380 matches found
CVE-2015-2079
CVE-2015-2079 affects Webmin Usermin 0.980–1.x before 1.660. Root cause: the uconfig_save.cgi module uses the two-argument form of Perl open, enabling remote code execution (sig_file_free). Impact: remote code execution with high/critical potential. Affected software is Usermin; remediation is to...
PT-2025-18077 · Usermin · Usermin
Name of the Vulnerable Software and Affected Versions: Usermin versions 0.980 through 1.x before 1.660 Description: The issue allows remote code execution in uconfig save.cgi due to the use of the two-argument form of Perl open, specifically in the sig file free function. This enables an attacker...
Usermin 2.100 - Username Enumeration
Exploit Title: Usermin 2.100 - Username Enumeration Date: 10.02.2024 Exploit Author: Kjesper Vendor Homepage: https://www.webmin.com/usermin.html Software Link: https://github.com/webmin/usermin Version: = 2.100 Tested on: Kali Linux CVE: CVE-2024-44762...
📄 Usermin 2.100 Username Enumeration
Usermin versions 2.100 and below suffer from a username enumeration vulnerability. Exploit Title: Usermin 2.100 - Username Enumeration Date: 10.02.2024 Exploit Author: Kjesper Vendor Homepage: https://www.webmin.com/usermin.html Software Link: https://github.com/webmin/usermin Version: = 2.100...
Webmin Usermin 2.100 - Username Enumeration
Exploit Title: Webmin Usermin 2.100 - Username Enumeration Date: 10.02.2024 Exploit Author: Kjesper Vendor Homepage: https://www.webmin.com/usermin.html Software Link: https://github.com/webmin/usermin Version: = 2.100 Tested on: Kali Linux CVE: CVE-2024-44762...
Webmin < 2.101 Multiple Vulnerabilities
According to its self-reported version, the Webmin install hosted on the remote host is prior to 2.101. It is, therefore, affected by multiple vulnerabilities: - A Reflected Cross-Site Scripting XSS vulnerability exists in the File Manager function. - A Cross-Site Scripting XSS vulnerability exis...
CVE-2024-44762
A discrepancy in error messages for invalid login attempts in Webmin Usermin v2.100 allows attackers to enumerate valid user accounts...
CVE-2024-44762
A discrepancy in error messages for invalid login attempts in Webmin Usermin v2.100 allows attackers to enumerate valid user accounts...
Webmin Usermin 安全漏洞
Webmin Usermin is a web-based interface from Webmin Inc. It is used for webmail, password change, mail filters, fetchmail, and more. A security vulnerability exists in Webmin Usermin version 2.100, which stems from a discrepancy in the error message for the presence of an invalid login attempt,...
CVE-2024-44762
A discrepancy in error messages for invalid login attempts in Webmin Usermin v2.100 allows attackers to enumerate valid user accounts...
CVE-2024-44762
Summary: CVE-2024-44762 affects Webmin Usermin v2.100 and earlier; it enables attacker’s username enumeration through the password-change flow due to inconsistent error messages. What’s affected: Usermin 2.100 and below (password-change endpoint exposes observable differences in responses when us...
CVE-2024-44762
A discrepancy in error messages for invalid login attempts in Webmin Usermin v2.100 allows attackers to enumerate valid user accounts...
Webmin File Disclosure
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Webmin File Disclosure', 'Description' = %q A vulnerability has been reported in Webmin and Usermin, which can be exploited by malicious people t...
The vulnerability in the session_login.cgi script of the Webmin hosting panel and the web interface for Unix-like systems, Usermin, allows attackers to perform cross-site scripting attacks.
The vulnerability in the sessionlogin.cgi script of the Webmin hosting panel and the web interface for Unix-like systems Usermin exists due to the lack of security measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripti...
PT-2024-7392
Name of the Vulnerable Software and Affected Versions: Webmin Usermin version 2.100 Description: A discrepancy in error messages for invalid login attempts in Webmin Usermin allows attackers to enumerate valid user accounts. This issue is related to shortcomings in the error reporting mechanism,...
CVE-2024-36453
Cross-site scripting vulnerability exists in sessionlogin.cgi of Webmin versions prior to 1.970 and Usermin versions prior to 1.820. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product. As a result, a...
CVE-2024-36453
Cross-site scripting vulnerability exists in sessionlogin.cgi of Webmin versions prior to 1.970 and Usermin versions prior to 1.820. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product. As a result, a...
CVE-2024-36453
Cross-site scripting vulnerability exists in sessionlogin.cgi of Webmin versions prior to 1.970 and Usermin versions prior to 1.820. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product. As a result, a...
CVE-2024-36453
CVE-2024-36453 is a cross-site scripting vulnerability in Webmin’s session_login.cgi affecting Webmin before 1.970 and Usermin before 1.820. Exploitation can cause arbitrary JavaScript execution in the victim’s browser, potentially altering pages or exposing credentials. Red Hat and OSV/other fee...
CVE-2024-36453
Cross-site scripting vulnerability exists in sessionlogin.cgi of Webmin versions prior to 1.970 and Usermin versions prior to 1.820. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product. As a result, a...