Lucene search
K

380 matches found

CVE
CVE
added 2025/04/28 12:0 a.m.65 views

CVE-2015-2079

CVE-2015-2079 affects Webmin Usermin 0.980–1.x before 1.660. Root cause: the uconfig_save.cgi module uses the two-argument form of Perl open, enabling remote code execution (sig_file_free). Impact: remote code execution with high/critical potential. Affected software is Usermin; remediation is to...

9.9CVSS8AI score0.01004EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/04/28 12:0 a.m.4 views

PT-2025-18077 · Usermin · Usermin

Name of the Vulnerable Software and Affected Versions: Usermin versions 0.980 through 1.x before 1.660 Description: The issue allows remote code execution in uconfig save.cgi due to the use of the two-argument form of Perl open, specifically in the sig file free function. This enables an attacker...

9.9CVSS7.5AI score0.01004EPSS
Exploits1References7
Exploit DB
Exploit DB
added 2025/04/17 12:0 a.m.319 views

Usermin 2.100 - Username Enumeration

Exploit Title: Usermin 2.100 - Username Enumeration Date: 10.02.2024 Exploit Author: Kjesper Vendor Homepage: https://www.webmin.com/usermin.html Software Link: https://github.com/webmin/usermin Version: = 2.100 Tested on: Kali Linux CVE: CVE-2024-44762...

5.3CVSS7.1AI score0.02621EPSS
Exploits5
Packet Storm
Packet Storm
added 2025/04/03 12:0 a.m.308 views

📄 Usermin 2.100 Username Enumeration

Usermin versions 2.100 and below suffer from a username enumeration vulnerability. Exploit Title: Usermin 2.100 - Username Enumeration Date: 10.02.2024 Exploit Author: Kjesper Vendor Homepage: https://www.webmin.com/usermin.html Software Link: https://github.com/webmin/usermin Version: = 2.100...

5.3CVSS6.7AI score0.02621EPSS
Exploits5
Exploit DB
Exploit DB
added 2025/04/03 12:0 a.m.179 views

Webmin Usermin 2.100 - Username Enumeration

Exploit Title: Webmin Usermin 2.100 - Username Enumeration Date: 10.02.2024 Exploit Author: Kjesper Vendor Homepage: https://www.webmin.com/usermin.html Software Link: https://github.com/webmin/usermin Version: = 2.100 Tested on: Kali Linux CVE: CVE-2024-44762...

5.3CVSS5.4AI score0.02621EPSS
Exploits5
Tenable Nessus
Tenable Nessus
added 2025/04/02 12:0 a.m.9 views

Webmin < 2.101 Multiple Vulnerabilities

According to its self-reported version, the Webmin install hosted on the remote host is prior to 2.101. It is, therefore, affected by multiple vulnerabilities: - A Reflected Cross-Site Scripting XSS vulnerability exists in the File Manager function. - A Cross-Site Scripting XSS vulnerability exis...

6.1CVSS5.9AI score0.00531EPSS
Exploits5References7
NVD
NVD
added 2024/10/16 9:15 p.m.35 views

CVE-2024-44762

A discrepancy in error messages for invalid login attempts in Webmin Usermin v2.100 allows attackers to enumerate valid user accounts...

5.3CVSS0.02621EPSS
Exploits5References1
OSV
OSV
added 2024/10/16 9:15 p.m.5 views

CVE-2024-44762

A discrepancy in error messages for invalid login attempts in Webmin Usermin v2.100 allows attackers to enumerate valid user accounts...

5.3CVSS6.9AI score0.02621EPSS
Exploits5References1
CNNVD
CNNVD
added 2024/10/16 12:0 a.m.4 views

Webmin Usermin 安全漏洞

Webmin Usermin is a web-based interface from Webmin Inc. It is used for webmail, password change, mail filters, fetchmail, and more. A security vulnerability exists in Webmin Usermin version 2.100, which stems from a discrepancy in the error message for the presence of an invalid login attempt,...

