Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
webmin webmin vulnerabilities and exploits
(subscribe to this query)
383
VMScore
CVE-2022-36880
The Read Mail module in Webmin 1.995 and Usermin up to and including 1.850 allows XSS via a crafted HTML e-mail message.
Webmin Usermin
Webmin Webmin 1.995
1 Github repository
NA
CVE-2023-41155
A Stored Cross-Site Scripting (XSS) vulnerability in the mail forwarding and replies tab in Webmin and Usermin 2.000 allows remote malicious users to inject arbitrary web script or HTML via the forward to field while creating a mail forwarding rule.
Webmin Webmin 2.000
Webmin Usermin 2.000
445
VMScore
CVE-2005-0427
The ebuild of Webmin prior to 1.170-r3 on Gentoo Linux includes the encrypted root password in the miniserv.users file when building a tbz2 of the webmin package, which allows remote malicious users to obtain and possibly crack the encrypted password.
Gentoo Webmin 1.160
Gentoo Webmin 1.150
Gentoo Webmin 1.140
Gentoo Webmin 1.170
801
VMScore
CVE-2007-5066
Unspecified vulnerability in Webmin prior to 1.370 on Windows allows remote authenticated users to execute arbitrary commands via a crafted URL.
Webmin Webmin
802
VMScore
CVE-2020-35606
Arbitrary command execution can occur in Webmin up to and including 1.962. Any user authorized for the Package Updates module can execute arbitrary commands with root privileges via vectors involving %0A and %0C. NOTE: this issue exists because of an incomplete fix for CVE-2019-1...
Webmin Webmin
4 Github repositories
NA
CVE-2022-36446
software/apt-lib.pl in Webmin prior to 1.997 lacks HTML escaping for a UI command.
Webmin Webmin
4 Github repositories
312
VMScore
CVE-2020-8820
An XSS Vulnerability exists in Webmin 1.941 and previous versions affecting the Cluster Shell Commands Endpoint. A user may enter any XSS Payload into the Command field and execute it. Then, after revisiting the Cluster Shell Commands Menu, the XSS Payload will be rendered and ex...
Webmin Webmin
312
VMScore
CVE-2020-8821
An Improper Data Validation Vulnerability exists in Webmin 1.941 and previous versions affecting the Command Shell Endpoint. A user may enter HTML code into the Command field and submit it. Then, after visiting the Action Logs Menu and displaying logs, the HTML code will be rende...
Webmin Webmin
685
VMScore
CVE-2017-15645
CSRF exists in Webmin 1.850. By sending a GET request to at/create_job.cgi containing dir=/&cmd= in the URI, an malicious user to execute arbitrary commands.
Webmin Webmin
1 EDB exploit
435
VMScore
CVE-2017-15646
Webmin prior to 1.860 has XSS with resultant remote code execution. Under the 'Others/File Manager' menu, there is a 'Download from remote URL' option to download a file from a remote server. After setting up a malicious server, one can wait for a file downloa...
Webmin Webmin
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »