Lucene search
K

11 matches found

Nuclei
Nuclei
added 4 days ago35 views

Webmin < 1.290 / Usermin < 1.220 - Arbitrary File Disclosure

Webmin before 1.290 and Usermin before 1.220 contain a path traversal caused by calling the simplifypath function before decoding HTML, letting remote attackers read arbitrary files, exploit requires sending crafted '..%01' sequences. id: CVE-2006-3392 info: name: Webmin 1.290 / Usermin 1.220 -...

5CVSS7.3AI score0.77953EPSS
Exploits2References2
Circl
Circl
added 2018/05/29 3:50 p.m.17 views

CVE-2006-3392

creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/webmin/filedisclosure.rb 2025-02-06 03:13:38+00:00| seen| MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd 2025-02-23 04:08:16+00:00| seen|...

5CVSS9.3AI score0.77953EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2014/09/16 12:0 a.m.74 views

Usermin 'miniserv.pl' Arbitrary File Disclosure

The Usermin install on the remote host is affected by an information disclosure flaw in the Perl script 'miniserv.pl'. This flaw could allow a remote, unauthenticated attacker to read arbitrary files on the affected host, subject to the privileges of the web server user id. %NASLMINLEVEL 70300 C...

5CVSS7.6AI score0.77953EPSS
Exploits2References2
Nmap
Nmap
added 2014/05/04 3:0 p.m.427 views

http-vuln-cve2006-3392 NSE Script

Exploits a file disclosure vulnerability in Webmin CVE-2006-3392 Webmin before 1.290 and Usermin before 1.220 calls the simplifypath function before decoding HTML. This allows arbitrary files to be read, without requiring authentication, using "..%01" sequences to bypass the removal of "../"...

10CVSS9.3AI score0.99448EPSS
Exploits35
OpenVAS
OpenVAS
added 2008/09/24 12:0 a.m.25 views

Gentoo Security Advisory GLSA 200608-11 (webmin/usermin)

The remote host is missing updates announced in advisory GLSA 200608-11. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5CVSS6.7AI score0.77953EPSS
Exploits2References2
OpenVAS
OpenVAS
added 2008/01/17 12:0 a.m.53 views

Debian Security Advisory DSA 1199-1 (webmin)

The remote host is missing an update to webmin announced via advisory DSA 1199-1. Several vulnerabilities have been identified in webmin, a web-based administration toolkit. CVE-2005-3912 A format string vulnerability in miniserv.pl could allow an attacker to cause a denial of service by crashing...

7.5CVSS0.2AI score0.77953EPSS
Exploits4
Metasploit
Metasploit
added 2008/01/06 10:2 p.m.92 views

Webmin File Disclosure

A vulnerability has been reported in Webmin and Usermin, which can be exploited by malicious people to disclose potentially sensitive information. The vulnerability is caused due to an unspecified error within the handling of an URL. This can be exploited to read the contents of any files on the...

5CVSS6.7AI score0.77953EPSS
Exploits2
Debian
Debian
added 2006/10/24 1:10 a.m.47 views

[SECURITY] [DSA 1199-1] New webmin packages fix input validation problems

------------------------------------------------------------------------ Debian Security Advisory DSA-1199-1 [email protected] http://www.debian.org/security/ Noah Meyerhans October 23, 2006 - ------------------------------------------------------------------------ Package : webmin...

7.5CVSS0.4AI score0.77953EPSS
Exploits4
UbuntuCve
UbuntuCve
added 2006/07/06 8:5 p.m.60 views

CVE-2006-3392

Webmin before 1.290 and Usermin before 1.220 calls the simplifypath function before decoding HTML, which allows remote attackers to read arbitrary files, as demonstrated using "..%01" sequences, which bypass the removal of "../" sequences before bytes such as "%01" are removed from the filename...

5CVSS7.3AI score0.77953EPSS
Exploits2References1
CVE
CVE
added 2006/07/06 8:0 p.m.191 views

CVE-2006-3392

CVE-2006-3392 affects Webmin (pre-1.290) and Usermin (pre-1.220). The issue arises when the server’s miniserv.pl sanitization path uses the simplify_path function before HTML decoding, allowing a remote attacker to read arbitrary files via specially crafted URLs (eg, using ..%01 sequences that b...

5CVSS9.4AI score0.77953EPSS
Exploits2References18Affected Software2
Tenable Nessus
Tenable Nessus
added 2006/06/30 12:0 a.m.969 views

Webmin 'miniserv.pl' Arbitrary File Disclosure

The version of Webmin installed on the remote host is affected by an information disclosure flaw due to a flaw in the Perl script 'miniserv.pl'. This flaw could allow a remote, unauthenticated attacker to read arbitrary files on the affected host, subject to the privileges of the web server user...

5CVSS7.5AI score0.77953EPSS
Exploits2References2
Rows per page
Query Builder