exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 51 - 75 of 76 RSS Feed

Files

Webmin 1.840 Cross Site Scripting
Posted Jul 3, 2017
Authored by Andy Tan

Webmin version 1.840 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2017-9313
SHA-256 | 79946720292e47f07df049f75813db652a8eb34758c01e099c3680a62e2fb2d5

Related Files

webmin.php.txt
Posted Jul 12, 2006
Authored by joffer | Site securitydot.net

Webmin / Usermin arbitrary file disclosure exploit for versions below 1.290.

tags | exploit, arbitrary
SHA-256 | 26df64b339f3c6e96203965593eddaf4e3dbfc84f8cc18992edf84b8f460390c
SNS-88.txt
Posted Jun 27, 2006
Authored by Keigo Yamazaki | Site lac.co.jp

Webmin versions 1.270 and below are susceptible to a directory traversal attack.

tags | advisory
SHA-256 | fa59e3fa0d86976493acec052efc7ea7a7449bd1611072cdf0f932ece26afa50
Secunia Security Advisory 20777
Posted Jun 25, 2006
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Webmin, which can be exploited by malicious people to disclose potentially sensitive information.

tags | advisory
SHA-256 | 7ac8dbf9d9ba10b133842c152357cee8639af043fb2eedae7ba7569db0b365ce
Gentoo Linux Security Advisory 200512-2
Posted Dec 14, 2005
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200512-02 - Jack Louis discovered that the Webmin and Usermin miniserv.pl web server component is vulnerable to a Perl format string vulnerability. Login with the supplied username is logged via the Perl syslog facility in an unsafe manner. Versions less than 1.250 are affected.

tags | advisory, web, perl
systems | linux, gentoo
SHA-256 | ed5d825e7e8d12391f3c6b46803fa0bcaa2bbda2a4b5ada49efebd88c0517c14
Secunia Security Advisory 17942
Posted Dec 9, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Gentoo has issued an update for webmin and usermin. These fix a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
systems | linux, gentoo
SHA-256 | dbd79aeeca86ac47a0c965fb7e57f2ceb9c182457e4ed8c52235d755193bfe77
Secunia Security Advisory 17878
Posted Dec 7, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Mandriva has issued an update for webmin. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
systems | linux, mandriva
SHA-256 | e372409546a8f823b8a7430ef3795ac0bf6ee819b26362dc47949a3c97125a94
Mandriva Linux Security Advisory 2005.223
Posted Dec 3, 2005
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory - Jack Louis discovered a format string vulnerability in miniserv.pl Perl web server in Webmin before 1.250 and Usermin before 1.180, with syslog logging enabled. This can allow remote attackers to cause a denial of service (crash or memory consumption) and possibly execute arbitrary code via format string specifiers in the username parameter to the login form, which is ultimately used in a syslog call.

tags | advisory, remote, web, denial of service, arbitrary, perl
systems | linux, mandriva
advisories | CVE-2005-3912
SHA-256 | 0fee6cfab26096bc7f6d51ca1fae2f550ceb001780b74a0358d40e8fb8ca3888
webminFormat.txt
Posted Dec 1, 2005
Site dyadsecurity.com

The Webmin miniserv.pl code suffers from a format string vulnerability.

tags | advisory
SHA-256 | 97ebba960f457a58ad0e761322199ad5c6c0a070121c559a0100561ad97b67fc
Secunia Security Advisory 17749
Posted Nov 30, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Jack Louis has discovered a vulnerability in Webmin, which can be exploited by malicious people to cause a DoS (Denial of Service).

tags | advisory, denial of service
SHA-256 | ca6b7947ce29da38dd256fa5d64059a6f9636922e5e0de30e8ba9a8c394eff17
Mandriva Linux Security Advisory 2005.176
Posted Oct 8, 2005
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Update Advisory - Miniserv.pl in Webmin 1.220, when full PAM conversations is enabled, allows remote attackers to bypass authentication by spoofing session IDs via certain metacharacters (line feed or carriage return).

