Lucene search
K

380 matches found

Cvelist
Cvelist
added 2004/06/23 4:0 a.m.24 views

CVE-2004-0583

The account lockout functionality in 1 Webmin 1.140 and 2 Usermin 1.070 does not parse certain character strings, which allows remote attackers to conduct a brute force attack to guess user IDs and passwords...

6.2AI score0.02081EPSS
Exploits0References10
CVE
CVE
added 2004/06/23 4:0 a.m.67 views

CVE-2004-0583

The CVE-2004-0583 entry concerns Webmin 1.140 and Usermin 1.070 where the account lockout function fails to parse certain character strings, enabling remote brute-force attempts to guess user IDs and passwords. Root cause: input parsing flaw in the account lockout logic. Impact is limited to unau...

5CVSS6.2AI score0.02081EPSS
Exploits0References10Affected Software2
securityvulns
securityvulns
added 2004/06/21 12:0 a.m.20 views

[SNS Advisory No.73] Usermin Cross-site Scripting Vulnerability

---------------------------------------------------------------------- SNS Advisory No.73 Usermin Cross-site Scripting Vulnerability Problem first discovered on: Sun, 11 Apr 2004 Published on: Fri, 11 Jun 2004 ---------------------------------------------------------------------- Overview:...

0.1AI score
Exploits0
Gentoo Linux
Gentoo Linux
added 2004/06/18 12:0 a.m.38 views

Usermin: Multiple vulnerabilities

Background Usermin is a web-based administration tool for Unix. It supports a wide range of user applications including configuring mail forwarding, setting up SSH or reading mail. Description Usermin contains two security vulnerabilities. One fails to properly sanitize email messages that contai...

6.8CVSS6.9AI score0.02081EPSS
Exploits0
securityvulns
securityvulns
added 2004/06/16 12:0 a.m.57 views

[SNS Advisory No.75] Webmin/Usermin Account Lockout Bypass Vulnerability

---------------------------------------------------------------------- SNS Advisory No.75 Webmin/Usermin Account Lockout Bypass Vulnerability Problem first discovered on: Sun, 11 Apr 2004 Published on: Fri, 11 Jun 2004 ---------------------------------------------------------------------- Overvie...

Exploits0
NVD
NVD
added 2003/03/03 5:0 a.m.16 views

CVE-2003-0101

miniserv.pl in 1 Webmin before 1.070 and 2 Usermin before 1.000 does not properly handle metacharacters such as line feeds and carriage returns CRLF in Base-64 encoded strings during Basic authentication, which allows remote attackers to spoof a session ID and gain root privileges...

10CVSS6.6AI score0.15469EPSS
Exploits0References17
Tenable Nessus
Tenable Nessus
added 2003/02/28 12:0 a.m.26 views

Usermin 'miniserv.pl' Base-64 String Metacharacter Handling Session Spoofing

The remote server is running a version of Usermin which is vulnerable to Session ID spoofing. An attacker may use this flaw to log in as the 'root' user, and gain full control of the remote host. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...

10CVSS5.5AI score0.15469EPSS
Exploits0References1
CVE
CVE
added 2003/02/26 5:0 a.m.78 views

CVE-2003-0101

CVE-2003-0101 describes a vulnerability in miniserv.pl used by Webmin before 1.070 (and Usermin before 1.000) where metacharacters in Base-64 strings during Basic authentication can cause session ID spoofing, potentially granting root privileges. The issue arises from improper handling of line fe...

10CVSS6.5AI score0.15469EPSS
Exploits0References17Affected Software3
Cvelist
Cvelist
added 2003/02/26 5:0 a.m.26 views

CVE-2003-0101

miniserv.pl in 1 Webmin before 1.070 and 2 Usermin before 1.000 does not properly handle metacharacters such as line feeds and carriage returns CRLF in Base-64 encoded strings during Basic authentication, which allows remote attackers to spoof a session ID and gain root privileges...

6.5AI score0.15469EPSS
Exploits0References17
securityvulns
securityvulns
added 2003/02/25 12:0 a.m.32 views

Multiple bugs in Webmin/Usermin

Crossite scripting, session ID spoofing...

