Webmin version 1.840 suffers from a cross site scripting vulnerability.
79946720292e47f07df049f75813db652a8eb34758c01e099c3680a62e2fb2d5Webmin version 1.984 authenticated remote code execution exploit.
7286890f523f72cddacdb1075dae1a9d259f00e38f0108409ebfb8be0654690aWebmin version 1.973 cross site request forgery exploit that loads a reverse shell.
8a316a9307c0d4b3b8fa1f3bb02ab7e2a5d250b7b981658538c23e171ca98d24Webmin version 1.973 suffers from a cross site request forgery vulnerability.
6584fbea56cb36aed6cf20c070f41684482266289815df1aa41748fc786befa2This Metasploit module exploits an arbitrary command execution vulnerability in Webmin 1.962 and lower versions. Any user authorized to the Package Updates module can execute arbitrary commands with root privileges. It emerged by circumventing the measure taken for CVE-2019-12840.
0b9d3eed2396c63f8c369c41bb33853aea8748348ce034096856277e638001d6Webmin version 1.920 remote code execution exploit that leverages the vulnerability noted in CVE-2019-15107.
233192a3d19175ea1314a59b24a433a47278e7d0fd3f5a72f4fdeb8334763b0eThis Metasploit module exploits Webmin versions 1.930 and below. This exploit takes advantage of a code execution issue within the function unserialise_variable() located in web-lib-funcs.pl, in order to gain root. The only prerequisite is a valid session id.
a204c6065da489d3ae9470a7346273b6cabd6fe1e769d74907481d037f95676dWebmin version 1.890 (based on 1.920 research) expired remote root exploit.
a6a036a769a8e7b287b106998aecc0d0606fab73f1bcd56db60804eebb9820a9This Metasploit module exploits a backdoor in Webmin versions 1.890 through 1.920. Only the SourceForge downloads were backdoored, but they are listed as official downloads on the project's site. Unknown attacker(s) inserted Perl qx statements into the build server's source code on two separate occasions: once in April 2018, introducing the backdoor in the 1.890 release, and in July 2018, reintroducing the backdoor in releases 1.900 through 1.920. Only version 1.890 is exploitable in the default install. Later affected versions require the expired password changing feature to be enabled.
a77b36da3b341bc12695770cadbf155d839a3d53526172e82c4c2022be857299Webmin version 1.920 remote root exploit.
24da0743c530b7cde50344fe79a0f147dea9975a51294a92407b1d5fe39f2f39Webmin unauthenticated remote command execution exploit that identifies whether or not a target is vulnerable.
971076293bd447b89480caa6102ab463befa5dda10bc69b8d76aee1339d399d8This Metasploit module exploits an arbitrary command execution vulnerability in Webmin versions 1.920 and below. If the password change module is turned on, the unauthenticated user can execute arbitrary commands with root privileges.
ec772fb6a45fb88e2351faaab0600ee20a86b66126a1ccf91608cd56b9347361This Metasploit module exploits an arbitrary command execution vulnerability in Webmin 1.910 and lower versions. Any user authorized to the "Package Updates" module can execute arbitrary commands with root privileges.
caa352f2bdb2cd2ebe21355770a606a5756d88a75639e90b6ef5f0792ec9e235This Metasploit module exploits an arbitrary command execution vulnerability in Webmin 1.900 and lower versions. Any user authorized to the "Upload and Download" module can execute arbitrary commands with root privileges. In addition, if the Running Processes (proc) privilege is set the user can accurately determine which directory to upload to. Webmin application files can be written/overwritten, which allows remote code execution. The module has been tested successfully with Webmin 1.900 on Ubuntu v18.04.
cb30da254f071764bf5594bfe148a729f959e85798593b2141d4d5c66b873f67This Metasploit module exploits an arbitrary command execution vulnerability in Usermin 1.750 and lower versions. This vulnerability has the same characteristics as the Webmin 1.900 RCE.
505ea2f8624f6e3310d6adcbed739f255d5848596538d08bca4e2634ea2ba8d5This Metasploit module exploits an arbitrary command execution vulnerability in Webmin versions 1.900 and below. Any user authorized to the "Java file manager" and "Upload and Download" fields, to execute arbitrary commands with root privileges. In addition, "Running Processes" field must be authorized to discover the directory to be uploaded. A vulnerable file can be printed on the original files of the Webmin application. The vulnerable file we are uploading should be integrated with the application. Therefore, a ".cgi" file with the vulnerability belong to webmin application should be used. The module has been tested successfully with Webmin version 1.900 over Debian 4.9.18.
220bdda523afcc7f1ded8735ea03ed18dad447ecbc6744a6c32035e4ce3c5dfeWebmin version 1.890 suffers from a cross site scripting vulnerability.
df2769aae251744c88a9aba69305e69dc2d69864c7abbbafb511aad1671db2e9Webmin version 1.850 suffers from server side request forgery, cross site request forgery, and cross site scripting vulnerabilities, the last of which can lead to remote command execution.
d11573ef8f901da4b1c7a343b9844592c00e8cb689d9d4a889cdc4549e895f61Mandriva Linux Security Advisory 2014-062 - Multiple XSS, CSRF, and arbitrary code execution vulnerabilities that impact Webmin versions prior to 1.620. SA51201. The 1.680 version fixed security issues that could be exploited by un-trusted Webmin users in the PHP Configuration and Webalizer modules. The Authen::Libwrap perl module used by Webmin is also being provided. The updated packages have been upgraded to the 1.680 version which is not vulnerable to these issues.
27b82adda7cb7ed9776d3685dcfbfc3fe196fe892f153a6b846e4276aa1cd841Webmin version 1.670 suffers from a cross site scripting vulnerability.
7d18e9a92a225522958af02a7a14f6ae3ea0e0a8e5b98324a3cf3c5c316a8e4bSecunia Security Advisory - Oracle has acknowledge multiple vulnerabilities in Webmin included in Solaris, which can be exploited by malicious users to compromise a vulnerable system and by malicious people disclose certain sensitive information.
4879e214288243526ad0fbf2e271bba64c6a5c86804c24350d24547a527be56dSecunia Security Advisory - A vulnerability has been reported in Webmin, which can be exploited by malicious people to conduct cross-site scripting attacks.
f4d5e6cfc597565ad9ac0d304681294c14d9ba77cca4ebda069dbd0e2c3a68fcThis Metasploit module exploits an arbitrary command execution vulnerability in Webmin 1.580. The vulnerability exists in the /file/show.cgi component and allows an authenticated user, with access to the File Manager Module, to execute arbitrary commands with root privileges. The module has been tested successfully with Webim 1.580 over Ubuntu 10.04.
d7e27005cef2dea975ee0263e61102bda3d07c173825124a4099ef2ae10c8605Secunia Security Advisory - Multiple vulnerabilities have been reported in Webmin, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to disclose certain sensitive information.
a3bc839370d27d6268ff958da0b2f456823580fdc1aae6756a439c3d22b1ea08Mandriva Linux Security Advisory 2011-109 - Cross-site scripting vulnerability in Webmin 1.540 and earlier allows local users to inject arbitrary web script or HTML via a chfn command that changes the real field, related to useradmin/index.cgi and useradmin/user-lib.pl.
2979eb987feab5a10d626a2c9dbdabfa61d8ecc1f406797392b89e4358d17f2dWebmin versions 1.540 and below suffer from a cross site scripting vulnerability that allows for remote command execution.
79ce7134a3ef970d8a21e29d564f22919b1a69160445b954a449d17e00f80f9d
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed