Webmin version 1.840 suffers from a cross site scripting vulnerability.
79946720292e47f07df049f75813db652a8eb34758c01e099c3680a62e2fb2d5Webmin / Usermin arbitrary file disclosure exploit for versions below 1.290.
26df64b339f3c6e96203965593eddaf4e3dbfc84f8cc18992edf84b8f460390cWebmin versions 1.270 and below are susceptible to a directory traversal attack.
fa59e3fa0d86976493acec052efc7ea7a7449bd1611072cdf0f932ece26afa50Secunia Security Advisory - A vulnerability has been reported in Webmin, which can be exploited by malicious people to disclose potentially sensitive information.
7ac8dbf9d9ba10b133842c152357cee8639af043fb2eedae7ba7569db0b365ceGentoo Linux Security Advisory GLSA 200512-02 - Jack Louis discovered that the Webmin and Usermin miniserv.pl web server component is vulnerable to a Perl format string vulnerability. Login with the supplied username is logged via the Perl syslog facility in an unsafe manner. Versions less than 1.250 are affected.
ed5d825e7e8d12391f3c6b46803fa0bcaa2bbda2a4b5ada49efebd88c0517c14Secunia Security Advisory - Gentoo has issued an update for webmin and usermin. These fix a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
dbd79aeeca86ac47a0c965fb7e57f2ceb9c182457e4ed8c52235d755193bfe77Secunia Security Advisory - Mandriva has issued an update for webmin. This fixes a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).
e372409546a8f823b8a7430ef3795ac0bf6ee819b26362dc47949a3c97125a94Mandriva Linux Security Advisory - Jack Louis discovered a format string vulnerability in miniserv.pl Perl web server in Webmin before 1.250 and Usermin before 1.180, with syslog logging enabled. This can allow remote attackers to cause a denial of service (crash or memory consumption) and possibly execute arbitrary code via format string specifiers in the username parameter to the login form, which is ultimately used in a syslog call.
0fee6cfab26096bc7f6d51ca1fae2f550ceb001780b74a0358d40e8fb8ca3888The Webmin miniserv.pl code suffers from a format string vulnerability.
97ebba960f457a58ad0e761322199ad5c6c0a070121c559a0100561ad97b67fcSecunia Security Advisory - Jack Louis has discovered a vulnerability in Webmin, which can be exploited by malicious people to cause a DoS (Denial of Service).
ca6b7947ce29da38dd256fa5d64059a6f9636922e5e0de30e8ba9a8c394eff17Mandriva Linux Security Update Advisory - Miniserv.pl in Webmin 1.220, when full PAM conversations is enabled, allows remote attackers to bypass authentication by spoofing session IDs via certain metacharacters (line feed or carriage return).
a2567dded228c5c8e1ec16208f680d5d1cc3614ecdb6712bdc01b2a5284525a6Secunia Security Advisory - Gentoo has issued an update for webmin/usermin. This fixes a vulnerability, which can be exploited by malicious people to bypass certain security restrictions.
394b4ad8cae876a557e5b8266937996ca933c19cc85b8101f8453ad7d5dc073dGentoo Linux Security Advisory GLSA 200509-17 - Keigo Yamazaki discovered that the miniserv.pl webserver, used in both Webmin and Usermin, does not properly validate authentication credentials before sending them to the PAM (Pluggable Authentication Modules) authentication process. The default configuration shipped with Gentoo does not enable the full PAM conversations option and is therefore unaffected by this flaw. Versions less than 1.230 are affected.
a2b323a8185b1247befd647c72d00f474b4dae1d7389cfb354d32de11d1f3ec6SNS Advisory 83 - A vulnerability that could result in session ID spoofing exists in miniserv.pl, which is a webserver program that is utilized by Webmin and Usermin. Webmin version 1.220 and Usermin version 1.150 are affected.
4f1c462a6d055766252844ffc3c1e34389177f4019beef3335aa8c2152e47e35Secunia Security Advisory - A vulnerability has been reported in Webmin and Usermin, which can be exploited by malicious people to bypass certain security restrictions.
ada08c08dc129026e1244b4565f5f07ab911f7d28f7d765930ac945e40d9258dGentoo Linux Security Advisory GLSA 200502-12 - Portage-built Webmin binary packages accidentally include a file containing the local encrypted root password. Versions below 1.170-r3 are affected.
085ac67e1cb18a58fc89e2940e8266a6aaca83d1be98543487ee3bf605e8bb78Webmin remote bruteforce and command execution exploit.
3229899c7251d4cb48d3f0d390a3b186437248965268c2f3b262bba166cd6158Debian Security Advisory DSA 544-1 - Ludwig Nussel discovered a problem in webmin, a web-based administration toolkit. A temporary directory was used but without checking for the previous owner. This could allow an attacker to create the directory and place dangerous symbolic links inside.
32d5e9937c86c2a5376b2972a716596d1a060f62e55dd6228a751e0b859d7587Debian Security Advisory DSA 526-1 - Two vulnerabilities in Webmin 1.140 allow remote attackers to bypass access control rules and the ability to brute force IDs and passwords.
694a2ef6d53bed289850b8d6f2c1bb2f1bf3c36d715e32c5b082cee265bcc4e3Webmin version 1.140, a web-based system administration tool for Unix, has a vulnerability that allow users to gain read access to the configuration of a module without authentication.
832e4e216b40d2258786e8d36c494b2dff9a4983cb87e9a3c826f970fdbdcceaTwo vulnerabilities have been discovered in Webmin, which can be exploited by malicious people to cause a DoS (Denial of Service) or bypass certain security restrictions. Versions below 1.150 are susceptible.
