5 matches found
CVE-2001-1530
run.cgi in Webmin 0.80 and 0.88 creates temporary files with world-writable permissions, which allows local users to execute arbitrary commands...
CVE-2018-8712
An issue was discovered in Webmin 1.840 and 1.880 when the default Yes setting of "Can view any file as a log file" is enabled. As a result of weak default configuration settings, limited users have full access rights to the underlying Unix system files, allowing the user to read sensitive data...
Webmin: Information leak in Gentoo binary package
Background Webmin is a web-based system administration console allowing an administrator to easily configure servers and other features. Using the 'buildpkg' FEATURE, or the -b/-B emerge options, Portage can build reusable binary packages for any of the packages available through the Portage tree...
CVE-2001-1074
Webmin 0.84 and earlier does not properly clear the HTTPAUTHORIZATION environment variable when the web server is restarted, which makes authentication information available to all CGI programs and allows local users to gain privileges...
CVE-1999-1074
Webmin before 0.5 does not restrict the number of invalid passwords that are entered for a valid username, which could allow remote attackers to gain privileges via brute force password cracking...