380 matches found
CVE-2004-0583
The account lockout functionality in 1 Webmin 1.140 and 2 Usermin 1.070 does not parse certain character strings, which allows remote attackers to conduct a brute force attack to guess user IDs and passwords...
CVE-2004-0583
The CVE-2004-0583 entry concerns Webmin 1.140 and Usermin 1.070 where the account lockout function fails to parse certain character strings, enabling remote brute-force attempts to guess user IDs and passwords. Root cause: input parsing flaw in the account lockout logic. Impact is limited to unau...
[SNS Advisory No.73] Usermin Cross-site Scripting Vulnerability
---------------------------------------------------------------------- SNS Advisory No.73 Usermin Cross-site Scripting Vulnerability Problem first discovered on: Sun, 11 Apr 2004 Published on: Fri, 11 Jun 2004 ---------------------------------------------------------------------- Overview:...
Usermin: Multiple vulnerabilities
Background Usermin is a web-based administration tool for Unix. It supports a wide range of user applications including configuring mail forwarding, setting up SSH or reading mail. Description Usermin contains two security vulnerabilities. One fails to properly sanitize email messages that contai...
[SNS Advisory No.75] Webmin/Usermin Account Lockout Bypass Vulnerability
---------------------------------------------------------------------- SNS Advisory No.75 Webmin/Usermin Account Lockout Bypass Vulnerability Problem first discovered on: Sun, 11 Apr 2004 Published on: Fri, 11 Jun 2004 ---------------------------------------------------------------------- Overvie...
CVE-2003-0101
miniserv.pl in 1 Webmin before 1.070 and 2 Usermin before 1.000 does not properly handle metacharacters such as line feeds and carriage returns CRLF in Base-64 encoded strings during Basic authentication, which allows remote attackers to spoof a session ID and gain root privileges...
Usermin 'miniserv.pl' Base-64 String Metacharacter Handling Session Spoofing
The remote server is running a version of Usermin which is vulnerable to Session ID spoofing. An attacker may use this flaw to log in as the 'root' user, and gain full control of the remote host. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...
CVE-2003-0101
CVE-2003-0101 describes a vulnerability in miniserv.pl used by Webmin before 1.070 (and Usermin before 1.000) where metacharacters in Base-64 strings during Basic authentication can cause session ID spoofing, potentially granting root privileges. The issue arises from improper handling of line fe...
CVE-2003-0101
miniserv.pl in 1 Webmin before 1.070 and 2 Usermin before 1.000 does not properly handle metacharacters such as line feeds and carriage returns CRLF in Base-64 encoded strings during Basic authentication, which allows remote attackers to spoof a session ID and gain root privileges...
Multiple bugs in Webmin/Usermin
Crossite scripting, session ID spoofing...
Webmin 0.9x Usermin 0.9x1.0 - Access Session ID Spoofing
Webmin 0.9x Usermin 0.9x1.0 - Access Session ID Spoofing source: https://www.securityfocus.com/bid/6915/info A vulnerability has been discovered in the 'Miniserv.pl' script used to invoke both Webmin and Usermin. Due to insufficient sanitization of client-supplied BASE64 encoded input, it is...
Webmin 0.9x / Usermin 0.9x/1.0 - Access Session ID Spoofing
source: https://www.securityfocus.com/bid/6915/info A vulnerability has been discovered in the 'Miniserv.pl' script used to invoke both Webmin and Usermin. Due to insufficient sanitization of client-supplied BASE64 encoded input, it is possible to inject a Session ID into the access control list...
CVE-2002-0757
1 Webmin 0.96 and 2 Usermin 0.90 with password timeouts enabled allow local and possibly remote attackers to bypass authentication and gain privileges via certain control characters in the authentication information, which can force Webmin or Usermin to accept arbitrary username/session ID...
CVE-2002-0756
Cross-site scripting vulnerability in the authentication page for 1 Webmin 0.96 and 2 Usermin 0.90 allows remote attackers to insert script into an error page and possibly steal cookies...
CVE-2002-0757
1 Webmin 0.96 and 2 Usermin 0.90 with password timeouts enabled allow local and possibly remote attackers to bypass authentication and gain privileges via certain control characters in the authentication information, which can force Webmin or Usermin to accept arbitrary username/session ID...
CVE-2002-0756
Cross-site scripting vulnerability in the authentication page for 1 Webmin 0.96 and 2 Usermin 0.90 allows remote attackers to insert script into an error page and possibly steal cookies...
CVE-2002-0757
CVE-2002-0757 affects Webmin 0.96 and Usermin 0.90 (password timeouts enabled), enabling authentication bypass by sending certain control characters in authentication data to force acceptance of arbitrary username/session IDs. The issue allows local and possibly remote attackers to gain privilege...
CVE-2002-0756
CVE-2002-0756 is a cross-site scripting vulnerability on the authentication page for Webmin 0.96 and Usermin 0.90. The flaw allows remote attackers to inject scripts into an error page and potentially steal cookies. The NVD record assigns CVSSv2 base score 7.5 (HIGH) with network attack vector an...
[SNS Advisory No.52] Webmin/Usermin Cross-site Scripting Vulnerability
---------------------------------------------------------------------- SNS Advisory No.52 Webmin/Usermin Cross-site Scripting Vulnerability Problem first discovered: Thu, 2 May 2002 Published: Tue, 7 May 2002 ---------------------------------------------------------------------- Overview: -------...
[SNS Advisory No.53] Webmin/Usermin Session ID Spoofing Vulnerability
---------------------------------------------------------------------- SNS Advisory No.53 Webmin/Usermin Session ID Spoofing Vulnerability Problem first discovered: Sat, 4 May 2002 Published: Tue, 7 May 2002 ---------------------------------------------------------------------- Overview: --------...