CVE-2022-36446

software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command...

CVE-2024-36446

creationtimestamp| type| source ---|---|--- 2024-08-13 20:27:55+00:00| seen| https://t.me/cvedetector/3038...

CVE-2024-36446

The vulnerability CVE-2024-36446 affects Mitel MiVoice MX-ONE (all versions through 7.6 SP1) in the Provisioning Manager component. The issue stems from improper access control, enabling an authenticated attacker to bypass the authorization schema and potentially access protected operations or da...

Webmin Package Updates RCE

This module exploits an arbitrary command injection in Webmin versions prior to 1.997. Webmin uses the OS package manager apt, yum, etc. to perform package updates and installation. Due to a lack of input sanitization, it is possibe to inject arbitrary command that will be concatenated to the...

Metasploit Weekly Wrap-Up

Putting in the work! This week we’re extra grateful for the fantastic contributions our community makes to Metasploit. The Metasploit team landed more than 5 PRs each from Ron Bowes and bcoles, adding some great new capabilities. Ron Bowes contributed four new modules targeting UnRAR, Zimbra, and...

Exploit for Improper Encoding or Escaping of Output in Webmin

A Python script to exploit CVE-202...

Webmin 1.996 Remote Code Execution

Exploit Title: Webmin 1.996 - Remote Code Execution RCE Authenticated Date: 2022-07-25 Exploit Author: Emir Polat Technical analysis: https://medium.com/@emirpolat/cve-2022-36446-webmin-1-997-7a9225af3165 Vendor Homepage: https://www.webmin.com/ Software Link: https://www.webmin.com/download.html...

Webmin 1.996 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: Webmin 1.996 - Remote Code Execution RCE Authenticated Date: 2022-07-25 Exploit Author: Emir Polat Technical analysis: https://medium.com/@emirpolat/cve-2022-36446-webmin-1-997-7a9225af3165 Vendor Homepage: https://www.webmin.com/ Software Link: https://www.webmin.com/download.html...

Webmin 1.996 - Remote Code Execution (Authenticated) Exploit

Exploit Title: Webmin 1.996 - Remote Code Execution RCE Authenticated Exploit Author: Emir Polat Technical analysis: https://medium.com/@emirpolat/cve-2022-36446-webmin-1-997-7a9225af3165 Vendor Homepage: https://www.webmin.com/ Software Link: https://www.webmin.com/download.html Version: 1.997...

CVE-2022-36446

creationtimestamp| type| source ---|---|--- 2022-07-25 12:32:52+00:00| seen| https://t.me/cibsecurity/46883 2022-08-09 20:35:21+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/webminpackageupdatesrce.rb 2022-08-11 16:14:53+00:00|...

CVE-2022-36446

software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command...

CVE-2022-36446

software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command...

CVE-2022-36446

software/apt-lib.pl in Webmin before 1.997 lacks HTML escaping for a UI command...

CVE-2022-36446

CVE-2022-36446 : Webmin versions before 1.997 are vulnerable to an authenticated remote code execution via software/apt-lib.pl which fails to HTML-escape a UI command, enabling an OS command injection when updating packages. Exploitation requires access to the Software Package Updates module and ...

term-handler (=0.1.0) potentially affected by CVE-2020-36446 via signal-simple (=0.1.1)

signal-simple CARGO version =0.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on signal-simple and may be impacted: - term-handler =0.1.0 Source cves: CVE-2020-36446 Source advisory: OSV:GHSA-8892-84WF-CG8F...

CVE-2020-36446

creationtimestamp| type| source ---|---|--- 2021-08-08 12:35:35+00:00| seen| https://t.me/cibsecurity/26975...

CVE-2020-36446

An issue was discovered in the signal-simple crate through 2020-11-15 for Rust. There are unconditional implementations of Send and Sync for SyncChannel...

CVE-2020-36446

CVE-2020-36446 affects the signal-simple crate for Rust. The root cause is that SyncChannel is implemented as Send and Sync unconditionally, which allows moving or sharing owned T across threads. This can enable unsafe behavior when T is not Send, potentially causing data races and memory corrupt...

Webmin Command Injection (CVE-2020-35606; CVE-2022-36446)

A command injection vulnerability exists in Webmin. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

term-handler (=0.1.0) potentially affected by CVE-2020-36446 via signal-simple (=0.1.1)

signal-simple CARGO version =0.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on signal-simple and may be impacted: - term-handler =0.1.0 Source cves: CVE-2020-36446 Source advisory: OSV:RUSTSEC-2020-0126...