un payload malicioso, un atacante puede inyectar c\u00f3digo arbitrario, que luego se ejecuta dentro del contexto del navegador de la v\u00edctima cuando se busca o reemplaza cualquier archivo."
}
],
"id": "CVE-2023-40985",
"lastModified": "2024-11-21T08:20:22.323",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-15T01:15:07.787",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "http://webmin.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Vi39/Webmin-2.100/blob/main/CVE-2023-40985"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "http://webmin.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Vi39/Webmin-2.100/blob/main/CVE-2023-40985"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-03-21 16:00
Modified
2024-11-21 03:57
Severity ?
Summary
Webmin 1.890 has XSS via /config.cgi?webmin, the /shell/index.cgi history parameter, /shell/index.cgi?stripped=1, or the /webminlog/search.cgi uall or mall parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/151144/Webmin-1.890-Cross-Site-Scripting.html | Exploit, Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.webmin.com/index.html | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/151144/Webmin-1.890-Cross-Site-Scripting.html | Exploit, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.webmin.com/index.html | Product |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:1.890:*:*:*:*:*:*:*",
"matchCriteriaId": "EF2C06D5-4D9A-47A2-8540-0FBE5503770A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Webmin 1.890 has XSS via /config.cgi?webmin, the /shell/index.cgi history parameter, /shell/index.cgi?stripped=1, or the /webminlog/search.cgi uall or mall parameter."
},
{
"lang": "es",
"value": "Webmin 1.890 tiene Cross-Site Scripting (XSS) mediante /config.cgi?webmin, el par\u00e1metro history en /shell/index.cgi, /shell/index.cgi?stripped=1 o los par\u00e1metros uall o mall en /webminlog/search.cgi."
}
],
"id": "CVE-2018-19191",
"lastModified": "2024-11-21T03:57:30.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-03-21T16:00:30.327",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/151144/Webmin-1.890-Cross-Site-Scripting.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "http://www.webmin.com/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/151144/Webmin-1.890-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "http://www.webmin.com/index.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-15 03:15
Modified
2024-11-21 08:20
Severity ?
Summary
A stored cross-site scripting (XSS) vulnerability in Webmin v2.100 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cloned module name parameter.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://webmin.com | Product | |
| cve@mitre.org | https://github.com/Vi39/Webmin-2.100/blob/main/CVE-2023-40982 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://webmin.com | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Vi39/Webmin-2.100/blob/main/CVE-2023-40982 | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:2.100:*:*:*:*:*:*:*",
"matchCriteriaId": "C1B4BC89-37BB-4538-887D-DE2B0930BDED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting (XSS) vulnerability in Webmin v2.100 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cloned module name parameter."
},
{
"lang": "es",
"value": "Una vulnerabilidad cross-site scripting (XSS) almacenadas en Webmin v2.100 permite a los atacantes ejecutar scripts web o HTML arbitrarias a trav\u00e9s de payload elaborado inyectado en el m\u00f3dulo clonado en el par\u00e1metro nombre."
}
],
"id": "CVE-2023-40982",
"lastModified": "2024-11-21T08:20:21.847",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-15T03:15:09.047",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "http://webmin.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Vi39/Webmin-2.100/blob/main/CVE-2023-40982"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "http://webmin.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Vi39/Webmin-2.100/blob/main/CVE-2023-40982"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-09-24 23:17
Modified
2024-11-21 00:37
Severity ?
Summary
Unspecified vulnerability in Webmin before 1.370 on Windows allows remote authenticated users to execute arbitrary commands via a crafted URL.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C32C953-4C70-476D-B943-D8634A5B6703",
"versionEndIncluding": "1.360",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in Webmin before 1.370 on Windows allows remote authenticated users to execute arbitrary commands via a crafted URL."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en Webmin versiones anteriores a 1.370 en Windows permite a usuarios remotos autenticados ejecutar comandos de su elecci\u00f3n mediante un URL manipulado."
}
],
"id": "CVE-2007-5066",
"lastModified": "2024-11-21T00:37:03.620",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-09-24T23:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/40772"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26885"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/25773"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1018731"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/3243"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.webmin.com/security.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36759"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/40772"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26885"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/25773"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018731"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/3243"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.webmin.com/security.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36759"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-02-12 02:00
Modified
2024-11-21 00:42
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Webmin 1.370 and 1.390 and Usermin 1.300 and 1.320 allows remote attackers to inject arbitrary web script or HTML via the search parameter to webmin_search.cgi (aka the search section), and possibly other components accessed through a "search box" or "open file box." NOTE: some of these details are obtained from third party information.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:usermin:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "74E28AB1-D60A-4CFC-9133-552B7AA12D8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:usermin:1.32:*:*:*:*:*:*:*",
"matchCriteriaId": "06EBBDAA-05C2-4CFD-AC36-A24E5A768B09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.370:*:*:*:*:*:*:*",
"matchCriteriaId": "E948F223-D365-4D5B-9C2B-FB064F8DC00B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.390:*:*:*:*:*:*:*",
"matchCriteriaId": "2B767E9C-D321-4972-BF7A-B5E62956D6CD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Webmin 1.370 and 1.390 and Usermin 1.300 and 1.320 allows remote attackers to inject arbitrary web script or HTML via the search parameter to webmin_search.cgi (aka the search section), and possibly other components accessed through a \"search box\" or \"open file box.\" NOTE: some of these details are obtained from third party information."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Webmin 1.370 y 1.390 y Usermin 1.300 y 1.320. Permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del par\u00e1metro de b\u00fasqueda a webmin_search.cgi (tambi\u00e9n conocido como la secci\u00f3n de b\u00fasqueda) y posiblemente otros componentes accedidos a trav\u00e9s de una \"caja de b\u00fasqueda\" o \"caja de archivo abierto\". NOTA: algunos de estos detalles se han obtenido de informaci\u00f3n de terceros."
}
],
"id": "CVE-2008-0720",
"lastModified": "2024-11-21T00:42:45.267",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-02-12T02:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://forum.aria-security.net/showthread.php?t=511"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28827"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/487656/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/487678/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/27662"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0450"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://forum.aria-security.net/showthread.php?t=511"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28827"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/487656/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/487678/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/27662"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0450"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-07-04 02:29
Modified
2024-11-21 03:35
Severity ?
Summary
Multiple Cross-site scripting (XSS) vulnerabilities in Webmin before 1.850 allow remote attackers to inject arbitrary web script or HTML via the sec parameter to view_man.cgi, the referers parameter to change_referers.cgi, or the name parameter to save_user.cgi. NOTE: these issues were not fixed in 1.840.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84CBDEDB-2FA2-47C2-BC5C-8AAFBC2ECAB7",
"versionEndIncluding": "1.840",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple Cross-site scripting (XSS) vulnerabilities in Webmin before 1.850 allow remote attackers to inject arbitrary web script or HTML via the sec parameter to view_man.cgi, the referers parameter to change_referers.cgi, or the name parameter to save_user.cgi. NOTE: these issues were not fixed in 1.840."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de tipo cross-site-scripting (XSS) en Webmin anterior a la versi\u00f3n 1.850, permiten a los atacantes remotos inyectar script web o HTML arbitrario por medio del par\u00e1metro sec en el archivo view_man.cgi, el par\u00e1metro referers en el archivo change_referers.cgi, o el par\u00e1metro name en el archivo save_user.cgi. NOTA: estos problemas no fueron corregidos en la versi\u00f3n 1.840."
}
],
"id": "CVE-2017-9313",
"lastModified": "2024-11-21T03:35:48.980",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-07-04T02:29:00.283",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://seclists.org/bugtraq/2017/Jul/3"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99373"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038814"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://www.webmin.com/changes.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/webmin/webmin/commit/a330e913ee099cb9c586ce1b9267647fc566c1ab"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/webmin/webmin/commit/c2d4a90639afb2403979aa91ba75cb332ae16d1b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://seclists.org/bugtraq/2017/Jul/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/99373"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1038814"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://www.webmin.com/changes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/webmin/webmin/commit/a330e913ee099cb9c586ce1b9267647fc566c1ab"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/webmin/webmin/commit/c2d4a90639afb2403979aa91ba75cb332ae16d1b"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-07-20 11:12
Modified
2024-11-21 02:09
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Webmin before 1.690 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2014-3924.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN49974594/index.html | Vendor Advisory | |
| vultures@jpcert.or.jp | http://jvndb.jvn.jp/jvndb/JVNDB-2014-000059 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN49974594/index.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvndb.jvn.jp/jvndb/JVNDB-2014-000059 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C7098876-1831-4013-AFDC-4B87AEBECEDA",
"versionEndIncluding": "1.680",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.600:*:*:*:*:*:*:*",
"matchCriteriaId": "FDDBEEF5-0D51-4585-9AFF-E317E1E81C4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.610:*:*:*:*:*:*:*",
"matchCriteriaId": "79D5E434-C5D0-476C-991C-E82355AE32B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.620:*:*:*:*:*:*:*",
"matchCriteriaId": "523DF9D1-7E6D-458E-93AD-906AAE97E1CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.630:*:*:*:*:*:*:*",
"matchCriteriaId": "76BD5561-78F2-416F-BDE1-365D887FC061",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.640:*:*:*:*:*:*:*",
"matchCriteriaId": "E5D20433-B154-4CD2-BF7E-2B0F6E93E81C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.650:*:*:*:*:*:*:*",
"matchCriteriaId": "2403CB58-22C6-4B71-B007-4F2B8D942C5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.660:*:*:*:*:*:*:*",
"matchCriteriaId": "6321F048-D25F-4E4C-9994-7FA0D619418D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.670:*:*:*:*:*:*:*",
"matchCriteriaId": "AE07D5AE-0277-493F-8362-C09285A024E6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Webmin before 1.690 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2014-3924."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en Webmin anterior a 1.690 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores no especificados. NOTA: esto podr\u00eda solaparse con CVE-2014-3924."
}
],
"id": "CVE-2014-3885",
"lastModified": "2024-11-21T02:09:03.663",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-07-20T11:12:50.480",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://jvn.jp/en/jp/JVN49974594/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000059"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://jvn.jp/en/jp/JVN49974594/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000059"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-02-10 20:59
Modified
2024-11-21 02:25
Severity ?