tags | advisory, remote, spoof
systems | linux, mandriva
advisories | CVE-2005-3042
SHA-256 | a2567dded228c5c8e1ec16208f680d5d1cc3614ecdb6712bdc01b2a5284525a6
Secunia Security Advisory 16940
Posted Sep 27, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Gentoo has issued an update for webmin/usermin. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions.

tags | advisory
systems | linux, gentoo
SHA-256 | 394b4ad8cae876a557e5b8266937996ca933c19cc85b8101f8453ad7d5dc073d
Gentoo Linux Security Advisory 200509-17
Posted Sep 26, 2005
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200509-17 - Keigo Yamazaki discovered that the miniserv.pl webserver, used in both Webmin and Usermin, does not properly validate authentication credentials before sending them to the PAM (Pluggable Authentication Modules) authentication process. The default configuration shipped with Gentoo does not enable the full PAM conversations option and is therefore unaffected by this flaw. Versions less than 1.230 are affected.

tags | advisory
systems | linux, gentoo
advisories | CVE-2005-3042
SHA-256 | a2b323a8185b1247befd647c72d00f474b4dae1d7389cfb354d32de11d1f3ec6
SNS Advisory 83
Posted Sep 23, 2005
Authored by Keigo Yamazaki, Little eArth Corporation | Site lac.co.jp

SNS Advisory 83 - A vulnerability that could result in session ID spoofing exists in miniserv.pl, which is a webserver program that is utilized by Webmin and Usermin. Webmin version 1.220 and Usermin version 1.150 are affected.

tags | advisory, spoof
SHA-256 | 4f1c462a6d055766252844ffc3c1e34389177f4019beef3335aa8c2152e47e35
Secunia Security Advisory 16858
Posted Sep 21, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Webmin and Usermin, which can be exploited by malicious people to bypass certain security restrictions.

tags | advisory
SHA-256 | ada08c08dc129026e1244b4565f5f07ab911f7d28f7d765930ac945e40d9258d
Gentoo Linux Security Advisory 200502-12
Posted Feb 24, 2005
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200502-12 - Portage-built Webmin binary packages accidentally include a file containing the local encrypted root password. Versions below 1.170-r3 are affected.

tags | advisory, local, root
systems | linux, gentoo
SHA-256 | 085ac67e1cb18a58fc89e2940e8266a6aaca83d1be98543487ee3bf605e8bb78
bruteforce.webmin.txt
Posted Dec 31, 2004
Authored by Di42lo

Webmin remote bruteforce and command execution exploit.

tags | exploit, remote
SHA-256 | 3229899c7251d4cb48d3f0d390a3b186437248965268c2f3b262bba166cd6158
dsa-544.txt
Posted Sep 15, 2004
Authored by Debian | Site debian.org

Debian Security Advisory DSA 544-1 - Ludwig Nussel discovered a problem in webmin, a web-based administration toolkit. A temporary directory was used but without checking for the previous owner. This could allow an attacker to create the directory and place dangerous symbolic links inside.

tags | advisory, web
systems | linux, debian
advisories | CVE-2004-0559
SHA-256 | 32d5e9937c86c2a5376b2972a716596d1a060f62e55dd6228a751e0b859d7587
dsa526.txt
Posted Jul 3, 2004
Authored by Matt Zimmerman | Site debian.org

Debian Security Advisory DSA 526-1 - Two vulnerabilities in Webmin 1.140 allow remote attackers to bypass access control rules and the ability to brute force IDs and passwords.

tags | advisory, remote, vulnerability
systems | linux, debian
advisories | CVE-2004-0582, CVE-2004-0583
SHA-256 | 694a2ef6d53bed289850b8d6f2c1bb2f1bf3c36d715e32c5b082cee265bcc4e3
snsadv074.txt
Posted Jun 14, 2004
Authored by Keigo Yamazaki

