NotCVE - vendor:"Usermin" product:"Usermin" version:"1.070"

Page 2 of 16 results (0.002 seconds)

CVSS: 7.5EPSS: 71%CPEs: 2EXPL: 11

CVE-2006-3392 – Webmin < 1.290 / Usermin < 1.220 - Arbitrary File Disclosure

https://notcve.org/view.php?id=CVE-2006-3392

06 Jul 2006 — Webmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML, which allows remote attackers to read arbitrary files, as demonstrated using "..%01" sequences, which bypass the removal of "../" sequences before bytes such as "%01" are removed from the filename. NOTE: This is a different issue than CVE-2006-3274. Las aplicaciones Webmin antes de su versión 1.290 y Usermin antes de la 1.220 llaman a la función simplify_path antes de decodificar HTML, lo que permite a atacan... • https://packetstorm.news/files/id/180803 •

CVSS: 10.0EPSS: 0%CPEs: 60EXPL: 0

CVE-2005-1177

https://notcve.org/view.php?id=CVE-2005-1177

19 Apr 2005 — Unknown vulnerability in (1) Webmin and (2) Usermin before 1.200 causes Webmin to change permissions and ownership of configuration files, with unknown impact. • http://securitytracker.com/id?1013723 •

CVSS: 9.8EPSS: 4%CPEs: 22EXPL: 1

CVE-2004-1468

https://notcve.org/view.php?id=CVE-2004-1468

31 Dec 2004 — The web mail functionality in Usermin 1.x and Webmin 1.x allows remote attackers to execute arbitrary commands via shell metacharacters in an e-mail message. • http://secunia.com/advisories/12488 •

CVSS: 5.5EPSS: 0%CPEs: 28EXPL: 0

CVE-2004-0559

https://notcve.org/view.php?id=CVE-2004-0559

24 Sep 2004 — The maketemp.pl script in Usermin 1.070 and 1.080 allows local users to overwrite arbitrary files at install time via a symlink attack on the /tmp/.usermin directory. El script maketemp.pl en Usermin 1.070 y 1.080 permite a usuarios locales sobreescribir ficheros de su elección durante la instalación mediante un ataque de enlaces simbólicos en el directorio /tmp/.usermin • http://secunia.com/advisories/12488 •

CVSS: 9.8EPSS: 1%CPEs: 14EXPL: 0

CVE-2004-0583

https://notcve.org/view.php?id=CVE-2004-0583

23 Jun 2004 — The account lockout functionality in (1) Webmin 1.140 and (2) Usermin 1.070 does not parse certain character strings, which allows remote attackers to conduct a brute force attack to guess user IDs and passwords. La funcionalidad lockout en (1)Webmin 1.140 y (2) Usermin 1.070 no process ciertas cadenas de caractéreis, lo que permite a atacanetes remotos conducir un ataque de fuerza bruta para averiguar IDs de usuario y contraseñas. • http://marc.info/?l=bugtraq&m=108737059313829&w=2 •

CVSS: 6.8EPSS: 1%CPEs: 1EXPL: 0

CVE-2004-0588

https://notcve.org/view.php?id=CVE-2004-0588

23 Jun 2004 — Cross-site scripting (XSS) vulnerability in the web mail module for Usermin 1.070 allows remote attackers to insert arbitrary HTML and script via e-mail messages. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el módulo de correo web de Usermin 1.070 permite a atacantes remotos insertar HTML y scrpit de su elección mediante mensajes de correo electrónico. • http://marc.info/?l=bugtraq&m=108781564518287&w=2 •

1 2