Summary
The Read Mail module in Webmin 1.720 allows local users to read arbitrary files via a symlink attack on an unspecified file.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26FF850C-FCA7-48C3-9C10-A33F79EC9B3D",
"versionEndIncluding": "1.720",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Read Mail module in Webmin 1.720 allows local users to read arbitrary files via a symlink attack on an unspecified file."
},
{
"lang": "es",
"value": "El m\u00f3dulo Read Mail en Webmin 1.720 permite a usuarios locales leer ficheros arbitrarios a trav\u00e9s de un ataque de enlace simb\u00f3lico sobre un fichero no especificado."
}
],
"id": "CVE-2015-1377",
"lastModified": "2024-11-21T02:25:17.943",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-02-10T20:59:03.217",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/62157"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.webmin.com/changes.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.webmin.com/security.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/62157"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.webmin.com/changes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.webmin.com/security.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-31 15:15
Modified
2024-11-21 08:13
Severity ?
Summary
An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the configuration settings of the system logs functionality. The vulnerability allows an attacker to store an XSS payload in the configuration settings of specific log files. This results in the execution of that payload whenever the affected log files are accessed.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38310 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://webmin.com/tags/webmin-changelog/ | Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38310 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://webmin.com/tags/webmin-changelog/ | Release Notes |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:2.021:*:*:*:*:*:*:*",
"matchCriteriaId": "80238B58-DA47-4036-900B-61044249B404",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the configuration settings of the system logs functionality. The vulnerability allows an attacker to store an XSS payload in the configuration settings of specific log files. This results in the execution of that payload whenever the affected log files are accessed."
}
],
"id": "CVE-2023-38310",
"lastModified": "2024-11-21T08:13:17.997",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-31T15:15:10.907",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38310"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://webmin.com/tags/webmin-changelog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38310"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://webmin.com/tags/webmin-changelog/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-11 06:15
Modified
2024-11-21 06:06
Severity ?
Summary
A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via the Scheduled Cron Jobs feature.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Mesh3l911/CVE-2021-32157 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Mesh3l911/CVE-2021-32157 | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:1.973:*:*:*:*:*:*:*",
"matchCriteriaId": "36AF9E26-A663-4BCE-AD76-CABD6DA36B66",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via the Scheduled Cron Jobs feature."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de tipo Cross-Site Scripting (XSS) en Webmin versi\u00f3n 1.973, por medio de la funcionalidad Scheduled Cron Jobs"
}
],
"id": "CVE-2021-32157",
"lastModified": "2024-11-21T06:06:52.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-11T06:15:08.290",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Mesh3l911/CVE-2021-32157"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Mesh3l911/CVE-2021-32157"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-31 15:15
Modified
2024-11-21 08:13
Severity ?
Summary
An issue was discovered in Webmin 2.021. A Cross-site Scripting (XSS) Bypass vulnerability was discovered in the file upload functionality. Normally, the application restricts the upload of certain file types such as .svg, .php, etc., and displays an error message if a prohibited file type is detected. However, by following certain steps, an attacker can bypass these restrictions and inject malicious code.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38306 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://webmin.com/tags/webmin-changelog/ | Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38306 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://webmin.com/tags/webmin-changelog/ | Release Notes |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:2.021:*:*:*:*:*:*:*",
"matchCriteriaId": "80238B58-DA47-4036-900B-61044249B404",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Webmin 2.021. A Cross-site Scripting (XSS) Bypass vulnerability was discovered in the file upload functionality. Normally, the application restricts the upload of certain file types such as .svg, .php, etc., and displays an error message if a prohibited file type is detected. However, by following certain steps, an attacker can bypass these restrictions and inject malicious code."
}
],
"id": "CVE-2023-38306",
"lastModified": "2024-11-21T08:13:17.380",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-31T15:15:10.663",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38306"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://webmin.com/tags/webmin-changelog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38306"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://webmin.com/tags/webmin-changelog/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-15 01:15
Modified
2024-11-21 08:20
Severity ?
Summary
A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Replace in Results file.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://webmin.com | Product | |
| cve@mitre.org | https://github.com/Vi39/Webmin-2.100/blob/main/CVE-2023-40984 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://webmin.com | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Vi39/Webmin-2.100/blob/main/CVE-2023-40984 | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:2.100:*:*:*:*:*:*:*",
"matchCriteriaId": "C1B4BC89-37BB-4538-887D-DE2B0930BDED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Replace in Results file."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Cross-Site Scripting (XSS) reflejada en la funci\u00f3n Administrador de Archivos de Webmin v2.100 permite a los atacantes ejecutar un script malicioso mediante la inyecci\u00f3n de un payload manipulado en el fichero Reemplazar en Resultados."
}
],
"id": "CVE-2023-40984",
"lastModified": "2024-11-21T08:20:22.170",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-15T01:15:07.653",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "http://webmin.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Vi39/Webmin-2.100/blob/main/CVE-2023-40984"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "http://webmin.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Vi39/Webmin-2.100/blob/main/CVE-2023-40984"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-03-26 05:00
Modified
2024-11-20 23:34
Severity ?
Summary
webmin 0.84 and earlier allows local users to overwrite and create arbitrary files via a symlink attack.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:0.83:*:*:*:*:*:*:*",
"matchCriteriaId": "DFD94AA9-CABA-4FC8-8367-D5D9D8B4F623",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "webmin 0.84 and earlier allows local users to overwrite and create arbitrary files via a symlink attack."
}
],
"id": "CVE-2001-0222",
"lastModified": "2024-11-20T23:34:52.830",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.2,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 1.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-03-26T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2001-004.0.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-016.php3"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6011"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2001-004.0.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-016.php3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6011"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-09-21 14:15
Modified
2024-11-21 08:23
Severity ?
Summary
There is a stored cross-site scripting (XSS) vulnerability in Webmin 2.002 and below via the Cluster Cron Job tab Input field, which allows attackers to run malicious scripts by injecting a specially crafted payload.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/TishaManandhar/Webmin_xss_POC/blob/main/XSS | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/TishaManandhar/Webmin_xss_POC/blob/main/XSS | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A6202E4-6FD5-4056-A956-30B585DC5FE1",
"versionEndIncluding": "2.002",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is a stored cross-site scripting (XSS) vulnerability in Webmin 2.002 and below via the Cluster Cron Job tab Input field, which allows attackers to run malicious scripts by injecting a specially crafted payload."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Scripting (XSS) almacenado en Webmin 2.002 y versiones anteriores a trav\u00e9s del archivo Cluster Cron Job tab Input, que permite a los atacantes ejecutar scripts maliciosos inyectando un payload manipulado."
}
],
"id": "CVE-2023-43309",
"lastModified": "2024-11-21T08:23:58.503",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-09-21T14:15:10.750",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/TishaManandhar/Webmin_xss_POC/blob/main/XSS"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/TishaManandhar/Webmin_xss_POC/blob/main/XSS"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-25 06:15
Modified
2024-11-21 07:13
Severity ?
Summary
software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD730C30-2C81-45E2-9270-4E2EEB6635B1",
"versionEndExcluding": "1.997",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command."
},
{
"lang": "es",
"value": "El archivo software/apt-lib.pl en Webmin versiones anteriores a 1.997, carece de escape HTML para un comando de la Interfaz de Usuario"
}
],
"id": "CVE-2022-36446",
"lastModified": "2024-11-21T07:13:01.783",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-25T06:15:07.900",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/167894/Webmin-1.996-Remote-Code-Execution.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/168049/Webmin-Package-Updates-Command-Injection.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gist.github.com/emirpolatt/cf19d6c0128fa3e25ebb47e09243919b"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/webmin/webmin/commit/13f7bf9621a82d93f1e9dbd838d1e22020221bde"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/webmin/webmin/compare/1.996...1.997"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/50998"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/167894/Webmin-1.996-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/168049/Webmin-Package-Updates-Command-Injection.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://gist.github.com/emirpolatt/cf19d6c0128fa3e25ebb47e09243919b"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/webmin/webmin/commit/13f7bf9621a82d93f1e9dbd838d1e22020221bde"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/webmin/webmin/compare/1.996...1.997"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/50998"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-116"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-05-30 14:55
Modified
2024-11-21 02:09
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Webmin before 1.690 and Usermin before 1.600 allow remote attackers to inject arbitrary web script or HTML via vectors related to popup windows.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:userwin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0F24BAA2-855C-47B7-8660-94320F4F9351",
"versionEndIncluding": "1.590",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C7098876-1831-4013-AFDC-4B87AEBECEDA",
"versionEndIncluding": "1.680",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Webmin before 1.690 and Usermin before 1.600 allow remote attackers to inject arbitrary web script or HTML via vectors related to popup windows."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en Webmin anterior a 1.690 y Usermin anterior a 1.600 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores relacionados con ventanas emergentes."
}
],
"id": "CVE-2014-3924",
"lastModified": "2024-11-21T02:09:08.400",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-05-30T14:55:09.910",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/58917"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/58919"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/67647"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/67649"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1030296"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id/1030297"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.webmin.com/changes.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.webmin.com/uchanges.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/58917"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/58919"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/67647"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/67649"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1030296"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1030297"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.webmin.com/changes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.webmin.com/uchanges.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-03-14 19:29
Modified
2024-11-21 04:14
Severity ?
Summary
An issue was discovered in Webmin 1.840 and 1.880 when the default Yes setting of "Can view any file as a log file" is enabled. As a result of weak default configuration settings, limited users have full access rights to the underlying Unix system files, allowing the user to read sensitive data from the local system (using Local File Include) such as the '/etc/shadow' file via a "GET /syslog/save_log.cgi?view=1&file=/etc/shadow" request.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:1.840:*:*:*:*:*:*:*",
"matchCriteriaId": "8C90E884-CC69-40BD-928D-22CB3912CE1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.880:*:*:*:*:*:*:*",
"matchCriteriaId": "582E63F5-FB43-41C0-9022-FBBEAE5BAA63",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Webmin 1.840 and 1.880 when the default Yes setting of \"Can view any file as a log file\" is enabled. As a result of weak default configuration settings, limited users have full access rights to the underlying Unix system files, allowing the user to read sensitive data from the local system (using Local File Include) such as the \u0027/etc/shadow\u0027 file via a \"GET /syslog/save_log.cgi?view=1\u0026file=/etc/shadow\" request."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en Webmin 1.840 y 1.880 cuando est\u00e1 habilitada la opci\u00f3n por defecto Yes de \"Can view any file as a log file\". Como resultado de las opciones de configuraci\u00f3n por defecto d\u00e9biles, los usuarios limitados tienen acceso total a los archivos del sistema Unix subyacentes. Esto permite que el usuario lea datos sensibles del sistema local (empleando Local File Include) tales como el archivo \"/etc/shadow\" mediante una petici\u00f3n \"GET /syslog/save_log.cgi?view=1file=/etc/shadow\"."
