CVE-2006-4542
https://notcve.org/view.php?id=CVE-2006-4542
Webmin before 1.296 and Usermin before 1.226 do not properly handle a URL with a null ("%00") character, which allows remote attackers to conduct cross-site scripting (XSS), read CGI program source code, list directories, and possibly execute programs. Webmin anterior a 1.296 y Usermin anterior a 1.226 no dirigidas adecuadamente una URL con un caracter nulo ("%00"), lo cual permite a un atacante remoto dirigir una secuencia de comandos de sitios cruzados (XSS), leer el código fuente del programa CGI, lista de directorios, y posiblemente ejecutar programas. • http://jvn.jp/jp/JVN%2399776858/index.html http://secunia.com/advisories/21690 http://secunia.com/advisories/22087 http://secunia.com/advisories/22114 http://secunia.com/advisories/22556 http://securitytracker.com/id?1016776 http://securitytracker.com/id?1016777 http://webmin.com/security.html http://www.debian.org/security/2006/dsa-1199 http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/89_e.html http://www.mandriva.com/security/advisories?name=MDKSA-2006:170 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2006-3392 – Webmin < 1.290 / Usermin < 1.220 - Arbitrary File Disclosure
https://notcve.org/view.php?id=CVE-2006-3392
Webmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML, which allows remote attackers to read arbitrary files, as demonstrated using "..%01" sequences, which bypass the removal of "../" sequences before bytes such as "%01" are removed from the filename. NOTE: This is a different issue than CVE-2006-3274. Las aplicaciones Webmin antes de su versión 1.290 y Usermin antes de la 1.220 llaman a la función simplify_path antes de decodificar HTML, lo que permite a atacantes remotos leer ficheros arbitrarios, como se ha demostrado utilizando secuencias "..% 01", evitando de esta manera la supresión del nombre de fichero de las secuencias "../" anteriores a octetos del estilo de "%01". NOTA: Se trata de una vulnerabilidad diferente a CVE-2006-3274. • https://www.exploit-db.com/exploits/2017 https://www.exploit-db.com/exploits/1997 https://github.com/IvanGlinkin/CVE-2006-3392 https://github.com/MrEmpy/CVE-2006-3392 https://github.com/g1vi/CVE-2006-3392 https://github.com/Adel-kaka-dz/CVE-2006-3392 https://github.com/0xtz/CVE-2006-3392 https://github.com/kernel-cyber/CVE-2006-3392 http://attrition.org/pipermail/vim/2006-July/000923.html http://attrition.org/pipermail/vim/2006-June/000912.html http:/ •
CVE-2005-1177
https://notcve.org/view.php?id=CVE-2005-1177
Unknown vulnerability in (1) Webmin and (2) Usermin before 1.200 causes Webmin to change permissions and ownership of configuration files, with unknown impact. • http://securitytracker.com/id?1013723 http://www.webmin.com/changes.html http://www.webmin.com/uchanges.html https://exchange.xforce.ibmcloud.com/vulnerabilities/20607 •
CVE-2004-1468
https://notcve.org/view.php?id=CVE-2004-1468
The web mail functionality in Usermin 1.x and Webmin 1.x allows remote attackers to execute arbitrary commands via shell metacharacters in an e-mail message. • http://secunia.com/advisories/12488 http://www.gentoo.org/security/en/glsa/glsa-200409-15.xml http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/77_e.html http://www.securityfocus.com/bid/11122 https://exchange.xforce.ibmcloud.com/vulnerabilities/17293 •
CVE-2004-0559
https://notcve.org/view.php?id=CVE-2004-0559
The maketemp.pl script in Usermin 1.070 and 1.080 allows local users to overwrite arbitrary files at install time via a symlink attack on the /tmp/.usermin directory. El script maketemp.pl en Usermin 1.070 y 1.080 permite a usuarios locales sobreescribir ficheros de su elección durante la instalación mediante un ataque de enlaces simbólicos en el directorio /tmp/.usermin • http://secunia.com/advisories/12488 http://www.gentoo.org/security/en/glsa/glsa-200409-15.xml http://www.securityfocus.com/bid/11153 http://www.webmin.com/uchanges-1.089.html https://exchange.xforce.ibmcloud.com/vulnerabilities/17299 •