Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Tenable Nessus
Tenable Nessusadded 2018/03/22 12:0 a.m.400 views

Webmin < 1.070 authentication bypass

According to its self-reported version, the Webmin install hosted on the remote host is earlier than 1.070. It is, therefore, affected by an authentication bypass vulnerability. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid108544; scriptversion"1.5";...

10CVSS5.5AI score0.15469EPSS
Exploits0References3
OpenVAS
OpenVASadded 2009/05/05 12:0 a.m.21 views

HP-UX Update for Webmin HPSBUX00250

Check for the Version of Webmin OpenVAS Vulnerability Test HP-UX Update for Webmin HPSBUX00250 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of t...

10CVSS6.5AI score0.15469EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2004/09/29 12:0 a.m.59 views

Debian DSA-319-1 : webmin - session ID spoofing

miniserv.pl in the webmin package does not properly handle metacharacters, such as line feeds and carriage returns, in Base64-encoded strings used in Basic authentication. This vulnerability allows remote attackers to spoof a session ID, and thereby gain root privileges. %NASLMINLEVEL 70300 C...

10CVSS5.5AI score0.15469EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2004/07/31 12:0 a.m.18 views

Mandrake Linux Security Advisory : webmin (MDKSA-2003:025)

A vulnerability was discovered in webmin by Cintia M. Imanishi, in the miniserv.pl program, which is the core server of webmin. This vulnerability allows an attacker to spoof a session ID by including special metacharacters in the BASE64 encoding string used during the authentication process. Thi...

10CVSS5.5AI score0.15469EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2003/02/28 12:0 a.m.25 views

Usermin 'miniserv.pl' Base-64 String Metacharacter Handling Session Spoofing

The remote server is running a version of Usermin which is vulnerable to Session ID spoofing. An attacker may use this flaw to log in as the 'root' user, and gain full control of the remote host. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc';...

10CVSS5.5AI score0.15469EPSS
Exploits0References1
Cvelist
Cvelistadded 2003/02/26 5:0 a.m.23 views

CVE-2003-0101

miniserv.pl in 1 Webmin before 1.070 and 2 Usermin before 1.000 does not properly handle metacharacters such as line feeds and carriage returns CRLF in Base-64 encoded strings during Basic authentication, which allows remote attackers to spoof a session ID and gain root privileges...

6.5AI score0.15469EPSS
Exploits0References17
CVE
CVEadded 2003/02/26 5:0 a.m.75 views

CVE-2003-0101

CVE-2003-0101 describes a vulnerability in miniserv.pl used by Webmin before 1.070 (and Usermin before 1.000) where metacharacters in Base-64 strings during Basic authentication can cause session ID spoofing, potentially granting root privileges. The issue arises from improper handling of line fe...

10CVSS6.5AI score0.15469EPSS
Exploits0References17Affected Software3
Rows per page
Query Builder