}
],
"id": "CVE-2018-8712",
"lastModified": "2024-11-21T04:14:11.150",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-03-14T19:29:00.830",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://www.7elements.co.uk/resources/technical-advisories/webmin-1-840-1-880-unrestricted-access-arbitrary-files-using-local-file-include/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://www.7elements.co.uk/resources/technical-advisories/webmin-1-840-1-880-unrestricted-access-arbitrary-files-using-local-file-include/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-12-31 05:00
Modified
2024-11-20 23:37
Severity ?
Summary
run.cgi in Webmin 0.80 and 0.88 creates temporary files with world-writable permissions, which allows local users to execute arbitrary commands.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:0.80:*:*:*:*:*:*:*",
"matchCriteriaId": "23522A64-FD03-4C5B-9A8A-5E7CDDC65CEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.88:*:*:*:*:*:*:*",
"matchCriteriaId": "DBB86BC7-4A99-4C5B-9460-CDDA7C4E4041",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "run.cgi in Webmin 0.80 and 0.88 creates temporary files with world-writable permissions, which allows local users to execute arbitrary commands."
}
],
"id": "CVE-2001-1530",
"lastModified": "2024-11-20T23:37:54.390",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2001-q4/0015.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securiteam.com/unixfocus/6R00M0K2UC.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2001-q4/0015.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securiteam.com/unixfocus/6R00M0K2UC.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-08-06 04:00
Modified
2024-11-20 23:48
Severity ?
Summary
The account lockout functionality in (1) Webmin 1.140 and (2) Usermin 1.070 does not parse certain character strings, which allows remote attackers to conduct a brute force attack to guess user IDs and passwords.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| usermin | usermin | 1.070 | |
| webmin | webmin | 1.1.40 | |
| debian | debian_linux | 3.0 | |
| debian | debian_linux | 3.0 | |
| debian | debian_linux | 3.0 | |
| debian | debian_linux | 3.0 | |
| debian | debian_linux | 3.0 | |
| debian | debian_linux | 3.0 | |
| debian | debian_linux | 3.0 | |
| debian | debian_linux | 3.0 | |
| debian | debian_linux | 3.0 | |
| debian | debian_linux | 3.0 | |
| debian | debian_linux | 3.0 | |
| debian | debian_linux | 3.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:usermin:usermin:1.070:*:*:*:*:*:*:*",
"matchCriteriaId": "FC37A972-11D7-4C85-A8DC-5EDE808629F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.40:*:*:*:*:*:*:*",
"matchCriteriaId": "AD33CE40-DFC9-4BDC-BF4F-9E0B268B8503",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2CAE037F-111C-4A76-8FFE-716B74D65EF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:alpha:*:*:*:*:*",
"matchCriteriaId": "A6B060E4-B5A6-4469-828E-211C52542547",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:arm:*:*:*:*:*",
"matchCriteriaId": "974C3541-990C-4CD4-A05A-38FA74A84632",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:hppa:*:*:*:*:*",
"matchCriteriaId": "6CBF1E0F-C7F3-4F83-9E60-6E63FA7D2775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:ia-32:*:*:*:*:*",
"matchCriteriaId": "58792F77-B06F-4780-BA25-FE1EE6C3FDD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:ia-64:*:*:*:*:*",
"matchCriteriaId": "C9419322-572F-4BB6-8416-C5E96541CF33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:m68k:*:*:*:*:*",
"matchCriteriaId": "BFC50555-C084-46A3-9C9F-949C5E3BB448",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:mips:*:*:*:*:*",
"matchCriteriaId": "9C25D6E1-D283-4CEA-B47B-60C47A5C0797",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:mipsel:*:*:*:*:*",
"matchCriteriaId": "AD18A446-C634-417E-86AC-B19B6DDDC856",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:ppc:*:*:*:*:*",
"matchCriteriaId": "E4BB852E-61B2-4842-989F-C6C0C901A8D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:s-390:*:*:*:*:*",
"matchCriteriaId": "24DD9D59-E2A2-4116-A887-39E8CC2004FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:sparc:*:*:*:*:*",
"matchCriteriaId": "F28D7457-607E-4E0C-909A-413F91CFCD82",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The account lockout functionality in (1) Webmin 1.140 and (2) Usermin 1.070 does not parse certain character strings, which allows remote attackers to conduct a brute force attack to guess user IDs and passwords."
},
{
"lang": "es",
"value": "La funcionalidad lockout en (1)Webmin 1.140 y (2) Usermin 1.070 no process ciertas cadenas de caract\u00e9reis, lo que permite a atacanetes remotos conducir un ataque de fuerza bruta para averiguar IDs de usuario y contrase\u00f1as."
}
],
"id": "CVE-2004-0583",
"lastModified": "2024-11-20T23:48:54.647",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-08-06T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108737059313829\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2004/dsa-526"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200406-12.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200406-15.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/75_e.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:074"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10474"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10523"
},
{
"source": "cve@mitre.org",
"url": "http://www.webmin.com/changes-1.150.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16334"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108737059313829\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2004/dsa-526"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200406-12.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200406-15.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/75_e.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:074"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10474"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10523"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.webmin.com/changes-1.150.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16334"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-08-16 03:15
Modified
2024-11-21 04:28
Severity ?
Summary
An issue was discovered in Webmin <=1.920. The parameter old in password_change.cgi contains a command injection vulnerability.
References
{
"cisaActionDue": "2022-04-15",
"cisaExploitAdd": "2022-03-25",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Webmin Command Injection Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0662557D-EC4E-4850-BC78-AA3A5B67CAE8",
"versionEndIncluding": "1.920",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Webmin \u003c=1.920. The parameter old in password_change.cgi contains a command injection vulnerability."
},
{
"lang": "es",
"value": "Se ha detectado un problema en Webmin menor o igual a la versi\u00f3n 1.920. El par\u00e1metro old en password_change.cgi contiene una vulnerabilidad de inyecci\u00f3n de comandos."
}
],
"id": "CVE-2019-15107",
"lastModified": "2024-11-21T04:28:03.817",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-16T03:15:11.387",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/154141/Webmin-1.920-Remote-Command-Execution.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/154141/Webmin-Remote-Comman-Execution.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/154197/Webmin-1.920-password_change.cgi-Backdoor.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/154485/Webmin-1.920-Remote-Code-Execution.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://www.pentest.com.tr/exploits/DEFCON-Webmin-1920-Unauthenticated-Remote-Command-Execution.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.webmin.com/security.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://attackerkb.com/topics/hxx3zmiCkR/webmin-password-change-cgi-command-injection"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/47230"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/154141/Webmin-1.920-Remote-Command-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/154141/Webmin-Remote-Comman-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/154197/Webmin-1.920-password_change.cgi-Backdoor.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/154485/Webmin-1.920-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://www.pentest.com.tr/exploits/DEFCON-Webmin-1920-Unauthenticated-Remote-Command-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.webmin.com/security.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://attackerkb.com/topics/hxx3zmiCkR/webmin-password-change-cgi-command-injection"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/47230"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-09-04 23:15
Modified
2024-09-05 21:35
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Webmin before 2.202 and Virtualmin before 7.20.2 allow a network traffic loop via spoofed UDP packets on port 10000.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://cispa.de/en/loop-dos | Technical Description | |
| cve@mitre.org | https://webmin.com | Product | |
| cve@mitre.org | https://www.openwall.com/lists/oss-security/2024/09/04/1 | Mailing List |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| virtualmin | virtualmin | * | |
| webmin | webmin | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:virtualmin:virtualmin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A24DE54E-A013-48BE-BCEE-2BA5B787935F",
"versionEndExcluding": "7.20.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "514CA70F-98FB-4640-A7CD-EFB0EF9D9C7A",
"versionEndExcluding": "2.202",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Webmin before 2.202 and Virtualmin before 7.20.2 allow a network traffic loop via spoofed UDP packets on port 10000."
},
{
"lang": "es",
"value": "Webmin anterior a 2.202 y Virtualmin anterior a 7.20.2 permiten un bucle de tr\u00e1fico de red a trav\u00e9s de paquetes UDP falsificados en el puerto 10000."
