Page 3 of 14 results (0.012 seconds)

CVSS: 5.0EPSS: 95%CPEs: 2EXPL: 8

Webmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML, which allows remote attackers to read arbitrary files, as demonstrated using "..%01" sequences, which bypass the removal of "../" sequences before bytes such as "%01" are removed from the filename. NOTE: This is a different issue than CVE-2006-3274. Las aplicaciones Webmin antes de su versión 1.290 y Usermin antes de la 1.220 llaman a la función simplify_path antes de decodificar HTML, lo que permite a atacantes remotos leer ficheros arbitrarios, como se ha demostrado utilizando secuencias "..% 01", evitando de esta manera la supresión del nombre de fichero de las secuencias "../" anteriores a octetos del estilo de "%01". NOTA: Se trata de una vulnerabilidad diferente a CVE-2006-3274. • https://www.exploit-db.com/exploits/2017 https://www.exploit-db.com/exploits/1997 https://github.com/IvanGlinkin/CVE-2006-3392 https://github.com/MrEmpy/CVE-2006-3392 https://github.com/g1vi/CVE-2006-3392 https://github.com/Adel-kaka-dz/CVE-2006-3392 https://github.com/0xtz/CVE-2006-3392 https://github.com/kernel-cyber/CVE-2006-3392 http://attrition.org/pipermail/vim/2006-July/000923.html http://attrition.org/pipermail/vim/2006-June/000912.html http:/ •

CVSS: 10.0EPSS: 0%CPEs: 60EXPL: 0

Unknown vulnerability in (1) Webmin and (2) Usermin before 1.200 causes Webmin to change permissions and ownership of configuration files, with unknown impact. • http://securitytracker.com/id?1013723 http://www.webmin.com/changes.html http://www.webmin.com/uchanges.html https://exchange.xforce.ibmcloud.com/vulnerabilities/20607 •

CVSS: 7.5EPSS: 1%CPEs: 22EXPL: 1

The web mail functionality in Usermin 1.x and Webmin 1.x allows remote attackers to execute arbitrary commands via shell metacharacters in an e-mail message. • http://secunia.com/advisories/12488 http://www.gentoo.org/security/en/glsa/glsa-200409-15.xml http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/77_e.html http://www.securityfocus.com/bid/11122 https://exchange.xforce.ibmcloud.com/vulnerabilities/17293 •

CVSS: 2.1EPSS: 0%CPEs: 28EXPL: 0

The maketemp.pl script in Usermin 1.070 and 1.080 allows local users to overwrite arbitrary files at install time via a symlink attack on the /tmp/.usermin directory. El script maketemp.pl en Usermin 1.070 y 1.080 permite a usuarios locales sobreescribir ficheros de su elección durante la instalación mediante un ataque de enlaces simbólicos en el directorio /tmp/.usermin • http://secunia.com/advisories/12488 http://www.gentoo.org/security/en/glsa/glsa-200409-15.xml http://www.securityfocus.com/bid/11153 http://www.webmin.com/uchanges-1.089.html https://exchange.xforce.ibmcloud.com/vulnerabilities/17299 •