Page 8 of 41 results (0.006 seconds)

CVSS: 5.0EPSS: 1%CPEs: 5EXPL: 0

Directory traversal vulnerability in Webmin before 1.280, when run on Windows, allows remote attackers to read arbitrary files via \ (backslash) characters in the URL to certain directories under the web root, such as the image directory. Vulnerabilidad de salto de directorio en versiones de Webmin anteriores a la v1.280, cuando se ejecuta en Windows, permite a atacantes remotos leer ficheros arbitrarios a través del carácter \ (barra invertida) en la URL a determinados directorios bajo la raíz Web, tales como el directorio de imagenes. • http://jvn.jp/jp/JVN%2367974490/index.html http://secunia.com/advisories/20777 http://securityreason.com/securityalert/1161 http://securitytracker.com/id?1016375 http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/88_e.html http://www.securityfocus.com/archive/1/438149/100/0/threaded http://www.securityfocus.com/bid/18613 http://www.vupen.com/english/advisories/2006/2493 http://www.webmin.com/changes.html https://exchange.xforce.ibmcloud.com/vulnerabilities/27366 •

CVSS: 10.0EPSS: 0%CPEs: 60EXPL: 0

Unknown vulnerability in (1) Webmin and (2) Usermin before 1.200 causes Webmin to change permissions and ownership of configuration files, with unknown impact. • http://securitytracker.com/id?1013723 http://www.webmin.com/changes.html http://www.webmin.com/uchanges.html https://exchange.xforce.ibmcloud.com/vulnerabilities/20607 •

CVSS: 3.6EPSS: 0%CPEs: 25EXPL: 2

The web interface for Webmin 0.92 does not properly quote or filter script code in files that are displayed to the interface, which allows local users to execute script and possibly steal cookies by inserting the script into certain files or fields, such as a real user name entry in the passwd file. • https://www.exploit-db.com/exploits/21348 http://online.securityfocus.com/archive/1/263181 http://www.securityfocus.com/bid/4329 https://exchange.xforce.ibmcloud.com/vulnerabilities/8596 •

CVSS: 6.4EPSS: 0%CPEs: 23EXPL: 0

Webmin 0.21 through 1.0 uses the same built-in SSL key for all installations, which allows remote attackers to eavesdrop or highjack the SSL session. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02%3A06.asc http://www.iss.net/security_center/static/10381.php http://www.securityfocus.com/bid/5936 http://www.webmin.com/changes.html •

CVSS: 9.3EPSS: 4%CPEs: 22EXPL: 2

The RPC module in Webmin 0.21 through 0.99, when installed without root or admin privileges, allows remote attackers to read and write to arbitrary files and execute arbitrary commands via remote_foreign_require and remote_foreign_call requests. • https://www.exploit-db.com/exploits/21765 http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2002-08/0403.html http://www.iss.net/security_center/static/9983.php http://www.securiteam.com/unixfocus/5CP0R1P80G.html http://www.securityfocus.com/bid/5591 • CWE-264: Permissions, Privileges, and Access Controls •