}
],
"id": "CVE-2024-45692",
"lastModified": "2024-09-05T21:35:14.337",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-09-04T23:15:12.887",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Technical Description"
],
"url": "https://cispa.de/en/loop-dos"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://webmin.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "https://www.openwall.com/lists/oss-security/2024/09/04/1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-835"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-835"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-05-31 20:55
Modified
2024-11-21 01:27
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Webmin 1.540 and earlier allows local users to inject arbitrary web script or HTML via a chfn command that changes the real (aka Full Name) field, related to useradmin/index.cgi and useradmin/user-lib.pl.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "99196F59-548C-40FD-9EA7-6200901120E6",
"versionEndIncluding": "1.540",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.75:*:*:*:*:*:*:*",
"matchCriteriaId": "180192C4-DDF9-4278-A213-24A91137D4FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.76:*:*:*:*:*:*:*",
"matchCriteriaId": "F05CF0BA-0606-42E5-A631-D302FF1D59F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.77:*:*:*:*:*:*:*",
"matchCriteriaId": "6A79B7B3-708A-42E4-B4EF-7746F6292DB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.78:*:*:*:*:*:*:*",
"matchCriteriaId": "E2F06BC0-0418-4A1C-BD4A-B7429A6CEA39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.79:*:*:*:*:*:*:*",
"matchCriteriaId": "1817FDA9-31F4-4D4A-A867-386D2F1CDB1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.80:*:*:*:*:*:*:*",
"matchCriteriaId": "23522A64-FD03-4C5B-9A8A-5E7CDDC65CEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.81:*:*:*:*:*:*:*",
"matchCriteriaId": "192B0ED0-5967-4169-A644-1DAB8D4BF981",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.82:*:*:*:*:*:*:*",
"matchCriteriaId": "E2B5EE2D-9105-4BD5-B298-34DFB332A728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.83:*:*:*:*:*:*:*",
"matchCriteriaId": "DFD94AA9-CABA-4FC8-8367-D5D9D8B4F623",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.84:*:*:*:*:*:*:*",
"matchCriteriaId": "35B136CA-47BF-46DE-885A-9E74EBDE5306",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.85:*:*:*:*:*:*:*",
"matchCriteriaId": "E9A3F522-6E6D-446C-8694-7AE91F19F1C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.86:*:*:*:*:*:*:*",
"matchCriteriaId": "B9B426CD-5105-4EDE-8ED5-991C6B712DF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.87:*:*:*:*:*:*:*",
"matchCriteriaId": "FE21BBCF-6F4B-4EEA-B80B-2AE46B6FB2ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.88:*:*:*:*:*:*:*",
"matchCriteriaId": "DBB86BC7-4A99-4C5B-9460-CDDA7C4E4041",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.91:*:*:*:*:*:*:*",
"matchCriteriaId": "0B0813F3-1886-481E-8822-4BD199C4934F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.92:*:*:*:*:*:*:*",
"matchCriteriaId": "6D25A7CA-ED9D-4562-8965-D4906D1BE5FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.93:*:*:*:*:*:*:*",
"matchCriteriaId": "C1F2D028-F2F9-4CE0-A24B-7DB44D488D4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.94:*:*:*:*:*:*:*",
"matchCriteriaId": "82EE7A9B-5688-4933-95B9-476873D44A65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.950:*:*:*:*:*:*:*",
"matchCriteriaId": "08068E84-9EE5-4742-B70A-567CD4199604",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.960:*:*:*:*:*:*:*",
"matchCriteriaId": "5C6D5F6A-B34F-4134-959F-C31FC84EBCF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.970:*:*:*:*:*:*:*",
"matchCriteriaId": "DB4FEC51-DD03-418D-8E55-CEE696BE2D74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.980:*:*:*:*:*:*:*",
"matchCriteriaId": "4B9F8F43-F9EC-4BC0-BDF6-EC3EDF5A71F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.990:*:*:*:*:*:*:*",
"matchCriteriaId": "DB6865E9-F244-4019-AA4C-3DB1655A6AA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.000:*:*:*:*:*:*:*",
"matchCriteriaId": "17054066-DE7F-4BE7-A2DA-9426DE6B7D3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.010:*:*:*:*:*:*:*",
"matchCriteriaId": "8C04909C-17D9-46FF-BCCF-45F2531A1B6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.020:*:*:*:*:*:*:*",
"matchCriteriaId": "4B12A859-CFE1-46B7-B607-AF5BB6F5A081",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.030:*:*:*:*:*:*:*",
"matchCriteriaId": "860599C2-ED30-454A-8ABA-D62F6019D1E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.040:*:*:*:*:*:*:*",
"matchCriteriaId": "92F68614-84A3-4CB8-9481-9D3D089FF3E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.050:*:*:*:*:*:*:*",
"matchCriteriaId": "E1539E34-B384-4882-953E-896971C1E8AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.060:*:*:*:*:*:*:*",
"matchCriteriaId": "784B61DA-2890-4B4C-9D07-258A2C183132",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.070:*:*:*:*:*:*:*",
"matchCriteriaId": "8E91A2F5-2C56-4D5E-BBC7-F48BF458C264",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.080:*:*:*:*:*:*:*",
"matchCriteriaId": "6CE691D3-3A39-4B95-BD15-562D8A80BAE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.090:*:*:*:*:*:*:*",
"matchCriteriaId": "DE8E9AF8-6660-45F7-BF4A-B9C71CED7A68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.100:*:*:*:*:*:*:*",
"matchCriteriaId": "84063206-CEF4-4829-A74A-55C767923D5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.110:*:*:*:*:*:*:*",
"matchCriteriaId": "D885CB6A-06E9-416C-93D2-9C5A9931CF56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.121:*:*:*:*:*:*:*",
"matchCriteriaId": "97FE2F9D-C573-44BB-A542-8512FD27D130",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.130:*:*:*:*:*:*:*",
"matchCriteriaId": "8209350C-BD76-43E2-9E81-CECD03A214B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.140:*:*:*:*:*:*:*",
"matchCriteriaId": "86FB60E8-8A87-4838-8144-1FCFB8C382FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.150:*:*:*:*:*:*:*",
"matchCriteriaId": "A98A70E1-A1BD-45A6-A409-97B7FAA07E5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.160:*:*:*:*:*:*:*",
"matchCriteriaId": "09CB193D-3D6B-4680-8490-6FAA714C45A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.170:*:*:*:*:*:*:*",
"matchCriteriaId": "471E5FDB-0C34-4D3A-BACC-1EADE1ADCE83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.180:*:*:*:*:*:*:*",
"matchCriteriaId": "F97EC65B-0E6A-4F25-B7DC-1C1297173684",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.190:*:*:*:*:*:*:*",
"matchCriteriaId": "4390E10A-027E-423E-ABE3-86099074B4AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.200:*:*:*:*:*:*:*",
"matchCriteriaId": "B44FF660-7348-4F60-BE4D-1815C095C88A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.210:*:*:*:*:*:*:*",
"matchCriteriaId": "7350164E-520E-4BA0-8C51-19EE7D1E5FA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.220:*:*:*:*:*:*:*",
"matchCriteriaId": "7B2E5B42-C492-4F59-B250-C40095CF2582",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.230:*:*:*:*:*:*:*",
"matchCriteriaId": "D4155856-F5A3-4125-952E-82E93DDDE088",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.240:*:*:*:*:*:*:*",
"matchCriteriaId": "EB0BE82F-EC96-428E-871B-1332045EE9C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.250:*:*:*:*:*:*:*",
"matchCriteriaId": "B80E81F6-2A96-4014-8045-FC0C1B4CEB1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.260:*:*:*:*:*:*:*",
"matchCriteriaId": "D38FB71E-4663-48EC-8164-105AF85AEB51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.270:*:*:*:*:*:*:*",
"matchCriteriaId": "A95386F4-123A-407A-A735-F12FD9711BEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.280:*:*:*:*:*:*:*",
"matchCriteriaId": "030A8C8C-D60D-467D-80CE-B2B00572F05F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.290:*:*:*:*:*:*:*",
"matchCriteriaId": "1CE7F5BF-2B5D-44B4-8865-90E58771239C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.300:*:*:*:*:*:*:*",
"matchCriteriaId": "41462964-E5BA-4182-ABF4-54ECD5D97DAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.310:*:*:*:*:*:*:*",
"matchCriteriaId": "85AAE04F-4530-454A-AC2C-2581197EAD0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.320:*:*:*:*:*:*:*",
"matchCriteriaId": "2F2634CD-846C-4343-B50F-21AD7380212B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.330:*:*:*:*:*:*:*",
"matchCriteriaId": "60489FB9-5D98-4611-8FBE-7F6A901BBFA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.340:*:*:*:*:*:*:*",
"matchCriteriaId": "85A8F9EA-7A8D-4BA9-9732-DE93388800A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.350:*:*:*:*:*:*:*",
"matchCriteriaId": "4D4C622D-6ED7-4F11-A43B-FE00B088CEAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.360:*:*:*:*:*:*:*",
"matchCriteriaId": "080FCFDE-557E-4D35-8701-96AC28381ADF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.370:*:*:*:*:*:*:*",
"matchCriteriaId": "E948F223-D365-4D5B-9C2B-FB064F8DC00B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.380:*:*:*:*:*:*:*",
"matchCriteriaId": "DF07B559-9FEE-40FF-AA85-0018998F7E22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.390:*:*:*:*:*:*:*",
"matchCriteriaId": "2B767E9C-D321-4972-BF7A-B5E62956D6CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.400:*:*:*:*:*:*:*",
"matchCriteriaId": "F97A0281-1C70-4476-9441-400C83AB39E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.410:*:*:*:*:*:*:*",
"matchCriteriaId": "46563F83-035B-49AF-94B4-909CE53945D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.420:*:*:*:*:*:*:*",
"matchCriteriaId": "75736565-8B44-48C2-92AE-AF4B19A5C18D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.430:*:*:*:*:*:*:*",
"matchCriteriaId": "0A50E69D-EE5A-4DC7-A884-F6B10E677E4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.440:*:*:*:*:*:*:*",
"matchCriteriaId": "19FCDACE-0BB2-4891-94BE-5E8F1BB72386",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.441:*:*:*:*:*:*:*",
"matchCriteriaId": "4462604D-A3FE-4DA4-A401-59AA433686A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.450:*:*:*:*:*:*:*",
"matchCriteriaId": "6EE2A989-3136-4B0F-AA9C-4C002532FCB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.460:*:*:*:*:*:*:*",
"matchCriteriaId": "FF407748-7342-487E-86B9-038361C09B45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.470:*:*:*:*:*:*:*",
"matchCriteriaId": "C4F2FAD3-E922-4E17-95EC-E6D2F1BC9778",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.480:*:*:*:*:*:*:*",
"matchCriteriaId": "B0D66B84-678C-4568-8543-319A9C4D4116",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.490:*:*:*:*:*:*:*",
"matchCriteriaId": "0C548C2A-18F0-43F0-A98B-B730E33B0A87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.500:*:*:*:*:*:*:*",
"matchCriteriaId": "8CD4CB9A-2C24-4548-8204-D936927F8362",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.510:*:*:*:*:*:*:*",
"matchCriteriaId": "1582111F-8C80-41C9-84D5-8C2BAD1511C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.520:*:*:*:*:*:*:*",
"matchCriteriaId": "97A98749-3256-4027-8AF0-F9756AA96CA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.530:*:*:*:*:*:*:*",
"matchCriteriaId": "5A7B281C-00C6-405A-AC41-0C29E29AB412",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Webmin 1.540 and earlier allows local users to inject arbitrary web script or HTML via a chfn command that changes the real (aka Full Name) field, related to useradmin/index.cgi and useradmin/user-lib.pl."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Webmin 1.540 y versiones anteriores permite a usuarios remotos inyectar codigo de script web o c\u00f3digo HTML de su elecci\u00f3n a trav\u00e9s de un comando chfn que modifica el campo real (Full Name). Relacionado con useradmin/index.cgi y useradmin/user-lib.pl."
