1357 matches found
CVE-2001-1196
Directory traversal vulnerability in editaction.cgi of Webmin Directory 0.91 allows attackers to gain privileges via a '..' dot dot in the argument...
CVE-2001-1196
CVE-2001-1196 concerns Webmin 0.91, where a directory traversal flaw in edit_action.cgi could allow privilege escalation via a .. argument. The vulnerability is documented with a high-severity score (CVSS v2: HIGH, base 10.0) and is referenced by multiple sources. A remediation available in the c...
CVE-1999-1074
Webmin before 0.5 is affected: it does not restrict the number of invalid password attempts for a valid username, enabling remote attackers to attempt brute‑force password cracking and potentially gain privileges. The issue is described across CVE-1999-1074 records (CVE/NVD/CVELIST) and corrobora...
CVE-1999-1074
Webmin before 0.5 does not restrict the number of invalid passwords that are entered for a valid username, which could allow remote attackers to gain privileges via brute force password cracking...
CVE-2001-1530
run.cgi in Webmin 0.80 and 0.88 creates temporary files with world-writable permissions, which allows local users to execute arbitrary commands...
CVE-2001-1196
Directory traversal vulnerability in editaction.cgi of Webmin Directory 0.91 allows attackers to gain privileges via a '..' dot dot in the argument...
webmin 0.91 - Directory Traversal
webmin 0.91 - Directory Traversal source: https://www.securityfocus.com/bid/3698/info Webmin is a web-based interface for system administration for Unix. Using any browser that supports tables and forms, you can setup user accounts, Apache, DNS, file sharing and so on. Webmin will run on most Uni...
webmin 0.91 - Directory Traversal
source: https://www.securityfocus.com/bid/3698/info Webmin is a web-based interface for system administration for Unix. Using any browser that supports tables and forms, you can setup user accounts, Apache, DNS, file sharing and so on. Webmin will run on most Unix variants, providing it has been...
Webmin Detection
The remote web server is running Webmin, a web-based interface for system administration for Unix. This script was written by Georges Dagousset See the Nessus Scripts License for details Changes by Tenable: - Revised plugin title, changed family 4/13/2009 - Added CPE, updated version check, updat...
Webmin Doesn't Clean Env (root exploit)
Not sure if this is known, however I know I've seen quite a few people still using webmin 0.84. Webmin doesn't seem to clean the env properly when starting apache probably in other cases as well It leaves the var HTTPAUTHORIZATION set. All you need to do is run it though a mime 64 decode and you...
CVE-2001-1074
Webmin 0.84 and earlier does not properly clear the HTTPAUTHORIZATION environment variable when the web server is restarted, which makes authentication information available to all CGI programs and allows local users to gain privileges...
CVE-2001-0222
CVE-2001-0222 affects Webmin 0.84 and earlier. The vulnerability is a local, file-overwrite via a symlink attack, enabling local users to create or overwrite arbitrary files on the system. The available sources (NVD/CVE listing and Nessus plugin linking CVE-2001-0222 with Webmin 0.85+ family) con...
CVE-2001-0222
webmin 0.84 and earlier allows local users to overwrite and create arbitrary files via a symlink attack...
CVE-2001-0222
webmin 0.84 and earlier allows local users to overwrite and create arbitrary files via a symlink attack...
Security Update: security problems in webmin CSSA-2001-004.0
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Caldera Systems, Inc. Security Advisory Subject: security problems in webmin Advisory number: CSSA-2001-004.0 Issue date: 2001 January, 17 Cross reference: 1. Problem Description On several occasions, webmin creates temporary files insecurely. This ca...
Дырка в WebMIN
небезопасное создание временных файлов...
CVE-1999-1074
Webmin before 0.5 does not restrict the number of invalid passwords that are entered for a valid username, which could allow remote attackers to gain privileges via brute force password cracking...