Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
WebminWebmin

9 matches found

CVE
CVEadded 2019/03/07 5:29 a.m.97 views

CVE-2019-9624

Webmin 1.900 allows remote attackers to execute arbitrary code by leveraging the "Java file manager" and "Upload and Download" privileges to upload a crafted .cgi file via the /updown/upload.cgi URI.

7.8CVSS8AI score0.51667EPSS
Web
CVE
CVEadded 2005/11/30 11:3 a.m.92 views

CVE-2005-3912

Format string vulnerability in miniserv.pl Perl web server in Webmin before 1.250 and Usermin before 1.180, with syslog logging enabled, allows remote attackers to cause a denial of service (crash or memory consumption) and possibly execute arbitrary code via format string specifiers in the usernam...

7.5CVSS7.7AI score0.12453EPSS
Web
CVE
CVEadded 2002/08/12 4:0 a.m.62 views

CVE-2002-0756

Cross-site scripting vulnerability in the authentication page for (1) Webmin 0.96 and (2) Usermin 0.90 allows remote attackers to insert script into an error page and possibly steal cookies.

7.5CVSS6.6AI score0.01027EPSS
CVE
CVEadded 2002/03/09 5:0 a.m.60 views

CVE-1999-1074

Webmin before 0.5 does not restrict the number of invalid passwords that are entered for a valid username, which could allow remote attackers to gain privileges via brute force password cracking.

7.5CVSS7.1AI score0.00846EPSS
CVE
CVEadded 2024/09/04 11:15 p.m.60 views

CVE-2024-45692

Webmin before 2.202 and Virtualmin before 7.20.2 allow a network traffic loop via spoofed UDP packets on port 10000.

7.5CVSS6.7AI score0.00083EPSS
CVE
CVEadded 2005/02/13 5:0 a.m.51 views

CVE-2004-1468

The web mail functionality in Usermin 1.x and Webmin 1.x allows remote attackers to execute arbitrary commands via shell metacharacters in an e-mail message.

7.5CVSS7.5AI score0.04781EPSS
CVE
CVEadded 2005/09/22 10:3 a.m.50 views

CVE-2005-3042

miniserv.pl in Webmin before 1.230 and Usermin before 1.160, when "full PAM conversations" is enabled, allows remote attackers to bypass authentication by spoofing session IDs via certain metacharacters (line feed or carriage return).

7.5CVSS6.8AI score0.02204EPSS
CVE
CVEadded 2002/08/12 4:0 a.m.49 views

CVE-2002-0757

(1) Webmin 0.96 and (2) Usermin 0.90 with password timeouts enabled allow local and possibly remote attackers to bypass authentication and gain privileges via certain control characters in the authentication information, which can force Webmin or Usermin to accept arbitrary username/session ID comb...

7.5CVSS7.4AI score0.00612EPSS
CVE
CVEadded 2002/06/25 4:0 a.m.44 views

CVE-2001-1074

Webmin 0.84 and earlier does not properly clear the HTTP_AUTHORIZATION environment variable when the web server is restarted, which makes authentication information available to all CGI programs and allows local users to gain privileges.

7.2CVSS6.5AI score0.00046EPSS