}
],
"id": "CVE-2011-1937",
"lastModified": "2024-11-21T01:27:20.797",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-05-31T20:55:05.173",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://javierb.com.ar/2011/04/24/xss-webmin-1-540/"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/05/22/1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://openwall.com/lists/oss-security/2011/05/24/7"
},
{
"source": "secalert@redhat.com",
"url": "http://securityreason.com/securityalert/8264"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://securitytracker.com/id?1025438"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:109"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/archive/1/517658"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/47558"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.youtube.com/watch?v=CUO7JLIGUf0"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://github.com/webmin/webmin/commit/46e3d3ad195dcdc1af1795c96b6e0dc778fb6881"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://javierb.com.ar/2011/04/24/xss-webmin-1-540/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/05/22/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://openwall.com/lists/oss-security/2011/05/24/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/8264"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://securitytracker.com/id?1025438"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:109"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/archive/1/517658"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/47558"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.youtube.com/watch?v=CUO7JLIGUf0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/webmin/webmin/commit/46e3d3ad195dcdc1af1795c96b6e0dc778fb6881"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-03-05 20:19
Modified
2024-11-21 00:27
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in chooser.cgi in Webmin before 1.330 and Usermin before 1.260 allow remote attackers to inject arbitrary web script or HTML via a crafted filename.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| usermin | usermin | 1.000 | |
| usermin | usermin | 1.010 | |
| usermin | usermin | 1.020 | |
| usermin | usermin | 1.030 | |
| usermin | usermin | 1.040 | |
| usermin | usermin | 1.051 | |
| usermin | usermin | 1.060 | |
| usermin | usermin | 1.070 | |
| usermin | usermin | 1.080 | |
| usermin | usermin | 1.090 | |
| usermin | usermin | 1.100 | |
| usermin | usermin | 1.110 | |
| usermin | usermin | 1.120 | |
| usermin | usermin | 1.130 | |
| usermin | usermin | 1.140 | |
| usermin | usermin | 1.150 | |
| usermin | usermin | 1.210 | |
| usermin | usermin | 1.220 | |
| usermin | usermin | 1.230 | |
| usermin | usermin | 1.240 | |
| usermin | usermin | 1.250 | |
| webmin | webmin | 1.0.00 | |
| webmin | webmin | 1.0.10 | |
| webmin | webmin | 1.0.20 | |
| webmin | webmin | 1.0.30 | |
| webmin | webmin | 1.0.40 | |
| webmin | webmin | 1.0.50 | |
| webmin | webmin | 1.0.51 | |
| webmin | webmin | 1.0.60 | |
| webmin | webmin | 1.0.70 | |
| webmin | webmin | 1.0.80 | |
| webmin | webmin | 1.0.90 | |
| webmin | webmin | 1.1.00 | |
| webmin | webmin | 1.1.10 | |
| webmin | webmin | 1.1.20 | |
| webmin | webmin | 1.1.21 | |
| webmin | webmin | 1.1.30 | |
| webmin | webmin | 1.1.40 | |
| webmin | webmin | 1.1.50 | |
| webmin | webmin | 1.2.20 | |
| webmin | webmin | 1.2.30 | |
| webmin | webmin | 1.2.40 | |
| webmin | webmin | 1.2.50 | |
| webmin | webmin | 1.3.20 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:usermin:usermin:1.000:*:*:*:*:*:*:*",
"matchCriteriaId": "C70274C3-7CA0-49A2-B63C-7DAF492CCD0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.010:*:*:*:*:*:*:*",
"matchCriteriaId": "A7C4A319-0EA6-47E0-831A-27530DCF714E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.020:*:*:*:*:*:*:*",
"matchCriteriaId": "D1009D90-9851-441B-A2E2-FA5B676E8182",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.030:*:*:*:*:*:*:*",
"matchCriteriaId": "934A3D3F-CF10-478C-9206-DB468BCA4702",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.040:*:*:*:*:*:*:*",
"matchCriteriaId": "77B42570-F094-4C25-B246-6439D3FF4B30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.051:*:*:*:*:*:*:*",
"matchCriteriaId": "69A30BB5-2C3F-4C39-8CDC-CC0CC280384C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.060:*:*:*:*:*:*:*",
"matchCriteriaId": "753BF8DE-D225-4301-A6A6-50CD60B34234",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.070:*:*:*:*:*:*:*",
"matchCriteriaId": "FC37A972-11D7-4C85-A8DC-5EDE808629F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.080:*:*:*:*:*:*:*",
"matchCriteriaId": "EA7131C0-4FE1-4D69-9B21-8A9BFADE2A2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.090:*:*:*:*:*:*:*",
"matchCriteriaId": "6499BF74-CA64-4192-A45F-0D8B30C1FF37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.100:*:*:*:*:*:*:*",
"matchCriteriaId": "C0E9BC53-C2EC-43B8-9B5D-40675CF4C335",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.110:*:*:*:*:*:*:*",
"matchCriteriaId": "4702AEBE-E774-4015-974C-761901D50697",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.120:*:*:*:*:*:*:*",
"matchCriteriaId": "9AC9875A-3D23-4E4B-9A18-F8F86A62E5DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.130:*:*:*:*:*:*:*",
"matchCriteriaId": "8AED1941-33C5-4C29-BC85-F43B0BE3920B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.140:*:*:*:*:*:*:*",
"matchCriteriaId": "D05ED34F-0D69-4A4F-B59B-15437E991075",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.150:*:*:*:*:*:*:*",
"matchCriteriaId": "B443FCF7-5949-4084-BA55-74F45A8ADB66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.210:*:*:*:*:*:*:*",
"matchCriteriaId": "D42C312D-82DE-48A5-9FDE-00D547A57416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.220:*:*:*:*:*:*:*",
"matchCriteriaId": "278FE0A3-D3F2-4C36-BD87-CE3E349B6D0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.230:*:*:*:*:*:*:*",
"matchCriteriaId": "5083E992-E844-4101-ADE2-123FAA1E35BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.240:*:*:*:*:*:*:*",
"matchCriteriaId": "0B322237-AA34-4D87-ADB4-7AF4EB01E71E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:usermin:usermin:1.250:*:*:*:*:*:*:*",
"matchCriteriaId": "4F399AAA-68FC-41AF-B701-219D1D5373CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.00:*:*:*:*:*:*:*",
"matchCriteriaId": "2B4A574A-5B2A-4769-B932-E1736564160A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C644D728-1DD4-48E0-9E42-35E836006F41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "D9425C1F-5E6A-489A-9A8B-9156E79FEAA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.30:*:*:*:*:*:*:*",
"matchCriteriaId": "8B8347DA-13F8-40E9-B9EA-2703C049AFA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.40:*:*:*:*:*:*:*",
"matchCriteriaId": "BD9C3443-526E-4D68-9C7E-F3432BECE6C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.50:*:*:*:*:*:*:*",
"matchCriteriaId": "C968FBE9-191A-40B1-9A69-BF24511E40B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.51:*:*:*:*:*:*:*",
"matchCriteriaId": "FC77E1B6-E368-4ECD-8459-69C718CE5409",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.60:*:*:*:*:*:*:*",
"matchCriteriaId": "D89047FD-39F0-4614-B1EC-D13BAF57405E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.70:*:*:*:*:*:*:*",
"matchCriteriaId": "6CDF2120-F341-4C2E-88C1-A6C76626BFF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.80:*:*:*:*:*:*:*",
"matchCriteriaId": "01DFC15C-3513-4E94-B46D-94FEA0D627FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.0.90:*:*:*:*:*:*:*",
"matchCriteriaId": "F4E068D3-F6B5-4102-B9FA-949E2FAA33D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.00:*:*:*:*:*:*:*",
"matchCriteriaId": "7E6BD551-EC6A-4C77-B9E7-B9CF3DC21021",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "01B0FE2D-02BC-4081-B172-64A74389C5F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "43433ECE-8225-43EE-9F5E-FBB170B60CFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "1615ACA2-32CC-48B7-AB5A-0BB0FDA7F190",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.30:*:*:*:*:*:*:*",
"matchCriteriaId": "F5ABAE43-0EEF-44D5-AB36-44DA54290122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.40:*:*:*:*:*:*:*",
"matchCriteriaId": "AD33CE40-DFC9-4BDC-BF4F-9E0B268B8503",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.1.50:*:*:*:*:*:*:*",
"matchCriteriaId": "8608F5A2-B6FA-43C6-9862-43DBAF01EB1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "E815171B-B054-450F-A9B3-2D522161DD02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "CD941A62-A41E-41CB-80C0-8B780AC39FB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "786287DD-2565-4931-BBA0-2CACD7671352",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.2.50:*:*:*:*:*:*:*",
"matchCriteriaId": "4784DC04-D2C5-46C6-831F-23D69B4B0513",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.3.20:*:*:*:*:*:*:*",
"matchCriteriaId": "4C02919F-4201-4D1E-8395-04C6A7193077",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in chooser.cgi in Webmin before 1.330 and Usermin before 1.260 allow remote attackers to inject arbitrary web script or HTML via a crafted filename."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de tipo cross-site scripting (XSS) en el archivo chooser.cgi en Webmin versiones anteriores a 1.330 y Usermin versiones anteriores a 1.260, permite a atacantes remotos inyectar script web o HTML arbitrario por medio de un nombre de archivo dise\u00f1ado."
}
],
"id": "CVE-2007-1276",
"lastModified": "2024-11-21T00:27:56.040",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-03-05T20:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/33832"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24321"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1017711"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/0780"
},
{
"source": "cve@mitre.org",
"url": "http://www.webmin.com/changes-1.330.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.webmin.com/security.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32725"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/33832"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24321"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1017711"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/0780"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.webmin.com/changes-1.330.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.webmin.com/security.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32725"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-27 04:15
Modified
2024-11-21 07:13
Severity ?
