exploit the possibilities
Showing 1 - 25 of 73 RSS Feed

Files

Webmin 1.920 password_change.cgi Backdoor
Posted Aug 23, 2019
Authored by wvu | Site metasploit.com

This Metasploit module exploits a backdoor in Webmin versions 1.890 through 1.920. Only the SourceForge downloads were backdoored, but they are listed as official downloads on the project's site. Unknown attacker(s) inserted Perl qx statements into the build server's source code on two separate occasions: once in April 2018, introducing the backdoor in the 1.890 release, and in July 2018, reintroducing the backdoor in releases 1.900 through 1.920. Only version 1.890 is exploitable in the default install. Later affected versions require the expired password changing feature to be enabled.

tags | exploit, perl
advisories | CVE-2019-15107
MD5 | a2360d86ccb3b9b45e1315630a785649

Related Files

Webmin 1.973 Cross Site Request Forgery
Posted Jul 20, 2021
Authored by Mesh3l_911, Z0ldyck

Webmin version 1.973 cross site request forgery exploit that loads a reverse shell.

tags | exploit, shell, csrf
advisories | CVE-2021-31761
MD5 | 64d50ff2e6b23cb13a822ba9d9b79c96
Webmin 1.973 Cross Site Request Forgery
Posted Jul 14, 2021
Authored by Mesh3l_911, Z0ldyck

Webmin version 1.973 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2021-31762
MD5 | 0fda878b90a012ca2ea1c4d01fc82f40
Webmin 1.962 Remote Command Execution
Posted Dec 22, 2020
Authored by AkkuS | Site metasploit.com

This Metasploit module exploits an arbitrary command execution vulnerability in Webmin 1.962 and lower versions. Any user authorized to the Package Updates module can execute arbitrary commands with root privileges. It emerged by circumventing the measure taken for CVE-2019-12840.

tags | exploit, arbitrary, root
advisories | CVE-2020-35606
MD5 | 1767f5a7206b64ec8a9e4250627f1ee3
Webmin 1.920 Remote Code Execution
Posted Sep 15, 2019
Authored by BoSSaLiNiE

Webmin version 1.920 remote code execution exploit that leverages the vulnerability noted in CVE-2019-15107.

tags | exploit, remote, code execution
advisories | CVE-2019-15107
MD5 | 4a84bafb5f4c4384a734db4fa8f37fb5
Webmin 1.920 rpc.cgi Remote Root
Posted Sep 2, 2019
Authored by James Bercegay

This Metasploit module exploits Webmin versions 1.930 and below. This exploit takes advantage of a code execution issue within the function unserialise_variable() located in web-lib-funcs.pl, in order to gain root. The only prerequisite is a valid session id.

tags | exploit, web, root, code execution
MD5 | 9b40217c08dc2d6705f88bb1dcdc409b
Webmin 1.890 expired Remote Root
Posted Aug 26, 2019
Authored by Todor Donev

Webmin version 1.890 (based on 1.920 research) expired remote root exploit.

tags | exploit, remote, root
MD5 | 14db19fcdc101c50752dd87ae918f431
Webmin 1.920 Remote Root
Posted Aug 20, 2019
Authored by Todor Donev

Webmin version 1.920 remote root exploit.

tags | exploit, remote, root
MD5 | e3174202504ae321de08a1dd89c21438
Webmin 1.920 Remote Command Execution
Posted Aug 19, 2019
Authored by Zerial

Webmin unauthenticated remote command execution exploit that identifies whether or not a target is vulnerable.

tags | exploit, remote
advisories | CVE-2019-15107
MD5 | d3f8ab6c772881a15aae824b15be9760
Webmin 1.920 Remote Code Execution
Posted Aug 12, 2019
Authored by Ozkan Mustafa Akkus | Site metasploit.com

This Metasploit module exploits an arbitrary command execution vulnerability in Webmin versions 1.920 and below. If the password change module is turned on, the unauthenticated user can execute arbitrary commands with root privileges.

tags | exploit, arbitrary, root
MD5 | 01e03118e8b62b1a70c30e6db9eba033
Webmin 1.910 Remote Command Execution
Posted Jun 11, 2019
Authored by Ozkan Mustafa Akkus | Site metasploit.com

This Metasploit module exploits an arbitrary command execution vulnerability in Webmin 1.910 and lower versions. Any user authorized to the "Package Updates" module can execute arbitrary commands with root privileges.

tags | exploit, arbitrary, root
advisories | CVE-2019-12840
MD5 | 62bb9d48243074806f35253effd25769
Webmin 1.900 Upload Authenticated Remote Command Execution
Posted Mar 15, 2019
Authored by Ozkan Mustafa Akkus, Ziconius | Site metasploit.com

