Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
webmin vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2005-3042
miniserv.pl in Webmin prior to 1.230 and Usermin prior to 1.160, when "full PAM conversations" is enabled, allows remote malicious users to bypass authentication by spoofing session IDs via certain metacharacters (line feed or carriage return).
Usermin Usermin 1.150
Webmin Webmin 1.2.20
NA
CVE-2009-4457
Multiple unspecified vulnerabilities in the Vsftpd Webmin module prior to 1.3b for the Vsftpd server have unknown impact and attack vectors related to "Some security issues."
Provider4u Vsftpd Webmin Module 1.2a
Provider4u Vsftpd Webmin Module
NA
CVE-2004-0583
The account lockout functionality in (1) Webmin 1.140 and (2) Usermin 1.070 does not parse certain character strings, which allows remote malicious users to conduct a brute force attack to guess user IDs and passwords.
Usermin Usermin 1.070
Webmin Webmin 1.1.40
Debian Debian Linux 3.0
6.1
CVSSv3
CVE-2016-4897
Multiple cross-site scripting (XSS) vulnerabilities in (1) filter/save_forward.cgi, (2) filter/save.cgi, (3) /man/search.cgi in Usermin prior to 1.690.
Webmin Usermin
8.8
CVSSv3
CVE-2022-35132
Usermin up to and including 1.850 allows a remote authenticated user to execute OS commands via command injection in a filename for the GPG module.
Webmin Usermin
1 Github repository
5.4
CVSSv3
CVE-2023-41156
A Stored Cross-Site Scripting (XSS) vulnerability in the filter and forward mail tab in Usermin 2.001 allows remote malicious users to inject arbitrary web script or HTML via the save to new folder named field while creating a new filter.
Webmin Usermin 2.001
5.4
CVSSv3
CVE-2023-41158
A Stored Cross-Site Scripting (XSS) vulnerability in the MIME type programs tab in Usermin 2.000 allows remote malicious users to inject arbitrary web script or HTML via the description field while creating a new MIME type program.
Webmin Usermin 2.000
5.4
CVSSv3
CVE-2023-41160
A Stored Cross-Site Scripting (XSS) vulnerability in the SSH configuration tab in Usermin 2.001 allows remote malicious users to inject arbitrary web script or HTML via the key name field while adding an authorized key.
Webmin Usermin 2.001
5.4
CVSSv3
CVE-2023-41161
Multiple stored cross-site scripting (XSS) vulnerabilities in Usermin 2.000 allow remote malicious users to inject arbitrary web script or HTML via the key comment to different pages such as public key details, Export key, sign key, send to key server page, and fetch from key ser...
Webmin Usermin 2.000
6.1
CVSSv3
CVE-2023-41162
A Reflected Cross-site scripting (XSS) vulnerability in the file manager tab in Usermin 2.000 allows remote malicious users to inject arbitrary web script or HTML via the file mask field while searching under the tools drop down.
Webmin Usermin 2.000
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2018-25103
CVE-2024-36279
CVE-2024-38457
elevation of privilege
CVE-2024-27801
CVE-2024-30103
NULL pointer dereference
CVE-2024-6057
XML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
5
6
7
8
9
10
NEXT »