Summary
The Read Mail module in Webmin 1.995 and Usermin through 1.850 allows XSS via a crafted HTML e-mail message.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.webmin.com/security.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.webmin.com/security.html | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:usermin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "24AEB62A-F2B3-442F-8FE7-B649173A0236",
"versionEndIncluding": "1.850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:1.995:*:*:*:*:*:*:*",
"matchCriteriaId": "720EE395-A946-4F86-892D-EFB3D3A4A0AB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Read Mail module in Webmin 1.995 and Usermin through 1.850 allows XSS via a crafted HTML e-mail message."
},
{
"lang": "es",
"value": "El m\u00f3dulo Read Mail de Webmin 1.995 y Usermin hasta 1.850 permite un ataque de tipo XSS por medio de un mensaje de correo electr\u00f3nico HTML dise\u00f1ado"
}
],
"id": "CVE-2022-36880",
"lastModified": "2024-11-21T07:13:58.237",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-27T04:15:10.837",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.webmin.com/security.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.webmin.com/security.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-31 15:15
Modified
2024-11-21 08:13
Severity ?
Summary
An issue was discovered in Webmin 2.021. A Cross-Site Scripting (XSS) vulnerability was discovered in the HTTP Tunnel functionality when handling third-party domain URLs. By providing a crafted URL from a third-party domain, an attacker can inject malicious code. leading to the execution of arbitrary JavaScript code within the context of the victim's browser.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38308 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://webmin.com/tags/webmin-changelog/ | Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38308 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://webmin.com/tags/webmin-changelog/ | Release Notes |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:2.021:*:*:*:*:*:*:*",
"matchCriteriaId": "80238B58-DA47-4036-900B-61044249B404",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Webmin 2.021. A Cross-Site Scripting (XSS) vulnerability was discovered in the HTTP Tunnel functionality when handling third-party domain URLs. By providing a crafted URL from a third-party domain, an attacker can inject malicious code. leading to the execution of arbitrary JavaScript code within the context of the victim\u0027s browser."
}
],
"id": "CVE-2023-38308",
"lastModified": "2024-11-21T08:13:17.693",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-31T15:15:10.787",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38308"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://webmin.com/tags/webmin-changelog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38308"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://webmin.com/tags/webmin-changelog/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-10-12 16:15
Modified
2024-11-21 05:00
Severity ?
Summary
XSS exists in Webmin 1.941 and earlier affecting the Save function of the Read User Email Module / mailboxes Endpoint when attempting to save HTML emails. This module parses any output without sanitizing SCRIPT elements, as opposed to the View function, which sanitizes the input correctly. A malicious user can send any JavaScript payload into the message body and execute it if the user decides to save that email.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.webmin.com/security.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.webmin.com/security.html | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "10FD4323-6E4B-4F7A-AB7B-D4F1A7635685",
"versionEndIncluding": "1.941",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XSS exists in Webmin 1.941 and earlier affecting the Save function of the Read User Email Module / mailboxes Endpoint when attempting to save HTML emails. This module parses any output without sanitizing SCRIPT elements, as opposed to the View function, which sanitizes the input correctly. A malicious user can send any JavaScript payload into the message body and execute it if the user decides to save that email."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de tipo XSS en Webmin versiones 1.941 y anteriores, afectando a la funci\u00f3n Save del Endpoint Read User Email Module / mailboxes cuando se intenta guardar correos electr\u00f3nicos HTML.\u0026#xa0;Este m\u00f3dulo analiza cualquier salida sin sanear los elementos SCRIPT, a diferencia de la funci\u00f3n View, que sanea la entrada correctamente.\u0026#xa0;Un usuario malicioso puede enviar cualquier carga \u00fatil de JavaScript al cuerpo del mensaje y ejecutarlo si el usuario decide guardar ese correo electr\u00f3nico"
}
],
"id": "CVE-2020-12670",
"lastModified": "2024-11-21T05:00:02.340",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-12T16:15:12.437",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.webmin.com/security.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.webmin.com/security.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
1999-12-31 05:00
Modified
2024-11-20 23:30
Severity ?
Summary
Webmin before 0.5 does not restrict the number of invalid passwords that are entered for a valid username, which could allow remote attackers to gain privileges via brute force password cracking.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "30E3CF12-D0B7-4C7F-96C8-36A3FAFA8EDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C808C470-F0A1-4338-A988-3968EABE78E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C16685C0-94E9-4AE6-8221-1D32112808F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EDACA626-1687-4192-A2E8-C74823B715A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "84B5A02C-96AB-46FD-A958-86AC0DFD1F2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "BB1B8073-C512-4ACA-8E3F-92D46D63FBCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.31:*:*:*:*:*:*:*",
"matchCriteriaId": "B368FAD0-39A7-4115-9327-1D32BECF2F7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.41:*:*:*:*:*:*:*",
"matchCriteriaId": "2B3D7B7A-0426-4176-A759-E96024DC492D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.42:*:*:*:*:*:*:*",
"matchCriteriaId": "1E3EFDEE-A99B-4D0E-B6A7-E7C285A5DFBC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Webmin before 0.5 does not restrict the number of invalid passwords that are entered for a valid username, which could allow remote attackers to gain privileges via brute force password cracking."
}
],
"id": "CVE-1999-1074",
"lastModified": "2024-11-20T23:30:13.873",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "1999-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/9138"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/98"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.webmin.com/webmin/changes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/9138"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/98"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.webmin.com/webmin/changes.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2019-06-15 20:29
Modified
2024-11-21 04:23
Severity ?
Summary
In Webmin through 1.910, any user authorized to the "Package Updates" module can execute arbitrary commands with root privileges via the data parameter to update.cgi.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CBDB6D9F-DA56-4C11-83F8-179943001437",
"versionEndIncluding": "1.910",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Webmin through 1.910, any user authorized to the \"Package Updates\" module can execute arbitrary commands with root privileges via the data parameter to update.cgi."
},
{
"lang": "es",
"value": "En Webmin hasta la versi\u00f3n 1.910, cualquier usuario autorizado al m\u00f3dulo \u201cPackage Updates\u201d puede ejecutar un comando arbitrario con privilegios root a trav\u00e9s de el par\u00e1metro data para update.cgi."
}
],
"id": "CVE-2019-12840",
"lastModified": "2024-11-21T04:23:41.737",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-15T20:29:00.287",
"references": [
{
"source": "cve@mitre.org",
"url": "http://packetstormsecurity.com/files/153372/Webmin-1.910-Remote-Command-Execution.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/108790"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://pentest.com.tr/exploits/Webmin-1910-Package-Updates-Remote-Command-Execution.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/46984"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/153372/Webmin-1.910-Remote-Command-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/108790"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://pentest.com.tr/exploits/Webmin-1910-Package-Updates-Remote-Command-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/46984"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-12-17 05:00
Modified
2024-11-20 23:37
Severity ?
Summary
Directory traversal vulnerability in edit_action.cgi of Webmin Directory 0.91 allows attackers to gain privileges via a '..' (dot dot) in the argument.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:0.91:*:*:*:*:*:*:*",
"matchCriteriaId": "0B0813F3-1886-481E-8822-4BD199C4934F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in edit_action.cgi of Webmin Directory 0.91 allows attackers to gain privileges via a \u0027..\u0027 (dot dot) in the argument."
},
{
"lang": "es",
"value": "Una vulnerabilidad de atravesamiento de directorios en edit_action.cgi de Webmin Directory 0.91 permite a atacantes remotos, la obtenci\u00f3n de privilegios mediante el uso de \u0027..\u0027 (punto punto) en el argumento."
}
],
"id": "CVE-2001-1196",
"lastModified": "2024-11-20T23:37:07.280",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-12-17T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=webmin-l\u0026m=100865390306103\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/7711.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/245980"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/3698"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=webmin-l\u0026m=100865390306103\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/7711.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/245980"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/3698"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-12-31 05:00
Modified
2024-11-20 23:41
Severity ?
Summary
Webmin 0.92, when installed from an RPM, creates /var/webmin with insecure permissions (world readable), which could allow local users to read the root user's cookie-based authentication credentials and possibly hijack the root user's session using the credentials.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:0.92:*:*:*:*:*:*:*",
"matchCriteriaId": "6D25A7CA-ED9D-4562-8965-D4906D1BE5FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.92.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5C38C77-246F-41A9-A3D5-99C2DDA1DAE1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Webmin 0.92, when installed from an RPM, creates /var/webmin with insecure permissions (world readable), which could allow local users to read the root user\u0027s cookie-based authentication credentials and possibly hijack the root user\u0027s session using the credentials."
}
],
"id": "CVE-2002-1672",
"lastModified": "2024-11-20T23:41:51.233",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://online.securityfocus.com/archive/1/263181"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/4328"
},
{
"source": "cve@mitre.org",
"url": "http://www.webmin.com/changes.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8595"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://online.securityfocus.com/archive/1/263181"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/4328"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.webmin.com/changes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8595"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-11 06:15
Modified
2024-11-21 06:06
Severity ?
Summary
A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via the Upload and Download feature.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Mesh3l911/CVE-2021-32158 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Mesh3l911/CVE-2021-32158 | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:1.973:*:*:*:*:*:*:*",
"matchCriteriaId": "36AF9E26-A663-4BCE-AD76-CABD6DA36B66",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via the Upload and Download feature."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de tipo Cross-Site Scripting (XSS) en Webmin 1.973 por medio de la funcionalidad Upload and Download"
}
],
"id": "CVE-2021-32158",
"lastModified": "2024-11-21T06:06:53.000",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-11T06:15:08.340",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Mesh3l911/CVE-2021-32158"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Mesh3l911/CVE-2021-32158"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-10-12 16:15
Modified
2024-11-21 05:39
Severity ?
