5 matches found
CVE-2012-2982
CVE-2012-2982 is a Webmin vulnerability affecting 1.590 and earlier in /file/show.cgi that allows an authenticated user to execute arbitrary commands via an invalid pathname (notably with a pipe). Public details include exploit modules and multiple advisories; remediation is upgrading Webmin to a...
CVE-2012-2983
Summary (CVE-2012-2983) : Webmin is affected by a directory/file-parameter traversal in the edit_html.cgi component on Webmin 1.590 and earlier. The root cause is the lack of an authorization check before displaying a file’s unedited contents, allowing remote attackers to read arbitrary files via...
CVE-2012-2981
Webmin versions 1.590 and earlier are vulnerable to remote authenticated code execution via a crafted file tied to the type (monitor type name) parameter. The CVE entry CVE-2012-2981 lists this as an arbitrary Perl code execution with CVSS v2 base score 6.0 (network, single authentication, partia...
CVE-2012-4893
Webmin
CVE-2005-0427
The CVE-2005-0427 issue affects Webmin on Gentoo (before 1.170-r3). The ebuild builds a tbz2 of Webmin that unintentionally includes the encrypted root password in miniserv.users, allowing a remote attacker to obtain and potentially crack the password. Gentoo GLSA 200502-12 documents this design ...