Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
webmin webmin vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2019-9624
Webmin 1.900 allows remote malicious users to execute arbitrary code by leveraging the "Java file manager" and "Upload and Download" privileges to upload a crafted .cgi file via the /updown/upload.cgi URI.
Webmin Webmin 1.900
6.8
CVSSv2
CVE-2015-2009
Cross-site request forgery (CSRF) vulnerability in the xmlrpc.cgi service in IBM QRadar SIEM 7.1 before MR2 Patch 11 Interim Fix 02 and 7.2.x prior to 7.2.5 Patch 4 allows remote malicious users to hijack the authentication of arbitrary users for requests that insert XSS sequence...
Ibm Qradar Security Information And Event Manager 7.1.0
Ibm Qradar Security Information And Event Manager 7.2.5
Ibm Qradar Security Information And Event Manager
6.8
CVSSv2
CVE-2017-15645
CSRF exists in Webmin 1.850. By sending a GET request to at/create_job.cgi containing dir=/&cmd= in the URI, an malicious user to execute arbitrary commands.
Webmin Webmin
1 EDB exploit
6.8
CVSSv2
CVE-2014-3883
Usermin prior to 1.600 allows remote malicious users to execute arbitrary operating-system commands via unspecified vectors related to a user action.
Webmin Usermin 0.7
Webmin Usermin 1.560
Webmin Usermin 1.410
Webmin Usermin 1.170
Webmin Usermin 1.470
Webmin Usermin 0.910
Webmin Usermin 1.370
Webmin Usermin 1.300
Webmin Usermin 1.350
Webmin Usermin 1.570
Webmin Usermin 1.430
Webmin Usermin 1.260
Webmin Usermin 1.100
Webmin Usermin 1.230
Webmin Usermin 1.160
Webmin Usermin 0.4
Webmin Usermin 1.150
Webmin Usermin 1.540
Webmin Usermin 1.050
Webmin Usermin 1.130
Webmin Usermin 0.929
Webmin Usermin 0.990
6.8
CVSSv2
CVE-2012-4893
Multiple cross-site request forgery (CSRF) vulnerabilities in file/show.cgi in Webmin 1.590 and previous versions allow remote malicious users to hijack the authentication of privileged users for requests that (1) read files or execute (2) tar, (3) zip, or (4) gzip commands, a di...
Gentoo Webmin 1.370
Gentoo Webmin 1.340
Gentoo Webmin 1.260
Gentoo Webmin 1.450
Gentoo Webmin 1.160
Gentoo Webmin 1.230
Gentoo Webmin 1.400
Gentoo Webmin 1.480
Gentoo Webmin 1.220
Gentoo Webmin 1.150
Gentoo Webmin 1.270
Gentoo Webmin 1.330
Gentoo Webmin 1.380
Gentoo Webmin 1.210
Gentoo Webmin 1.390
Gentoo Webmin 1.510
Gentoo Webmin 1.560
Gentoo Webmin 1.320
Gentoo Webmin
Gentoo Webmin 1.200
Gentoo Webmin 1.410
Gentoo Webmin 1.500
6.8
CVSSv2
CVE-2006-4542
Webmin prior to 1.296 and Usermin prior to 1.226 do not properly handle a URL with a null ("%00") character, which allows remote malicious users to conduct cross-site scripting (XSS), read CGI program source code, list directories, and possibly execute programs.
Webmin Webmin 1.2.50
Webmin Webmin 0.97
Usermin Usermin 0.91
Webmin Webmin 0.22
Webmin Webmin 0.99
Usermin Usermin 1.070
Webmin Webmin 1.0.20
Webmin Webmin 1.0.51
Webmin Webmin 0.7
Webmin Webmin 1.0.10
Usermin Usermin 1.040
Webmin Webmin 0.88
Usermin Usermin 0.9
Webmin Webmin 0.4
Usermin Usermin 1.060
Webmin Webmin 1.1.50
Webmin Webmin 1.0.60
Usermin Usermin 0.8
Usermin Usermin 1.080
Usermin Usermin 1.100
Webmin Webmin 1.1.00
Usermin Usermin 1.210
6.5
CVSSv2
CVE-2022-30708
Webmin up to and including 1.991, when the Authentic theme is used, allows remote code execution when a user has been manually created (i.e., not created in Virtualmin or Cloudmin). This occurs because settings-editor_write.cgi does not properly restrict the file parameter.
Webmin Webmin
6.5
CVSSv2
CVE-2019-15642
rpc.cgi in Webmin up to and including 1.920 allows authenticated Remote Code Execution via a crafted object name because unserialise_variable makes an eval call. NOTE: the Webmin_Servers_Index documentation states "RPC can be used to run any command or modify any file on a s...
Webmin Webmin
1 Github repository
6.5
CVSSv2
CVE-2012-2982
file/show.cgi in Webmin 1.590 and previous versions allows remote authenticated users to execute arbitrary commands via an invalid character in a pathname, as demonstrated by a | (pipe) character.
Gentoo Webmin 1.370
Gentoo Webmin 1.340
Gentoo Webmin 1.260
Gentoo Webmin 1.450
Gentoo Webmin 1.160
Gentoo Webmin 1.230
Gentoo Webmin 1.400
Gentoo Webmin 1.480
Gentoo Webmin 1.220
Gentoo Webmin 1.150
Gentoo Webmin 1.270
Gentoo Webmin 1.330
Gentoo Webmin 1.380
Gentoo Webmin 1.210
Gentoo Webmin 1.390
Gentoo Webmin 1.510
Gentoo Webmin 1.560
Gentoo Webmin 1.320
Gentoo Webmin
Gentoo Webmin 1.200
Gentoo Webmin 1.410
Gentoo Webmin 1.500
1 EDB exploit
18 Github repositories
6.4
CVSSv2
CVE-2002-1947
Webmin 0.21 up to and including 1.0 uses the same built-in SSL key for all installations, which allows remote malicious users to eavesdrop or highjack the SSL session.
Webmin Webmin 0.97
Webmin Webmin 0.22
Webmin Webmin 0.99
Webmin Webmin 0.88
Webmin Webmin 0.96
Webmin Webmin 0.51
Webmin Webmin 0.93
Webmin Webmin 0.31
Webmin Webmin 0.42
Webmin Webmin 1.0.00
Webmin Webmin 0.92
Webmin Webmin 0.78
Webmin Webmin 0.21
Webmin Webmin 0.77
Webmin Webmin 0.85
Webmin Webmin 0.41
Webmin Webmin 0.95
Webmin Webmin 0.94
Webmin Webmin 0.79
Webmin Webmin 0.76
Webmin Webmin 0.91
Webmin Webmin 0.80
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »