Page 9 of 60 results (0.009 seconds)

CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0

miniserv.pl in Webmin before 1.230 and Usermin before 1.160, when "full PAM conversations" is enabled, allows remote attackers to bypass authentication by spoofing session IDs via certain metacharacters (line feed or carriage return). • http://archives.neohapsis.com/archives/bugtraq/2005-09/0257.html http://jvn.jp/jp/JVN%2340940493/index.html http://secunia.com/advisories/16858 http://secunia.com/advisories/17282 http://securityreason.com/securityalert/17 http://www.gentoo.org/security/en/glsa/glsa-200509-17.xml http://www.lac.co.jp/business/sns/intelligence/SNSadvisory_e/83_e.html http://www.mandriva.com/security/advisories?name=MDKSA-2005:176 http://www.novell.com/linux/security/advisories/2005_24_sr. •

CVSS: 10.0EPSS: 0%CPEs: 60EXPL: 0

Unknown vulnerability in (1) Webmin and (2) Usermin before 1.200 causes Webmin to change permissions and ownership of configuration files, with unknown impact. • http://securitytracker.com/id?1013723 http://www.webmin.com/changes.html http://www.webmin.com/uchanges.html https://exchange.xforce.ibmcloud.com/vulnerabilities/20607 •

CVSS: 5.0EPSS: 0%CPEs: 5EXPL: 0

The ebuild of Webmin before 1.170-r3 on Gentoo Linux includes the encrypted root password in the miniserv.users file when building a tbz2 of the webmin package, which allows remote attackers to obtain and possibly crack the encrypted password. Las compilaciones de Webmin anteriores a la versión 1.170-r3 en Gentoo Linux incluye la contraseña cifrada de root en el fichero miniserv.users cuando crea un tbz2 del paquete webmin, lo que permite a atacantes remotos obtener y posiblemente 'craquear' la contraseña cifrada. • http://bugs.gentoo.org/show_bug.cgi?id=77731 http://www.gentoo.org/security/en/glsa/glsa-200502-12.xml https://exchange.xforce.ibmcloud.com/vulnerabilities/19315 •

CVSS: 7.5EPSS: 1%CPEs: 22EXPL: 1

The web mail functionality in Usermin 1.x and Webmin 1.x allows remote attackers to execute arbitrary commands via shell metacharacters in an e-mail message. • http://secunia.com/advisories/12488 http://www.gentoo.org/security/en/glsa/glsa-200409-15.xml http://www.lac.co.jp/security/csl/intelligence/SNSadvisory_e/77_e.html http://www.securityfocus.com/bid/11122 https://exchange.xforce.ibmcloud.com/vulnerabilities/17293 •

CVSS: 2.1EPSS: 0%CPEs: 28EXPL: 0

The maketemp.pl script in Usermin 1.070 and 1.080 allows local users to overwrite arbitrary files at install time via a symlink attack on the /tmp/.usermin directory. El script maketemp.pl en Usermin 1.070 y 1.080 permite a usuarios locales sobreescribir ficheros de su elección durante la instalación mediante un ataque de enlaces simbólicos en el directorio /tmp/.usermin • http://secunia.com/advisories/12488 http://www.gentoo.org/security/en/glsa/glsa-200409-15.xml http://www.securityfocus.com/bid/11153 http://www.webmin.com/uchanges-1.089.html https://exchange.xforce.ibmcloud.com/vulnerabilities/17299 •