Webmin version 1.140, a web-based system administration tool for Unix, has a vulnerability that allow users to gain read access to the configuration of a module without authentication.

tags | advisory, web
systems | unix
SHA-256 | 832e4e216b40d2258786e8d36c494b2dff9a4983cb87e9a3c826f970fdbdccea
Secunia Security Advisory 11794
Posted Jun 7, 2004
Authored by Secunia

Two vulnerabilities have been discovered in Webmin, which can be exploited by malicious people to cause a DoS (Denial of Service) or bypass certain security restrictions. Versions below 1.150 are susceptible.

tags | advisory, denial of service, vulnerability
SHA-256 | 067198d1eb3d8ddd04a140308403e559a75e154dfdb65a832a574c846be43656
idefense.webmin.txt
Posted Aug 29, 2002
Authored by Noam Rathaus | Site idefense.com

iDEFENSE Security Advisory 08.28.2002 - Webmin v0.92 and below contains remote vulnerabilities which allow any file to be read from or written to as root. Perl exploit code included.

tags | exploit, remote, root, perl, vulnerability
SHA-256 | af31beb487c3d22656202899a2265acf6154205773815b6ae81b751d5177ca36
FreeBSD-SN-02:03
Posted Jun 3, 2002
Site freebsd.org

The following FreeBSD ports prior to the listed version have security vulnerabilities: amanda-2.3.0.4, fetchmail-5.9.11, gaim-0.58, gnokii-0.4.0.p20, horde-1.2.8, imap-uw (not fixed), imp-2.2.8, linux-netscape 6.2.3, mnogosearch-3.1.19_2, mpg321-0.2.9, ssh2 password auth issue, tinyproxy-1.5.0, and webmin-0.970.

tags | vulnerability, imap
systems | linux, freebsd
SHA-256 | 573f30008a2e7144a46d4b6e77775ec38d8ffa94127935a00f2ec8c7e36ebf0e
MDKSA-2002:033
Posted May 24, 2002
Authored by Mandrake Linux Security Team | Site mandrakesecure.net

Mandrake Security Advisory MDKSA-2002:033 - A vulnerability found in all versions of Webmin prior to v0.970 allows remote users to login to Webmin as any user. The affected Mandrake versions are 7.1, 7.2, 8.0, 8.1, 8.2, Corporate Server 1.0.1 and Single Network Firewall 7.2.

tags | remote
systems | linux, mandrake
SHA-256 | 7b53ede13b33631621686fe27cf7981287d076bdaa27520dcebdca3a089ccfac
iss.summary.6.3
Posted Feb 14, 2001
Site xforce.iss.net

