21 matches found
EUVD-2012-0485
Malware in sbrugna...
EUVD-2019-6593
Malware in sbrugna...
CVE-2019-15641
xmlrpc.cgi in Webmin through 1.930 allows authenticated XXE attacks. By default, only root, admin, and sysadm can access xmlrpc.cgi...
Webmin <= 1.930 XXE
An XML external entity XXE vulnerability exists in Webmin through 1.930 in xmlrpc.cgi due to an incorrectly configured XML parser accepting XML external entities from an untrusted source. A remote, authenticated attacker can exploit this,via specially crafted XML data, to disclose sensitive...
Webmin < 1.760 xmlrpc.cgi Cross-Site Scripting Vulnerability
According to its self-reported version, the Webmin install hosted on the remote host is prior to 1.760. It is, therefore, affected by a cross-site scripting vulnerability in xmlrpc.cgi, which could potentially lead to remote code execution in certain products. Note that the scanner has not tested...
CVE-2019-15641
xmlrpc.cgi in Webmin through 1.930 allows authenticated XXE attacks. By default, only root, admin, and sysadm can access xmlrpc.cgi...
CVE-2019-15641
xmlrpc.cgi in Webmin through 1.930 allows authenticated XXE attacks. By default, only root, admin, and sysadm can access xmlrpc.cgi...
CVE-2019-15641
xmlrpc.cgi in Webmin through 1.930 allows authenticated XXE attacks. By default, only root, admin, and sysadm can access xmlrpc.cgi...
Default credentials
xmlrpc.cgi in Webmin through 1.930 allows authenticated XXE attacks. By default, only root, admin, and sysadm can access xmlrpc.cgi...
CVE-2019-15641
CVE-2019-15641 affects Webmin via xmlrpc.cgi, where an authenticated XXE exists in Webmin up to version 1.930 (patch included in later versions). Impact: potential disclosure of sensitive data due to XML external entity processing; access is restricted in affected setups to root/admin/sysadm by d...
CVE-2019-15641
xmlrpc.cgi in Webmin through 1.930 allows authenticated XXE attacks. By default, only root, admin, and sysadm can access xmlrpc.cgi...
CVE-2015-2009
Cross-site request forgery CSRF vulnerability in the xmlrpc.cgi service in IBM QRadar SIEM 7.1 before MR2 Patch 11 Interim Fix 02 and 7.2.x before 7.2.5 Patch 4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences via vectors related to...
CVE-2015-2009
Cross-site request forgery CSRF vulnerability in the xmlrpc.cgi service in IBM QRadar SIEM 7.1 before MR2 Patch 11 Interim Fix 02 and 7.2.x before 7.2.5 Patch 4 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences via vectors related to...
Webmin < 1.760 xmlrpc.cgi Cross Site Scripting Vulnerability
According to its self-reported version, the Webmin install hosted on the remote host is prior to 1.760. It is, therefore, affected by a cross site scripting vulnerability in xmlrpc.cgi, which could potentially lead to remote code execution in certain products. C Tenable Network Security, Inc...
Mageia: Security Advisory (MGASA-2015-0344)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2015-2011
The xmlrpc.cgi Webmin script in IBM QRadar SIEM 7.1 MR2 before Patch 11 IF02 and 7.2.x before 7.2.5 Patch 4 allows remote authenticated users to execute arbitrary commands with root privileges via unspecified vectors...
Command injection
The xmlrpc.cgi Webmin script in IBM QRadar SIEM 7.1 MR2 before Patch 11 IF02 and 7.2.x before 7.2.5 Patch 4 allows remote authenticated users to execute arbitrary commands with root privileges via unspecified vectors...
CVE-2015-2011
The CVE-2015-2011 entry concerns IBM QRadar SIEM where the xmlrpc.cgi Webmin script allows remote authenticated users to execute arbitrary commands with root privileges via unspecified vectors. Affected products/versions include IBM QRadar SIEM 7.2.x and 7.1 MR2 with patches: 7.2.5 Patch 4 and 7....
CVE-2015-2011
The xmlrpc.cgi Webmin script in IBM QRadar SIEM 7.1 MR2 before Patch 11 IF02 and 7.2.x before 7.2.5 Patch 4 allows remote authenticated users to execute arbitrary commands with root privileges via unspecified vectors...
Updated webmin packages fix CVE-2015-1990
Updated webmin package fixes security vulnerability: A malicious website could create links or Javascript referencing the xmlrpc.cgi script, triggered when a user logged into Webmin visits the attacking site CVE-2015-1990...