EUVD-2019-6593

Malware in sbrugna...

EUVD-2001-1055

Malware in sbrugna...

Debian DSA-544-1 : webmin - insecure temporary directory

Ludwig Nussel discovered a problem in webmin, a web-based administration toolkit. A temporary directory was used but without checking for the previous owner. This could allow an attacker to create the directory and place dangerous symbolic links inside. %NASLMINLEVEL 70300 C Tenable Network...

DSA-544-1 webmin - insecure temporary directory

Bulletin has no description...

webmin -- insecure temporary file creation at installation time

The Webmin developers documented a security issue in the release notes for version 1.160: Fixed a security hole in the maketemp.pl script, used to create the /tmp/.webmin directory at install time. If an un-trusted user creates this directory before Webmin is installed, he could create in it a...

Webmin 0.x - 'RPC' Privilege Escalation

source: https://www.securityfocus.com/bid/5591/info In cases where users of Webmin do not have root access on the underlying host, it may be possible to mount privilege escalation attacks on the underlying host. This normally occurs in configurations where multiple Webmin client systems have acce...

Webmin Doesn't Clean Env (root exploit)

Not sure if this is known, however I know I've seen quite a few people still using webmin 0.84. Webmin doesn't seem to clean the env properly when starting apache probably in other cases as well It leaves the var HTTPAUTHORIZATION set. All you need to do is run it though a mime 64 decode and you...