067198d1eb3d8ddd04a140308403e559a75e154dfdb65a832a574c846be43656iDEFENSE Security Advisory 08.28.2002 - Webmin v0.92 and below contains remote vulnerabilities which allow any file to be read from or written to as root. Perl exploit code included.
af31beb487c3d22656202899a2265acf6154205773815b6ae81b751d5177ca36The following FreeBSD ports prior to the listed version have security vulnerabilities: amanda-2.3.0.4, fetchmail-5.9.11, gaim-0.58, gnokii-0.4.0.p20, horde-1.2.8, imap-uw (not fixed), imp-2.2.8, linux-netscape 6.2.3, mnogosearch-3.1.19_2, mpg321-0.2.9, ssh2 password auth issue, tinyproxy-1.5.0, and webmin-0.970.
573f30008a2e7144a46d4b6e77775ec38d8ffa94127935a00f2ec8c7e36ebf0eMandrake Security Advisory MDKSA-2002:033 - A vulnerability found in all versions of Webmin prior to v0.970 allows remote users to login to Webmin as any user. The affected Mandrake versions are 7.1, 7.2, 8.0, 8.1, 8.2, Corporate Server 1.0.1 and Single Network Firewall 7.2.
7b53ede13b33631621686fe27cf7981287d076bdaa27520dcebdca3a089ccfacISS Security Alert Summary for February 6, 2001 - Volume 6 Number 3. 120 new vulnerabilities were reported this month. This document has links to more information and full advisories on each. Includes: win2k-rdp-dos, cisco-ccs-file-access, quicktime-embedded-tag-bo, solaris-ximp40-bo, cisco-ccs-cli-dos, slimserve-httpd-dos, crazywwwboard-qdecoder-bo, virusbuster-mua-bo, iis-isapi-obtain-code, bind-inverse-query-disclosure, hp-man-dos, sort-temp-file-abort, bind-complain-format-string, bind-complain-bo, winvnc-client-bo, winvnc-server-bo, guestserver-cgi-execute-commands, bind-tsig-bo, hyperseek-cgi-reveal-info, newsdaemon-gain-admin-access, mars-nwe-format-string, mars-nwe-format-string, planetintra-pi-bo, borderware-ping-dos, aol-malformed-url-dos, mirc-bypass-password, netscape-enterprise-revlog-dos, aim-execute-code, netscape-enterprise-list-directories, winnt-mutex-dos, jrun-webinf-file-retrieval, ipfw-bypass-firewall, netopia-telnet-dos, wuftp-debug-format-string, kde2-kdesu-retrieve-passwords, easycom-safecom-url-bo, easycom-safecom-printguide-dos, easycom-safecom-ftp-dos, vnc-weak-authentication, lotus-domino-smtp-bo, linux-sash-shadow-readable, powerpoint-execute-code, icecast-format-string, oracle-handlers-directory-traversal, oracle-handlers-execute-jsp, netscape-enterprise-dot-dos, goodtech-ftp-dos, netscape-fasttrack-cache-dos, eeye-iris-dos, watchguard-firebox-obtain-passphrase, fastream-ftp-server-dos, fastream-ftp-path-disclosure, localweb2k-directory-traversal, win2k-efs-recover-data, linux-bing-bo, micq-sprintf-remote-bo, mysql-select-bo, shoutcast-description-bo, fw1-limited-license-dos, fw1-limited-license-dos, hp-stm-dos, linux-webmin-tmpfiles, tinyproxy-remote-bo, postaci-sql-command-injection, wwwwais-cgi-dos, mime-header-attachment, ssh-rpc-private-key, linux-glibc-preload-overwrite, inn-tmpfile-symlink, interscan-viruswall-insecure-password, interscan-viruswall-weak-authentication, ie-mshtml-dos, dhcp-format-string, win-mediaplayer-arbitrary-code, veritas-backupexec-dos, interscan-viruswall-symlink, omnihttpd-statsconfig-corrupt-files, omnihttpd-statsconfig-execute-code, icmp-pmtu-dos, icmp-pmtu-dos, splitvt-perserc-format-string, splitvt-perserc-format-string, flash-module-bo, rctab-elevate-privileges, ultraboard-cgi-perm, compaq-web-management-bo, php-htaccess-unauth-access, basilix-webmail-retrieve-files, solaris-arp-bo, php-view-source-code, wec-ntlm-authentication, spamcop-url-seq-predict, linux-wuftpd-privatepw-symlink, rdist-symlink, squid-email-symlink, linux-diffutils-sdiff-symlimk, tcpdump-arpwatch-symlink, linuxconf-vpop3d-symlink, shadow-utils-useradd-symlink, linux-glibc-read-files, gettyps-symlink, linux-gpm-symlink, linux-mgetty-symlink, linux-apache-symlink, linux-inn-symlink, conferenceroom-developer-dos, oracle-xsql-execute-code, netscreen-webui-bo, suse-reiserfs-long-filenames, interbase-backdoor-account, interbase-hidden-function-dos, brickserver-thttpd-dos, solaris-exrecover-bo, hp-inetd-swait-dos, microsoft-iis-read-files, ibm-websphere-dos, storagesoft-imagecast-dos, nai-pgp-replace-keys, http-cgi-bbs-forum, lotus-domino-directory-traversal, http-cgi-fastgraf, newsdesk-cgi-read-files, gtk-module-execute-code, and linux-tty-writable-dos.
cea13d6f0d4961c09e9e991e92cd2eb1b0f12363f3f1a83a83696b1ee0d06cccThe IPchains firewall module for Webmin lets you graphically create ipchains firewall scripts. Nearly all of the IPchains options are supported.
ae4bb69f61ef7a4900aa72ae25b1506b4304ade7bfaf5099538b9ceafd4d7e4b
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed