Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
webmin vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-40982
A stored cross-site scripting (XSS) vulnerability in Webmin v2.100 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the cloned module name parameter.
Webmin Webmin 2.100
NA
CVE-2023-40983
A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 allows malicious users to execute malicious scripts via injecting a crafted payload into the Find in Results file.
Webmin Webmin 2.100
NA
CVE-2023-40984
A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 allows malicious users to execute malicious scripts via injecting a crafted payload into the Replace in Results file.
Webmin Webmin 2.100
NA
CVE-2023-40985
An issue exists in Webmin 2.100. The File Manager functionality allows an malicious user to exploit a Cross-Site Scripting (XSS) vulnerability. By providing a malicious payload, an attacker can inject arbitrary code, which is then executed within the context of the victim's ...
Webmin Webmin 2.100
NA
CVE-2023-40986
A stored cross-site scripting (XSS) vulnerability in the Usermin Configuration function of Webmin v2.100 allows malicious users to execute arbitrary web sripts or HTML via a crafted payload injected into the Custom field.
Webmin Webmin 2.100
NA
CVE-2023-41163
A Reflected Cross-site scripting (XSS) vulnerability in the file manager tab in Usermin 2.000 allows remote malicious users to inject arbitrary web script or HTML via the replace in results field while replacing the results under the tools drop down.
Webmin Webmin 2.000
10
CVSSv2
CVE-2001-1196
Directory traversal vulnerability in edit_action.cgi of Webmin Directory 0.91 allows malicious users to gain privileges via a '..' (dot dot) in the argument.
Webmin Webmin 0.91
1 EDB exploit
5
CVSSv2
CVE-2006-3392
Webmin prior to 1.290 and Usermin prior to 1.220 calls the simplify_path function before decoding HTML, which allows remote malicious users to read arbitrary files, as demonstrated using "..%01" sequences, which bypass the removal of "../" sequences before byt...
Webmin Webmin
Usermin Usermin
2 EDB exploits
2 Nmap scripts
7 Github repositories
7.5
CVSSv2
CVE-2005-3042
miniserv.pl in Webmin prior to 1.230 and Usermin prior to 1.160, when "full PAM conversations" is enabled, allows remote malicious users to bypass authentication by spoofing session IDs via certain metacharacters (line feed or carriage return).
Webmin Webmin 1.2.20
Usermin Usermin 1.150
7.5
CVSSv2
CVE-2005-3912
Format string vulnerability in miniserv.pl Perl web server in Webmin prior to 1.250 and Usermin prior to 1.180, with syslog logging enabled, allows remote malicious users to cause a denial of service (crash or memory consumption) and possibly execute arbitrary code via format str...
Webmin Webmin
Debian Debian Linux 3.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »