Page 3 of 16 results (0.012 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

A cross-site request forgery (CSRF) vulnerability exists in Webmin 1.973 via the Scheduled Cron Jobs feature. Se presenta una vulnerabilidad de tipo cross-site request forgery (CSRF) en Webmin versión 1.973, por medio de la funcionalidad Scheduled Cron Jobs • https://github.com/Mesh3l911/CVE-2021-32156 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 2

Improper Authorization in GitHub repository webmin/webmin prior to 1.990. Una Autorización Inapropiada en el repositorio de GitHub webmin/webmin versiones anteriores a 1.990 • https://github.com/webmin/webmin/commit/eeeea3c097f5cc473770119f7ac61f1dcfa671b9 https://huntr.dev/bounties/f2d0389f-d7d1-4f34-9f9d-268b0a0da05e https://notes.netbytesec.com/2022/03/webmin-broken-access-control-to-post-auth-rce.html • CWE-285: Improper Authorization CWE-863: Incorrect Authorization •

CVSS: 9.0EPSS: 97%CPEs: 1EXPL: 8

Improper Access Control to Remote Code Execution in GitHub repository webmin/webmin prior to 1.990. Un Control de Acceso Inapropiado para una Ejecución de Código Remota en el repositorio de GitHub webmin/webmin versiones anteriores a 1.990 • https://www.exploit-db.com/exploits/50809 https://github.com/faisalfs10x/Webmin-CVE-2022-0824-revshell https://github.com/pizza-power/golang-webmin-CVE-2022-0824-revshell https://github.com/honypot/CVE-2022-0824 http://packetstormsecurity.com/files/166240/Webmin-1.984-Remote-Code-Execution.html http://packetstormsecurity.com/files/169700/Webmin-1.984-File-Manager-Remote-Code-Execution.html https://github.com/webmin/webmin/commit/39ea464f0c40b325decd6a5bfb7833fa4a142e38 https://huntr.dev/bounties/d0049a96-de • CWE-284: Improper Access Control CWE-863: Incorrect Authorization •

CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 5

Webmin 1.973 is affected by Cross Site Request Forgery (CSRF) to create a privileged user through Webmin's add users feature, and then get a reverse shell through Webmin's running process feature. Webmin versión 1.973, esta afectado por una vulnerabilidad de tipo Cross Site Request Forgery (CSRF) para crear un usuario privilegiado mediante la funcionalidad Webmin's add users, y luego obtener un shell inverso mediante la funcionalidad Webmin's running process Webmin version 1.973 suffers from a cross site request forgery vulnerability. • https://www.exploit-db.com/exploits/50126 https://github.com/electronicbots/CVE-2021-31762 https://github.com/Mesh3l911/CVE-2021-31762 http://packetstormsecurity.com/files/163492/Webmin-1.973-Cross-Site-Request-Forgery.html https://github.com/webmin/webmin https://youtu.be/qCvEXwyaF5U • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 9.6EPSS: 95%CPEs: 1EXPL: 5

Webmin 1.973 is affected by reflected Cross Site Scripting (XSS) to achieve Remote Command Execution through Webmin's running process feature. Webmin versión 1.973, esta afectado por una vulnerabilidad de tipo Cross Site Scripting (XSS) reflejado para lograr una ejecución de comandos remota por medio de la funcionalidad Webmin's running process • https://www.exploit-db.com/exploits/50144 https://github.com/electronicbots/CVE-2021-31761 https://github.com/Mesh3l911/CVE-2021-31761 http://packetstormsecurity.com/files/163559/Webmin-1.973-Cross-Site-Request-Forgery.html https://github.com/webmin/webmin https://youtu.be/23VvUMu-28c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •