EUVD-2017-7096

Malware in sbrugna...

Usermin 操作系统命令注入漏洞

Webmin Usermin is a web-based interface from Webmin Inc. It is used for webmail, password change, mail filters, fetchmail, and more. A security vulnerability exists in Usermin version 1.850 and earlier versions. An attacker can exploit this vulnerability to perform OS command injection attacks...

Webmin 1.850 Multiple Vulnerabilities

According to its self-reported version, the Webmin install hosted on the remote host is version 1.850. It is, therefore, affected by multiple vulnerabilities. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid108560; scriptversion"1.5";...

Webmin Cross-Site Request Forgery Vulnerability (CNVD-2017-32345)

Webmin is a web-based system administration tool for Unix-like operating systems developed by Australian software developer Jamie Cameron and the Webmin community. A server-side request forgery vulnerability exists in Webmin 1.850, which arises from the program's failure to adequately filter user...

Webmin Cross-Site Request Forgery Vulnerability

Webmin is a web-based system administration tool for Unix-like operating systems developed by Australian software developer Jamie Cameron and the Webmin community. A cross-site request forgery vulnerability exists in Webmin version 1.850. A remote attacker can exploit this vulnerability by sendin...

CVE-2017-15645

CSRF exists in Webmin 1.850. By sending a GET request to at/createjob.cgi containing dir=/&cmd= in the URI, an attacker to execute arbitrary commands...

CVE-2017-15645

CSRF exists in Webmin 1.850. By sending a GET request to at/createjob.cgi containing dir=/&cmd= in the URI, an attacker to execute arbitrary commands...

CVE-2017-15644

SSRF exists in Webmin 1.850 via the PATHINFO to tunnel/link.cgi, as demonstrated by a GET request for tunnel/link.cgi/http://INTRANET-IP:8000...

CVE-2017-15645

CVE-2017-15645 : Webmin 1.850 is vulnerable to CSRF via a crafted GET request to at/create_job.cgi containing dir=/&cmd= in the URI, enabling an attacker to execute arbitrary commands. Multiple connected sources corroborate the vulnerability, including Red Hat and CVE registries; the attack vecto...

CVE-2017-15644

Webmin 1.850 is affected by a Server-Side Request Forgery (SSRF) vulnerability exposed via PATH_INFO to tunnel/link.cgi, demonstrated by a GET request for tunnel/link.cgi/http://INTRANET-IP:8000. This yields potential credentialed/internal access exposure as described across multiple sources. Rem...

Webmin Multiple XSS Vulnerabilities (Jul 2017) - Linux

Webmin is prone to multiple cross site scripting vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:webmin:webmin";...

Webmin 1.840 Cross Site Scripting Vulnerability

Exploit for cgi platform in category web applications Vulnerability type: Reflected Cross Site Scripting ------------------------ Product: Webmin ------------------------ Affected version: Webmin 1.840 and possibly earlier ------------------------ Patched version: Webmin 1.850...