Summary
An Improper Data Validation Vulnerability exists in Webmin 1.941 and earlier affecting the Command Shell Endpoint. A user may enter HTML code into the Command field and submit it. Then, after visiting the Action Logs Menu and displaying logs, the HTML code will be rendered (however, JavaScript is not executed). Changes are kept across users.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://www.webmin.com/security.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.webmin.com/security.html | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "10FD4323-6E4B-4F7A-AB7B-D4F1A7635685",
"versionEndIncluding": "1.941",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Improper Data Validation Vulnerability exists in Webmin 1.941 and earlier affecting the Command Shell Endpoint. A user may enter HTML code into the Command field and submit it. Then, after visiting the Action Logs Menu and displaying logs, the HTML code will be rendered (however, JavaScript is not executed). Changes are kept across users."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de Comprobaci\u00f3n de Datos Inapropiada en Webmin versiones 1.941 y anteriores, afectando al Endpoint Command Shell.\u0026#xa0;Un usuario puede ingresar c\u00f3digo HTML en el campo Command y enviarlo.\u0026#xa0;Luego, despu\u00e9s de visitar el Men\u00fa Action Logs y mostrar los registros, el c\u00f3digo HTML ser\u00e1 renderizado (sin embargo, JavaScript no es ejecutado).\u0026#xa0;Los cambios se guardan entre los usuarios"
}
],
"id": "CVE-2020-8821",
"lastModified": "2024-11-21T05:39:30.393",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-10-12T16:15:12.590",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.webmin.com/security.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.webmin.com/security.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-05-28 04:00
Modified
2024-11-20 23:36
Severity ?
Summary
Webmin 0.84 and earlier does not properly clear the HTTP_AUTHORIZATION environment variable when the web server is restarted, which makes authentication information available to all CGI programs and allows local users to gain privileges.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A9641C23-B30A-4CB2-A348-BD708F68F90A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "0852A462-22ED-422D-A454-0A6E026D9AD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "97FEF73D-767D-4BF2-AA12-67268719A404",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.80:*:*:*:*:*:*:*",
"matchCriteriaId": "23522A64-FD03-4C5B-9A8A-5E7CDDC65CEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.83:*:*:*:*:*:*:*",
"matchCriteriaId": "DFD94AA9-CABA-4FC8-8367-D5D9D8B4F623",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:webmin:webmin:0.84:*:*:*:*:*:*:*",
"matchCriteriaId": "35B136CA-47BF-46DE-885A-9E74EBDE5306",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Webmin 0.84 and earlier does not properly clear the HTTP_AUTHORIZATION environment variable when the web server is restarted, which makes authentication information available to all CGI programs and allows local users to gain privileges."
}
],
"id": "CVE-2001-1074",
"lastModified": "2024-11-20T23:36:48.727",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-05-28T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-05/0262.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2001-019.1.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-059.php3"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/2795"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6627"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-05/0262.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2001-019.1.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-059.php3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/2795"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6627"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-31 15:15
Modified
2024-11-21 08:13
Severity ?
Summary
An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the Users and Groups functionality. The vulnerability occurs when an authenticated user adds a new user and inserts an XSS payload into the user's real name.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38307 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://webmin.com/tags/webmin-changelog/ | Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38307 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://webmin.com/tags/webmin-changelog/ | Release Notes |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:2.021:*:*:*:*:*:*:*",
"matchCriteriaId": "80238B58-DA47-4036-900B-61044249B404",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the Users and Groups functionality. The vulnerability occurs when an authenticated user adds a new user and inserts an XSS payload into the user\u0027s real name."
}
],
"id": "CVE-2023-38307",
"lastModified": "2024-11-21T08:13:17.540",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-31T15:15:10.723",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38307"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://webmin.com/tags/webmin-changelog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38307"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://webmin.com/tags/webmin-changelog/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-07-31 15:15
Modified
2024-11-21 08:13
Severity ?
Summary
An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the System Logs Viewer functionality. The vulnerability allows an attacker to store a malicious payload in the configuration field, triggering the execution of the payload when saving the configuration or when accessing the System Logs Viewer page.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38311 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://webmin.com/tags/webmin-changelog/ | Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38311 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://webmin.com/tags/webmin-changelog/ | Release Notes |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:2.021:*:*:*:*:*:*:*",
"matchCriteriaId": "80238B58-DA47-4036-900B-61044249B404",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the System Logs Viewer functionality. The vulnerability allows an attacker to store a malicious payload in the configuration field, triggering the execution of the payload when saving the configuration or when accessing the System Logs Viewer page."
}
],
"id": "CVE-2023-38311",
"lastModified": "2024-11-21T08:13:18.150",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-07-31T15:15:10.963",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38311"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://webmin.com/tags/webmin-changelog/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/jaysharma786/Webmin-2.021/blob/main/CVE-2023-38311"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://webmin.com/tags/webmin-changelog/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-12-30 17:29
Modified
2024-11-21 03:17
Severity ?
Summary
custom/run.cgi in Webmin before 1.870 allows remote authenticated administrators to conduct XSS attacks via the description field in the custom command functionality.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/102339 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://github.com/webmin/webmin/commit/a9c97eea6c268fb83d93a817d58bac75e0d2599e | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/102339 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/webmin/webmin/commit/a9c97eea6c268fb83d93a817d58bac75e0d2599e | Issue Tracking, Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EC6BA8D6-7E87-4C91-97C3-094D30EF55F7",
"versionEndIncluding": "1.860",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "custom/run.cgi in Webmin before 1.870 allows remote authenticated administrators to conduct XSS attacks via the description field in the custom command functionality."
},
{
"lang": "es",
"value": "custom/run.cgi en Webmin en versiones anteriores a la 1.870 permite que los administradores autenticados remotos realicen ataques de Cross-Site Scripting (XSS) mediante el campo description en la funcionalidad de comando personalizado."
}
],
"id": "CVE-2017-17089",
"lastModified": "2024-11-21T03:17:27.693",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-12-30T17:29:00.263",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102339"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/webmin/webmin/commit/a9c97eea6c268fb83d93a817d58bac75e0d2599e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/102339"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/webmin/webmin/commit/a9c97eea6c268fb83d93a817d58bac75e0d2599e"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-04-11 06:15
Modified
2024-11-21 06:06
Severity ?
Summary
A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 through the Add Users feature.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Mesh3l911/CVE-2021-32160 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Mesh3l911/CVE-2021-32160 | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:1.973:*:*:*:*:*:*:*",
"matchCriteriaId": "36AF9E26-A663-4BCE-AD76-CABD6DA36B66",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 through the Add Users feature."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de tipo Cross-Site Scripting (XSS) en Webmin versi\u00f3n 1.973, mediante la funcionalidad Add Users"
}
],
"id": "CVE-2021-32160",
"lastModified": "2024-11-21T06:06:53.277",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-04-11T06:15:08.443",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Mesh3l911/CVE-2021-32160"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/Mesh3l911/CVE-2021-32160"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-04-25 19:15
Modified
2024-11-21 06:06
Severity ?
Summary
Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to achieve Remote Command Execution (RCE) through Webmin's running process feature.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Mesh3l911/CVE-2021-31760 | Third Party Advisory | |
| cve@mitre.org | https://github.com/electronicbots/CVE-2021-31760 | Third Party Advisory | |
| cve@mitre.org | https://github.com/webmin/webmin | Third Party Advisory | |
| cve@mitre.org | https://youtu.be/D45FN8QrzDo | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Mesh3l911/CVE-2021-31760 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/electronicbots/CVE-2021-31760 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/webmin/webmin | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://youtu.be/D45FN8QrzDo | Exploit, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webmin:webmin:1.973:*:*:*:*:*:*:*",
"matchCriteriaId": "36AF9E26-A663-4BCE-AD76-CABD6DA36B66",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to achieve Remote Command Execution (RCE) through Webmin\u0027s running process feature."