5.3CVSS6.5AI score0.02621EPSS
Exploits5References5
Cvelist
Cvelist
added 2024/10/16 12:0 a.m.32 views

CVE-2024-44762

A discrepancy in error messages for invalid login attempts in Webmin Usermin v2.100 allows attackers to enumerate valid user accounts...

0.02621EPSS
Exploits5References1
CVE
CVE
added 2024/10/16 12:0 a.m.120 views

CVE-2024-44762

Summary: CVE-2024-44762 affects Webmin Usermin v2.100 and earlier; it enables attacker’s username enumeration through the password-change flow due to inconsistent error messages. What’s affected: Usermin 2.100 and below (password-change endpoint exposes observable differences in responses when us...

5.3CVSS7.1AI score0.02621EPSS
Exploits5References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/10/16 12:0 a.m.21 views

CVE-2024-44762

A discrepancy in error messages for invalid login attempts in Webmin Usermin v2.100 allows attackers to enumerate valid user accounts...

6.9AI score0.02621EPSS
Exploits5References1
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.260 views

Webmin File Disclosure

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Webmin File Disclosure', 'Description' = %q A vulnerability has been reported in Webmin and Usermin, which can be exploited by malicious people t...

5CVSS7AI score0.77953EPSS
Exploits2
BDU FSTEC
BDU FSTEC
added 2024/08/26 12:0 a.m.14 views

The vulnerability in the session_login.cgi script of the Webmin hosting panel and the web interface for Unix-like systems, Usermin, allows attackers to perform cross-site scripting attacks.

The vulnerability in the sessionlogin.cgi script of the Webmin hosting panel and the web interface for Unix-like systems Usermin exists due to the lack of security measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripti...

6.4CVSS7.3AI score0.004EPSS
Exploits0References6Affected Software3
Positive Technologies
Positive Technologies
added 2024/08/21 12:0 a.m.3 views

PT-2024-7392

Name of the Vulnerable Software and Affected Versions: Webmin Usermin version 2.100 Description: A discrepancy in error messages for invalid login attempts in Webmin Usermin allows attackers to enumerate valid user accounts. This issue is related to shortcomings in the error reporting mechanism,...

5.3CVSS6.3AI score0.02621EPSS
Exploits5References16
NVD
NVD
added 2024/07/10 7:15 a.m.35 views

CVE-2024-36453

Cross-site scripting vulnerability exists in sessionlogin.cgi of Webmin versions prior to 1.970 and Usermin versions prior to 1.820. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product. As a result, a...

6.1CVSS0.004EPSS
Exploits0References3
OSV
OSV
added 2024/07/10 7:15 a.m.2 views

CVE-2024-36453

Cross-site scripting vulnerability exists in sessionlogin.cgi of Webmin versions prior to 1.970 and Usermin versions prior to 1.820. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product. As a result, a...

6.1CVSS8AI score
Exploits0References3
Cvelist
Cvelist
added 2024/07/10 7:2 a.m.35 views

CVE-2024-36453

Cross-site scripting vulnerability exists in sessionlogin.cgi of Webmin versions prior to 1.970 and Usermin versions prior to 1.820. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product. As a result, a...

0.004EPSS
Exploits0References3
CVE
CVE
added 2024/07/10 7:2 a.m.75 views

CVE-2024-36453

CVE-2024-36453 is a cross-site scripting vulnerability in Webmin’s session_login.cgi affecting Webmin before 1.970 and Usermin before 1.820. Exploitation can cause arbitrary JavaScript execution in the victim’s browser, potentially altering pages or exposing credentials. Red Hat and OSV/other fee...

6.1CVSS6.2AI score0.004EPSS
Exploits0References3Affected Software2
Vulnrichment
Vulnrichment
added 2024/07/10 7:2 a.m.22 views

CVE-2024-36453

Cross-site scripting vulnerability exists in sessionlogin.cgi of Webmin versions prior to 1.970 and Usermin versions prior to 1.820. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product. As a result, a...

6.2AI score0.004EPSS
Exploits0References3
Rows per page
Query Builder