1AI score
Exploits0References2Affected Software2
exploitpack
exploitpack
added 2003/02/20 12:0 a.m.14 views

Webmin 0.9x Usermin 0.9x1.0 - Access Session ID Spoofing

Webmin 0.9x Usermin 0.9x1.0 - Access Session ID Spoofing source: https://www.securityfocus.com/bid/6915/info A vulnerability has been discovered in the 'Miniserv.pl' script used to invoke both Webmin and Usermin. Due to insufficient sanitization of client-supplied BASE64 encoded input, it is...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2003/02/20 12:0 a.m.44 views

Webmin 0.9x / Usermin 0.9x/1.0 - Access Session ID Spoofing

source: https://www.securityfocus.com/bid/6915/info A vulnerability has been discovered in the 'Miniserv.pl' script used to invoke both Webmin and Usermin. Due to insufficient sanitization of client-supplied BASE64 encoded input, it is possible to inject a Session ID into the access control list...

7AI score
Exploits0
NVD
NVD
added 2002/08/12 4:0 a.m.17 views

CVE-2002-0757

1 Webmin 0.96 and 2 Usermin 0.90 with password timeouts enabled allow local and possibly remote attackers to bypass authentication and gain privileges via certain control characters in the authentication information, which can force Webmin or Usermin to accept arbitrary username/session ID...

7.5CVSS7.4AI score0.01851EPSS
Exploits1References4
NVD
NVD
added 2002/08/12 4:0 a.m.18 views

CVE-2002-0756

Cross-site scripting vulnerability in the authentication page for 1 Webmin 0.96 and 2 Usermin 0.90 allows remote attackers to insert script into an error page and possibly steal cookies...

7.5CVSS6.6AI score0.01678EPSS
Exploits0References3
Cvelist
Cvelist
added 2002/07/26 4:0 a.m.23 views

CVE-2002-0757

1 Webmin 0.96 and 2 Usermin 0.90 with password timeouts enabled allow local and possibly remote attackers to bypass authentication and gain privileges via certain control characters in the authentication information, which can force Webmin or Usermin to accept arbitrary username/session ID...

7.3AI score0.01851EPSS
Exploits1References4
Cvelist
Cvelist
added 2002/07/26 4:0 a.m.20 views

CVE-2002-0756

Cross-site scripting vulnerability in the authentication page for 1 Webmin 0.96 and 2 Usermin 0.90 allows remote attackers to insert script into an error page and possibly steal cookies...

6.6AI score0.01678EPSS
Exploits0References3
CVE
CVE
added 2002/07/26 4:0 a.m.62 views

CVE-2002-0757

CVE-2002-0757 affects Webmin 0.96 and Usermin 0.90 (password timeouts enabled), enabling authentication bypass by sending certain control characters in authentication data to force acceptance of arbitrary username/session IDs. The issue allows local and possibly remote attackers to gain privilege...

7.5CVSS7.4AI score0.01851EPSS
Exploits1References4Affected Software2
CVE
CVE
added 2002/07/26 4:0 a.m.71 views

CVE-2002-0756

CVE-2002-0756 is a cross-site scripting vulnerability on the authentication page for Webmin 0.96 and Usermin 0.90. The flaw allows remote attackers to inject scripts into an error page and potentially steal cookies. The NVD record assigns CVSSv2 base score 7.5 (HIGH) with network attack vector an...

7.5CVSS6.6AI score0.01678EPSS
Exploits0References3Affected Software2
securityvulns
securityvulns
added 2002/05/10 12:0 a.m.26 views

[SNS Advisory No.52] Webmin/Usermin Cross-site Scripting Vulnerability

---------------------------------------------------------------------- SNS Advisory No.52 Webmin/Usermin Cross-site Scripting Vulnerability Problem first discovered: Thu, 2 May 2002 Published: Tue, 7 May 2002 ---------------------------------------------------------------------- Overview: -------...

6.2AI score
Exploits0
securityvulns
securityvulns
added 2002/05/10 12:0 a.m.28 views

[SNS Advisory No.53] Webmin/Usermin Session ID Spoofing Vulnerability

---------------------------------------------------------------------- SNS Advisory No.53 Webmin/Usermin Session ID Spoofing Vulnerability Problem first discovered: Sat, 4 May 2002 Published: Tue, 7 May 2002 ---------------------------------------------------------------------- Overview: --------...

7.6AI score
Exploits0
Rows per page
Query Builder