9
CVSSv2

CVE-2020-35606

Published: 21/12/2020 Updated: 21/07/2021
CVSS v2 Base Score: 9 | Impact Score: 10 | Exploitability Score: 8
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

Vulnerability Summary

Arbitrary command execution can occur in Webmin up to and including 1.962. Any user authorized for the Package Updates module can execute arbitrary commands with root privileges via vectors involving %0A and %0C. NOTE: this issue exists because of an incomplete fix for CVE-2019-12840.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

webmin webmin

Mailing Lists

This Metasploit module exploits an arbitrary command execution vulnerability in Webmin 1962 and lower versions Any user authorized to the Package Updates module can execute arbitrary commands with root privileges It emerged by circumventing the measure taken for CVE-2019-12840 ...

Github Repositories

vulfocus-py Chinese document Vulfocus API Vulfocus API is the RESUFul API interface provided by Vulfocus for development, allowing Developers integrate Vulfocus in their own projects Vulfocus SDK The Python version of SDK written based on the Vulfocus API makes it easy for Python developers to quickly integrate Vulfocus into their projects Install pip install vulfocus USE

vulfocus-spring-boot-starter Chinese document Vulfocus API Vulfocus API is the RESUFul API interface provided by Vulfocus for development, allowing Developers integrate Vulfocus in their own projects Vulfocus SDK The Spring Boot version of SDK written based on the Vulfocus API makes it easy for Spring Boot developers to quickly integrate Vulfocus into their projects Add d

vulfocus-java Chinese document Vulfocus API Vulfocus API is the RESUFul API interface provided by Vulfocus for development, allowing Developers integrate Vulfocus in their own projects Vulfocus SDK The Java version of SDK written based on the Vulfocus API makes it easy for Java developers to quickly integrate Vulfocus into their projects Add dependency Apache Maven &l

Webmin Exploit Scanner CVE-2020-35606 CVE-2019-12840

Webminscan Webmin Exploit Scanner CVE-2020-35606 CVE-2019-12840

记录在漏洞复现/研究过程中编写的 Poc/Exp

Poc-Exp 记录在漏洞复现/研究过程中编写的 PoC/Exp # Poc框架 pocsuite3 Apache Flink cve-2020-17518(Apache Flink 目录遍历/文件写入漏洞-Upload) 2021-01-06 cve-2020-17519(Apache Flink 目录遍历/文件读取漏洞-jobmanager/logs) 2021-01-06 Citrix cve-2020-8209(Citrix XenMobile 目录遍历/任意文件读取漏洞) Confluence cve-2019-3396(Atla

此项目将不定期从棱角社区对外进行公布一些最新漏洞。

Vulnerability 纪念我们始终热爱的 来人皆是朋友 去人也不留 © Edge Security Team Anchor CMS 0127 跨站请求伪造(CVE-2020-23342) Apache Kylin API未授权访问漏洞(CVE-2020-13937) Apache NiFi Api 远程代码执行(RCE) Bypass for Microsoft Exchange远程代码执行 CVE-2020-16875 CISCO ASA任意文件读取漏洞 (CVE-2020-3452) CNVD-20

Vulnerability 纪念我们始终热爱的 来人皆是朋友 去人也不留 © Edge Security Team 本项目多数漏洞为互联网收集(多数均注明了原作者链接,如有侵权请联系我们删除,谢谢),部分漏洞进行了复现。 如有引用请注明文章内原作者链接,谢谢!!! 免责申明:项目所发布的资料\FOFA搜索语法\POC\EXP

2020年发布到阿尔法实验室微信公众号的所有安全资讯汇总

欢迎关注阿尔法实验室微信公众号 20201231 [漏洞] 2020年增加的10个最严重的CVE blogdetectifycom/2020/12/30/top-10-critical-cves-added-in-2020/ Chromium RawClipboardHostImpl中的UAF漏洞 bugschromiumorg/p/chromium/issues/detail?id=1101509 [工具] Sarenka:OSINT工具,将来自shodan、censys等服务的数据集中在一处

PoC in GitHub 2021 CVE-2021-1056 (2021-01-07) NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerability in the kernel mode layer (nvidiako) in which it does not completely honor operating system file system permissions to provide GPU device-level isolation, which may lead to denial of service or information disclosure pokerfaceSad/CVE-2021-1056 CVE-2021-

PoC in GitHub 2021 CVE-2021-1056 (2021-01-07) NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerability in the kernel mode layer (nvidiako) in which it does not completely honor operating system file system permissions to provide GPU device-level isolation, which may lead to denial of service or information disclosure pokerfaceSad/CVE-2021-1056 CVE-2021-

PoC in GitHub 2020 CVE-2020-0014 (2020-02-13) It is possible for a malicious application to construct a TYPE_TOAST window manually and make that window clickable This could lead to a local escalation of privilege with no additional execution privileges needed User action is needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Android-10Android