Search Results (Refine Search)
- CPE Product Version: cpe:/a:webmin:webmin:0.990
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2015-1377 |
The Read Mail module in Webmin 1.720 allows local users to read arbitrary files via a symlink attack on an unspecified file. Published: February 10, 2015; 3:59:03 PM -0500 |
V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2014-3886 |
Cross-site scripting (XSS) vulnerability in Webmin before 1.690, when referrer checking is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2014-3924. Published: July 20, 2014; 7:12:50 AM -0400 |
V3.x:(not available) V2.0: 2.6 LOW |
CVE-2014-3885 |
Cross-site scripting (XSS) vulnerability in Webmin before 1.690 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2014-3924. Published: July 20, 2014; 7:12:50 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2014-3924 |
Multiple cross-site scripting (XSS) vulnerabilities in Webmin before 1.690 and Usermin before 1.600 allow remote attackers to inject arbitrary web script or HTML via vectors related to popup windows. Published: May 30, 2014; 10:55:09 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2014-0339 |
Cross-site scripting (XSS) vulnerability in view.cgi in Webmin before 1.680 allows remote attackers to inject arbitrary web script or HTML via the search parameter. Published: March 16, 2014; 10:06:45 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2011-1937 |
Cross-site scripting (XSS) vulnerability in Webmin 1.540 and earlier allows local users to inject arbitrary web script or HTML via a chfn command that changes the real (aka Full Name) field, related to useradmin/index.cgi and useradmin/user-lib.pl. Published: May 31, 2011; 4:55:05 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2009-4568 |
Cross-site scripting (XSS) vulnerability in Webmin before 1.500 and Usermin before 1.430 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Published: January 05, 2010; 2:00:00 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2007-5066 |
Unspecified vulnerability in Webmin before 1.370 on Windows allows remote authenticated users to execute arbitrary commands via a crafted URL. Published: September 24, 2007; 7:17:00 PM -0400 |
V3.x:(not available) V2.0: 9.0 HIGH |
CVE-2007-3156 |
Multiple cross-site scripting (XSS) vulnerabilities in pam_login.cgi in Webmin before 1.350 and Usermin before 1.280 allow remote attackers to inject arbitrary web script or HTML via the (1) cid, (2) message, or (3) question parameter. NOTE: some of these details are obtained from third party information. Published: June 11, 2007; 6:30:00 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2006-4542 |
Webmin before 1.296 and Usermin before 1.226 do not properly handle a URL with a null ("%00") character, which allows remote attackers to conduct cross-site scripting (XSS), read CGI program source code, list directories, and possibly execute programs. Published: September 05, 2006; 7:04:00 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2006-3392 |
Webmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML, which allows remote attackers to read arbitrary files, as demonstrated using "..%01" sequences, which bypass the removal of "../" sequences before bytes such as "%01" are removed from the filename. NOTE: This is a different issue than CVE-2006-3274. Published: July 06, 2006; 4:05:00 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2006-3274 |
Directory traversal vulnerability in Webmin before 1.280, when run on Windows, allows remote attackers to read arbitrary files via \ (backslash) characters in the URL to certain directories under the web root, such as the image directory. Published: June 28, 2006; 6:05:00 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2002-2360 |
The RPC module in Webmin 0.21 through 0.99, when installed without root or admin privileges, allows remote attackers to read and write to arbitrary files and execute arbitrary commands via remote_foreign_require and remote_foreign_call requests. Published: December 31, 2002; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |