CVE-2001-1530

run.cgi in Webmin 0.80 and 0.88 creates temporary files with world-writable permissions, which allows local users to execute arbitrary commands...

EUVD-2019-6593

Malware in sbrugna...

EUVD-2015-1514

Malware in sbrugna...

EUVD-2001-1055

Malware in sbrugna...

EUVD-2002-1653

Malware in sbrugna...

EUVD-2023-47728

Malicious code in bioql PyPI...

CVE-2023-38303

An issue was discovered in Webmin 2.021. One can exploit a stored Cross-Site Scripting XSS attack to achieve Remote Command Execution RCE through the Users and Group's real name parameter...

CVE-2024-12828

CVE-2024-12828 affects Webmin CGI handling, where unsanitized user input in CGI requests leads to command injection and remote code execution in the root context. The issue arises from improper validation before executing system calls. Public sources (including NVD, OSV, CIRCL, and related adviso...

Webmin Arbitrary Command Execution Vulnerability (CNVD-2021-07125)

Webmin is a Web-based system configuration tool for Unix-like systems, and the latest version can also be installed and run on Windows. An arbitrary command execution vulnerability exists in Webmin 1.962 and earlier versions. An attacker can exploit this vulnerability to execute arbitrary command...

MGASA-2020-0400 Updated webmin package fixes security vulnerabilities

An XSS Vulnerability exists in Webmin 1.941 and earlier affecting the Cluster Shell Commands Endpoint. A user may enter any XSS Payload into the Command field and execute it. Then, after revisiting the Cluster Shell Commands Menu, the XSS Payload will be rendered and executed. CVE-2020-8820 An...

Webmin < 1.870 Cross-Site Scripting Vulnerability

According to its self-reported version, the Webmin install hosted on the remote host is prior to 1.870. It is, therefore, affected by a cross-site scripting vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version...

Webmin < 1.850 Multiple Cross-Site Scripting Vulnerabilities

According to its self-reported version, the Webmin install hosted on the remote host is prior to 1.850. It is, therefore, affected by multiple cross-site scripting vulnerabilities. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported...

CVE-2018-8712

An issue was discovered in Webmin 1.840 and 1.880 when the default Yes setting of "Can view any file as a log file" is enabled. As a result of weak default configuration settings, limited users have full access rights to the underlying Unix system files, allowing the user to read sensitive data...

CVE-2017-15646

Webmin before 1.860 has XSS with resultant remote code execution. Under the 'Others/File Manager' menu, there is a 'Download from remote URL' option to download a file from a remote server. After setting up a malicious server, one can wait for a file download request and then send an XSS payload...

Webmin: Information leak in Gentoo binary package

Background Webmin is a web-based system administration console allowing an administrator to easily configure servers and other features. Using the 'buildpkg' FEATURE, or the -b/-B emerge options, Portage can build reusable binary packages for any of the packages available through the Portage tree...

Webmin 1.5 - Web Brute Force (CGI)

Webmin 1.5 - Web Brute Force CGI !/usr/bin/perl use CGI qw:standard; use IO::Socket; $CGI::HEADERSONCE = 1; $CGI = new CGI; $atak = $CGI-param"atak"; $host = $CGI-param"host"; $wlist = $CGI-param"wlist"; $cmd = $CGI-param"cmd"; print $CGI-header-type='text/html',-charset='windows-1254'; print...

Webmin Web Brute Force v1.5 (cgi-version)

Exploit for multiple platform in category remote exploits ========================================= Webmin Web Brute Force v1.5 cgi-version ========================================= !/usr/bin/perl use CGI qw:standard; use IO::Socket; $CGI::HEADERSONCE = 1; $CGI = new CGI; $atak = $CGI-param"atak"...

Debian DSA-544-1 : webmin - insecure temporary directory

Ludwig Nussel discovered a problem in webmin, a web-based administration toolkit. A temporary directory was used but without checking for the previous owner. This could allow an attacker to create the directory and place dangerous symbolic links inside. %NASLMINLEVEL 70300 C Tenable Network...

DSA-544-1 webmin - insecure temporary directory

Bulletin has no description...

Webmin, Usermin: Multiple vulnerabilities in Usermin

Background Webmin and Usermin are web-based system administration consoles. Webmin allows an administrator to easily configure servers and other features. Usermin allows users to configure their own accounts, execute commands, and read e-mail. The Usermin functionality, including webmail, is also...