},
{
"lang": "es",
"value": "Webmin versi\u00f3n 1.973, esta afectado por una vulnerabilidad de tipo Cross Site Request Forgery (CSRF) para lograr una Ejecuci\u00f3n de Comandos Remota (RCE) por medio de la funcionalidad Webmin\u0027s running process"
}
],
"id": "CVE-2021-31760",
"lastModified": "2024-11-21T06:06:11.507",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-25T19:15:08.173",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/Mesh3l911/CVE-2021-31760"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/electronicbots/CVE-2021-31760"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/webmin/webmin"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://youtu.be/D45FN8QrzDo"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/Mesh3l911/CVE-2021-31760"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/electronicbots/CVE-2021-31760"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/webmin/webmin"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://youtu.be/D45FN8QrzDo"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
var-200412-0165
Vulnerability from variot
The web mail functionality in Usermin 1.x and Webmin 1.x allows remote attackers to execute arbitrary commands via shell metacharacters in an e-mail message. Usermin Is Web The module that sends and receives emails via the interface is incomplete and received HTML Another in the email Usermin A vulnerability exists that does not properly remove links to modules.An arbitrary command may be executed with the authority of the user who received and viewed the email. Webmin / Usermin are reportedly affected by a command execution vulnerability when rendering HTML email messages. This issue is reported to affect Usermin versions 1.080 and prior. Under certain versions of the Cisco Catalyst a user who already has access to the device can elevate their current access to 'enable' mode without a password. Once 'enable' mode is obtained the user can access the configuration mode and commit unauthorized configuration changes on a Catalyst switch. This can be done either from the console itself or via a remote Telnet session
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200412-0165",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "usermin",
"scope": "eq",
"trust": 1.9,
"vendor": "usermin",
"version": "1.080"
},
{
"model": "usermin",
"scope": "eq",
"trust": 1.9,
"vendor": "usermin",
"version": "1.070"
},
{
"model": "usermin",
"scope": "eq",
"trust": 1.9,
"vendor": "usermin",
"version": "1.060"
},
{
"model": "usermin",
"scope": "eq",
"trust": 1.9,
"vendor": "usermin",
"version": "1.051"
},
{
"model": "usermin",
"scope": "eq",
"trust": 1.9,
"vendor": "usermin",
"version": "1.040"
},
{
"model": "usermin",
"scope": "eq",
"trust": 1.9,
"vendor": "usermin",
"version": "1.030"
},
{
"model": "usermin",
"scope": "eq",
"trust": 1.9,
"vendor": "usermin",
"version": "1.020"
},
{
"model": "usermin",
"scope": "eq",
"trust": 1.9,
"vendor": "usermin",
"version": "1.010"
},
{
"model": "usermin",
"scope": "eq",
"trust": 1.9,
"vendor": "usermin",
"version": "1.000"
},
{
"model": "webmin",
"scope": "eq",
"trust": 1.0,
"vendor": "webmin",
"version": "1.0.50"
},
{
"model": "webmin",
"scope": "eq",
"trust": 1.0,
"vendor": "webmin",
"version": "1.0.70"
},
{
"model": "webmin",
"scope": "eq",
"trust": 1.0,
"vendor": "webmin",
"version": "1.1.10"
},
{
"model": "webmin",
"scope": "eq",
"trust": 1.0,
"vendor": "webmin",
"version": "1.1.30"
},
{
"model": "webmin",
"scope": "eq",
"trust": 1.0,
"vendor": "webmin",
"version": "1.0.00"
},
{
"model": "webmin",
"scope": "eq",
"trust": 1.0,
"vendor": "webmin",
"version": "1.0.80"
},
{
"model": "webmin",
"scope": "eq",
"trust": 1.0,
"vendor": "webmin",
"version": "1.1.50"
},
{
"model": "webmin",
"scope": "eq",
"trust": 1.0,
"vendor": "webmin",
"version": "1.1.00"
},
{
"model": "webmin",
"scope": "eq",
"trust": 1.0,
"vendor": "webmin",
"version": "1.0.90"
},
{
"model": "webmin",
"scope": "eq",
"trust": 1.0,
"vendor": "webmin",
"version": "1.0.60"
},
{
"model": "webmin",
"scope": "eq",
"trust": 1.0,
"vendor": "webmin",
"version": "1.1.21"
},
{
"model": "webmin",
"scope": "eq",
"trust": 1.0,
"vendor": "webmin",
"version": "1.0.20"
},
{
"model": "webmin",
"scope": "eq",
"trust": 1.0,
"vendor": "webmin",
"version": "1.1.40"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "2.0"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "2.1"
},
{
"model": "asianux server",
"scope": "eq",
"trust": 0.8,
"vendor": "cybertrust",
"version": "3.0"
},
{
"model": "webmin",
"scope": "eq",
"trust": 0.3,
"vendor": "webmin",
"version": "1.150"
},
{
"model": "webmin",
"scope": "eq",
"trust": 0.3,
"vendor": "webmin",
"version": "1.140"
},
{
"model": "webmin",
"scope": "eq",
"trust": 0.3,
"vendor": "webmin",
"version": "1.130"
},
{
"model": "webmin",
"scope": "eq",
"trust": 0.3,
"vendor": "webmin",
"version": "1.121"
},
{
"model": "webmin",
"scope": "eq",
"trust": 0.3,
"vendor": "webmin",
"version": "1.110"
},
{
"model": "webmin",
"scope": "eq",
"trust": 0.3,
"vendor": "webmin",
"version": "1.100"
},
{
"model": "webmin",
"scope": "eq",
"trust": 0.3,
"vendor": "webmin",
"version": "1.090"
},
{
"model": "webmin",
"scope": "eq",
"trust": 0.3,
"vendor": "webmin",
"version": "1.080"
},
{
"model": "webmin",
"scope": "eq",
"trust": 0.3,
"vendor": "webmin",
"version": "1.070"
},
{
"model": "webmin",
"scope": "eq",
"trust": 0.3,
"vendor": "webmin",
"version": "1.060"
},
{
"model": "webmin",
"scope": "eq",
"trust": 0.3,
"vendor": "webmin",
"version": "1.050"
},
{
"model": "webmin",
"scope": "eq",
"trust": 0.3,
"vendor": "webmin",
"version": "1.020"
},
{
"model": "webmin",
"scope": "eq",
"trust": 0.3,
"vendor": "webmin",
"version": "1.000"
},
{
"model": "webmin",
"scope": "ne",
"trust": 0.3,
"vendor": "webmin",
"version": "1.160"
},
{
"model": "usermin",
"scope": "ne",
"trust": 0.3,
"vendor": "usermin",
"version": "1.090"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "65005.4.1"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "60005.4.1"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "55005.4.1"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "50005.4.1"
},
{
"model": "catalyst",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "40005.4.1"
}
],
"sources": [
{
"db": "BID",
"id": "11122"
},
{
"db": "BID",
"id": "1122"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000116"
},
{
"db": "NVD",
"id": "CVE-2004-1468"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-1201"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:usermin:usermin:1.000:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:usermin:usermin:1.080:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:webmin:webmin:1.0.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:webmin:webmin:1.1.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:webmin:webmin:1.1.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:usermin:usermin:1.030:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:usermin:usermin:1.040:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:webmin:webmin:1.0.60:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:webmin:webmin:1.0.70:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:webmin:webmin:1.1.40:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:webmin:webmin:1.1.50:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:usermin:usermin:1.010:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:usermin:usermin:1.020:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:webmin:webmin:1.0.20:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:webmin:webmin:1.0.50:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:webmin:webmin:1.1.21:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:webmin:webmin:1.1.30:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:usermin:usermin:1.051:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:usermin:usermin:1.060:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:usermin:usermin:1.070:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:webmin:webmin:1.0.80:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:webmin:webmin:1.0.90:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-1468"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "This vulnerability was announced by Cisco in a security advisory posted to the Bugtraq mailing list on April 19, 2000.\n\n The Cisco BugID for this issue is:\n\nCSCdr10025",
"sources": [
{
"db": "BID",
"id": "1122"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-1201"
}
],
"trust": 0.9
},
"cve": "CVE-2004-1468",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2004-1468",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2004-1468",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200412-1201",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2004-1468",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2004-1468"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000116"
},
{
"db": "NVD",
"id": "CVE-2004-1468"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-1201"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The web mail functionality in Usermin 1.x and Webmin 1.x allows remote attackers to execute arbitrary commands via shell metacharacters in an e-mail message. Usermin Is Web The module that sends and receives emails via the interface is incomplete and received HTML Another in the email Usermin A vulnerability exists that does not properly remove links to modules.An arbitrary command may be executed with the authority of the user who received and viewed the email. Webmin / Usermin are reportedly affected by a command execution vulnerability when rendering HTML email messages. \nThis issue is reported to affect Usermin versions 1.080 and prior. Under certain versions of the Cisco Catalyst a user who already has access to the device can elevate their current access to \u0027enable\u0027 mode without a password. Once \u0027enable\u0027 mode is obtained the user can access the configuration mode and commit unauthorized configuration changes on a Catalyst switch. \nThis can be done either from the console itself or via a remote Telnet session",
"sources": [
{
"db": "NVD",
"id": "CVE-2004-1468"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000116"
},
{
"db": "BID",
"id": "11122"
},
{
"db": "BID",
"id": "1122"
},
{
"db": "VULMON",
"id": "CVE-2004-1468"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "11122",
"trust": 2.8
},
{
"db": "NVD",
"id": "CVE-2004-1468",
"trust": 2.5
},
{
"db": "SECUNIA",
"id": "12488",
"trust": 1.7
},
{
"db": "BID",
"id": "1122",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000116",
"trust": 0.8
},
{
"db": "GENTOO",
"id": "GLSA-200409-15",
"trust": 0.6
},
{
"db": "XF",
"id": "17293",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200412-1201",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2004-1468",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2004-1468"
},
{
"db": "BID",
"id": "11122"
},
{
"db": "BID",
"id": "1122"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000116"
},
{
"db": "NVD",
"id": "CVE-2004-1468"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-1201"
}
]
},
"id": "VAR-200412-0165",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.3056849
},
"last_update_date": "2023-12-18T12:13:45.454000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "usermin (V2.x/V3.0)",
"trust": 0.8,
"url": "http://www.miraclelinux.com/update/linux/list.php?errata_id=19"
},
{
"title": "usermin (V2.x)",
"trust": 0.8,
"url": "http://www.miraclelinux.com/support/update/list.php?errata_id=990"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2004-000116"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-1468"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/11122"
},
{
"trust": 1.7,
"url": "http://www.lac.co.jp/security/csl/intelligence/snsadvisory_e/77_e.html"
},
{
"trust": 1.7,
"url": "http://www.gentoo.org/security/en/glsa/glsa-200409-15.xml"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/12488/"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17293"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2004-1468"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2004-1468"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/17293"
},
{
"trust": 0.3,
"url": "http://www.webmin.com/index6.html"
},
{
"trust": 0.3,
"url": "/archive/1/374439"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/warp/public/707/sec_incident_response.shtml"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=8115"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2004-1468"
},
{
"db": "BID",
"id": "11122"
},
{
"db": "BID",
"id": "1122"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000116"
},
{
"db": "NVD",
"id": "CVE-2004-1468"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-1201"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2004-1468"
},
{
"db": "BID",
"id": "11122"
},
{
"db": "BID",
"id": "1122"
},
{
"db": "JVNDB",
"id": "JVNDB-2004-000116"
},
{
"db": "NVD",
"id": "CVE-2004-1468"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-1201"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-12-31T00:00:00",
"db": "VULMON",
"id": "CVE-2004-1468"
},
{
"date": "2004-09-07T00:00:00",
"db": "BID",
"id": "11122"
},
{
"date": "2000-04-20T00:00:00",
"db": "BID",
"id": "1122"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2004-000116"
},
{
"date": "2004-12-31T05:00:00",
"db": "NVD",
"id": "CVE-2004-1468"
},
{
"date": "2004-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200412-1201"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-11T00:00:00",
"db": "VULMON",
"id": "CVE-2004-1468"
},
{
"date": "2004-09-07T00:00:00",
"db": "BID",
"id": "11122"
},
{
"date": "2000-04-20T00:00:00",
"db": "BID",
"id": "1122"
},
{
"date": "2007-05-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2004-000116"
},
{
"date": "2017-07-11T01:31:03.577000",
"db": "NVD",
"id": "CVE-2004-1468"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200412-1201"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "11122"
},
{
"db": "BID",
"id": "1122"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Catalyst Enable Password Bypass Vulnerability",
"sources": [
{
"db": "BID",
"id": "1122"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-1201"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access verification error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200412-1201"
}
],
"trust": 0.6
}
}