12 matches found
SUSE CVE-2005-3912
Format string vulnerability in miniserv.pl Perl web server in Webmin before 1.250 and Usermin before 1.180, with syslog logging enabled, allows remote attackers to cause a denial of service crash or memory consumption and possibly execute arbitrary code via format string specifiers in the usernam...
Webmin < 1.970 RCE Vulnerability
miniserv.pl in Webmin on Windows mishandles special characters in query arguments to the CGI program. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
Webmin 输入验证错误漏洞
Webmin is the Webmin community's set of Web-based system administration tools for Unix-like operating systems. An input validation error vulnerability exists in Webmin version 1.962, which stems from miniserv.pl incorrectly handling special characters in the query parameters of a CGI program, and...
Usermin 'miniserv.pl' Arbitrary File Disclosure
The Usermin install on the remote host is affected by an information disclosure flaw in the Perl script 'miniserv.pl'. This flaw could allow a remote, unauthenticated attacker to read arbitrary files on the affected host, subject to the privileges of the web server user id. %NASLMINLEVEL 70300 C...
Webmin 'miniserv.pl' Arbitrary File Disclosure
The version of Webmin installed on the remote host is affected by an information disclosure flaw due to a flaw in the Perl script 'miniserv.pl'. This flaw could allow a remote, unauthenticated attacker to read arbitrary files on the affected host, subject to the privileges of the web server user...
Webmin 'miniserv.pl' 'username' Parameter Format String
The version of Webmin installed on the remote host contains a format string flaw when logging failed authentication attempts. Using specially crafted values for the 'username' parameter of the 'sessionlogin.cgi', an attacker could exploit the flaw to crash the affected server or to potentially...
GLSA-200512-02 : Webmin, Usermin: Format string vulnerability
The remote host is affected by the vulnerability described in GLSA-200512-02 Webmin, Usermin: Format string vulnerability Jack Louis discovered that the Webmin and Usermin 'miniserv.pl' web server component is vulnerable to a Perl format string vulnerability. Login with the supplied username is...
CVE-2005-3912
Format string vulnerability in miniserv.pl Perl web server in Webmin before 1.250 and Usermin before 1.180, with syslog logging enabled, allows remote attackers to cause a denial of service crash or memory consumption and possibly execute arbitrary code via format string specifiers in the usernam...
CVE-2005-3912
CVE-2005-3912: Webmin/miniserv.pl format-string vulnerability (username in login form) can crash or exhaust resources and potentially allow remote code execution when syslog logging is enabled. Affected: Webmin < 1.250 and Usermin
[Full-disclosure] Webmin miniserv.pl format string vulnerability
SUMMARY. The webmin miniserv.pl' web server component is vulnerable to a new class of exploitable remote code perl format string vulnerabilities. During the login process it is possible to trigger this vulnerability via a crafted username parameter containing format string data. In the observed...
[SNS Advisory No.83] Webmin/Usermin PAM Authentication Bypass Vulnerability
------------------------------------------------------------------ SNS Advisory No.83 Webmin/Usermin PAM Authentication Bypass Vulnerability Problem first discovered on: Sun, 04 Sep 2005 Published on: Tue, 20 Sep 2005 ------------------------------------------------------------------ Severity...
CVE-2005-3042
Webmin/miniserv.pl (and Usermin) vulnerability CVE-2005-3042 allows remote authentication bypass when PAM conversations are enabled. Specifically, miniserv.pl in Webmin < 1.230 and Usermin