ISS Security Alert Summary for February 6, 2001 - Volume 6 Number 3. 120 new vulnerabilities were reported this month. This document has links to more information and full advisories on each. Includes: win2k-rdp-dos, cisco-ccs-file-access, quicktime-embedded-tag-bo, solaris-ximp40-bo, cisco-ccs-cli-dos, slimserve-httpd-dos, crazywwwboard-qdecoder-bo, virusbuster-mua-bo, iis-isapi-obtain-code, bind-inverse-query-disclosure, hp-man-dos, sort-temp-file-abort, bind-complain-format-string, bind-complain-bo, winvnc-client-bo, winvnc-server-bo, guestserver-cgi-execute-commands, bind-tsig-bo, hyperseek-cgi-reveal-info, newsdaemon-gain-admin-access, mars-nwe-format-string, mars-nwe-format-string, planetintra-pi-bo, borderware-ping-dos, aol-malformed-url-dos, mirc-bypass-password, netscape-enterprise-revlog-dos, aim-execute-code, netscape-enterprise-list-directories, winnt-mutex-dos, jrun-webinf-file-retrieval, ipfw-bypass-firewall, netopia-telnet-dos, wuftp-debug-format-string, kde2-kdesu-retrieve-passwords, easycom-safecom-url-bo, easycom-safecom-printguide-dos, easycom-safecom-ftp-dos, vnc-weak-authentication, lotus-domino-smtp-bo, linux-sash-shadow-readable, powerpoint-execute-code, icecast-format-string, oracle-handlers-directory-traversal, oracle-handlers-execute-jsp, netscape-enterprise-dot-dos, goodtech-ftp-dos, netscape-fasttrack-cache-dos, eeye-iris-dos, watchguard-firebox-obtain-passphrase, fastream-ftp-server-dos, fastream-ftp-path-disclosure, localweb2k-directory-traversal, win2k-efs-recover-data, linux-bing-bo, micq-sprintf-remote-bo, mysql-select-bo, shoutcast-description-bo, fw1-limited-license-dos, fw1-limited-license-dos, hp-stm-dos, linux-webmin-tmpfiles, tinyproxy-remote-bo, postaci-sql-command-injection, wwwwais-cgi-dos, mime-header-attachment, ssh-rpc-private-key, linux-glibc-preload-overwrite, inn-tmpfile-symlink, interscan-viruswall-insecure-password, interscan-viruswall-weak-authentication, ie-mshtml-dos, dhcp-format-string, win-mediaplayer-arbitrary-code, veritas-backupexec-dos, interscan-viruswall-symlink, omnihttpd-statsconfig-corrupt-files, omnihttpd-statsconfig-execute-code, icmp-pmtu-dos, icmp-pmtu-dos, splitvt-perserc-format-string, splitvt-perserc-format-string, flash-module-bo, rctab-elevate-privileges, ultraboard-cgi-perm, compaq-web-management-bo, php-htaccess-unauth-access, basilix-webmail-retrieve-files, solaris-arp-bo, php-view-source-code, wec-ntlm-authentication, spamcop-url-seq-predict, linux-wuftpd-privatepw-symlink, rdist-symlink, squid-email-symlink, linux-diffutils-sdiff-symlimk, tcpdump-arpwatch-symlink, linuxconf-vpop3d-symlink, shadow-utils-useradd-symlink, linux-glibc-read-files, gettyps-symlink, linux-gpm-symlink, linux-mgetty-symlink, linux-apache-symlink, linux-inn-symlink, conferenceroom-developer-dos, oracle-xsql-execute-code, netscreen-webui-bo, suse-reiserfs-long-filenames, interbase-backdoor-account, interbase-hidden-function-dos, brickserver-thttpd-dos, solaris-exrecover-bo, hp-inetd-swait-dos, microsoft-iis-read-files, ibm-websphere-dos, storagesoft-imagecast-dos, nai-pgp-replace-keys, http-cgi-bbs-forum, lotus-domino-directory-traversal, http-cgi-fastgraf, newsdesk-cgi-read-files, gtk-module-execute-code, and linux-tty-writable-dos.

tags | remote, web, arbitrary, cgi, php, vulnerability
systems | cisco, linux, windows, solaris, suse
SHA-256 | cea13d6f0d4961c09e9e991e92cd2eb1b0f12363f3f1a83a83696b1ee0d06ccc
ipchains-0.78.5.wbm
Posted Mar 22, 2000
Authored by Tim Niemueller | Site niemueller.de

The IPchains firewall module for Webmin lets you graphically create ipchains firewall scripts. Nearly all of the IPchains options are supported.

tags | tool, firewall
systems | linux
SHA-256 | ae4bb69f61ef7a4900aa72ae25b1506b4304ade7bfaf5099538b9ceafd4d7e4b
Page 3 of 3
Back123Next

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    13 Files
  • 10
    Aug 10th
    34 Files
  • 11
    Aug 11th
    16 Files
  • 12
    Aug 12th
    5 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    25 Files
  • 16
    Aug 16th
    3 Files
  • 17
    Aug 17th
    6 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close