CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 1CVE-2002-0757
https://notcve.org/view.php?id=CVE-2002-0757
(1) Webmin 0.96 and (2) Usermin 0.90 with password timeouts enabled allow local and possibly remote attackers to bypass authentication and gain privileges via certain control characters in the authentication information, which can force Webmin or Usermin to accept arbitrary username/session ID combinations. Webmin 0.96 y Usermin 0.90 con tiempo de espera para contraseñas habilitado, permite a atacantes locales y posiblemente a remotos, evitar la autenticación y obtener privilegios mediante ciertos caracteres de control en la información de autenticación, que podría forzar a Webmin o Usermin a aceptar combinaciones arbitrarias de usuario/sesión (username/session ID). • http://online.securityfocus.com/archive/1/271466 http://www.iss.net/security_center/static/9037.php http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-033.php http://www.securityfocus.com/bid/4700 •
CVSS: 4.6EPSS: 0%CPEs: 2EXPL: 0CVE-2001-1530
https://notcve.org/view.php?id=CVE-2001-1530
run.cgi in Webmin 0.80 and 0.88 creates temporary files with world-writable permissions, which allows local users to execute arbitrary commands. • http://archives.neohapsis.com/archives/vulnwatch/2001-q4/0015.html http://www.securiteam.com/unixfocus/6R00M0K2UC.html •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2001-1196 – webmin 0.91 - Directory Traversal
https://notcve.org/view.php?id=CVE-2001-1196
Directory traversal vulnerability in edit_action.cgi of Webmin Directory 0.91 allows attackers to gain privileges via a '..' (dot dot) in the argument. Una vulnerabilidad de atravesamiento de directorios en edit_action.cgi de Webmin Directory 0.91 permite a atacantes remotos, la obtención de privilegios mediante el uso de '..' (punto punto) en el argumento. • https://www.exploit-db.com/exploits/21183 http://marc.info/?l=webmin-l&m=100865390306103&w=2 http://www.iss.net/security_center/static/7711.php http://www.securityfocus.com/archive/1/245980 http://www.securityfocus.com/bid/3698 •
CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 1CVE-2001-1074
https://notcve.org/view.php?id=CVE-2001-1074
Webmin 0.84 and earlier does not properly clear the HTTP_AUTHORIZATION environment variable when the web server is restarted, which makes authentication information available to all CGI programs and allows local users to gain privileges. • http://archives.neohapsis.com/archives/bugtraq/2001-05/0262.html http://www.calderasystems.com/support/security/advisories/CSSA-2001-019.1.txt http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-059.php3 http://www.securityfocus.com/bid/2795 https://exchange.xforce.ibmcloud.com/vulnerabilities/6627 •
CVSS: 1.2EPSS: 0%CPEs: 1EXPL: 0CVE-2001-0222
https://notcve.org/view.php?id=CVE-2001-0222
webmin 0.84 and earlier allows local users to overwrite and create arbitrary files via a symlink attack. • http://www.calderasystems.com/support/security/advisories/CSSA-2001-004.0.txt http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-016.php3 https://exchange.xforce.ibmcloud.com/vulnerabilities/6011 •