This Metasploit module exploits an arbitrary command execution vulnerability in Webmin 1.900 and lower versions. Any user authorized to the "Upload and Download" module can execute arbitrary commands with root privileges. In addition, if the Running Processes (proc) privilege is set the user can accurately determine which directory to upload to. Webmin application files can be written/overwritten, which allows remote code execution. The module has been tested successfully with Webmin 1.900 on Ubuntu v18.04.

tags | exploit, remote, arbitrary, root, code execution
systems | linux, ubuntu
MD5 | 3ba74c7641d287a5a1d6cee6bdb0eff5
Usermin 1.750 Remote Command Execution
Posted Feb 28, 2019
Authored by Ozkan Mustafa Akkus | Site metasploit.com

This Metasploit module exploits an arbitrary command execution vulnerability in Usermin 1.750 and lower versions. This vulnerability has the same characteristics as the Webmin 1.900 RCE.

tags | exploit, arbitrary
MD5 | b7a2066720e3820019d267aa46d260e1
Webmin 1.900 Remote Command Execution
Posted Jan 18, 2019
Authored by Ozkan Mustafa Akkus | Site metasploit.com

This Metasploit module exploits an arbitrary command execution vulnerability in Webmin versions 1.900 and below. Any user authorized to the "Java file manager" and "Upload and Download" fields, to execute arbitrary commands with root privileges. In addition, "Running Processes" field must be authorized to discover the directory to be uploaded. A vulnerable file can be printed on the original files of the Webmin application. The vulnerable file we are uploading should be integrated with the application. Therefore, a ".cgi" file with the vulnerability belong to webmin application should be used. The module has been tested successfully with Webmin version 1.900 over Debian 4.9.18.

tags | exploit, java, arbitrary, cgi, root
systems | linux, debian
MD5 | 9e47bc329db56a10368c5886b4673495
Webmin 1.890 Cross Site Scripting
Posted Jan 15, 2019
Authored by Foo Jong Meng

Webmin version 1.890 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-19191
MD5 | 6c0864db4d44c74ed081288ffd52c7cb
Webmin 1.850 SSRF / CSRF / Cross Site Scripting / Command Execution
Posted Oct 16, 2017
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Webmin version 1.850 suffers from server side request forgery, cross site request forgery, and cross site scripting vulnerabilities, the last of which can lead to remote command execution.

tags | exploit, vulnerability, xss, csrf
advisories | CVE-2017-15646, CVE-2017-15645, CVE-2017-15644
MD5 | e8275ecd6d49c4502a0718560697279c
Webmin 1.840 Cross Site Scripting
Posted Jul 3, 2017
Authored by Andy Tan

Webmin version 1.840 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2017-9313
MD5 | bb51602cc1da9c4e34fe8d5f821ccdd0
Mandriva Linux Security Advisory 2014-062
Posted Mar 17, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-062 - Multiple XSS, CSRF, and arbitrary code execution vulnerabilities that impact Webmin versions prior to 1.620. SA51201. The 1.680 version fixed security issues that could be exploited by un-trusted Webmin users in the PHP Configuration and Webalizer modules. The Authen::Libwrap perl module used by Webmin is also being provided. The updated packages have been upgraded to the 1.680 version which is not vulnerable to these issues.

tags | advisory, arbitrary, perl, php, vulnerability, code execution
systems | linux, mandriva
advisories | CVE-2012-2981, CVE-2012-2982, CVE-2012-2983, CVE-2012-4893
MD5 | 167cace9ae510696dea0951b9e786d73
Webmin 1.670 Cross Site Scripting
Posted Mar 15, 2014
Authored by William Costa

Webmin version 1.670 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 989cf65cf85cd230d7a75d1ea0f34b3d
Secunia Security Advisory 51515
Posted Dec 12, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Oracle has acknowledge multiple vulnerabilities in Webmin included in Solaris, which can be exploited by malicious users to compromise a vulnerable system and by malicious people disclose certain sensitive information.

tags | advisory, vulnerability
systems | solaris
MD5 | b84125e801b4bfea28f8a7a24bde6ed4
Secunia Security Advisory 51201
Posted Nov 5, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Webmin, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
MD5 | 4ac55d7c557f705b8445b71c12874871
Webmin /file/show.cgi Remote Command Execution
Posted Sep 17, 2012
Authored by unknown, juan vazquez | Site metasploit.com

This Metasploit module exploits an arbitrary command execution vulnerability in Webmin 1.580. The vulnerability exists in the /file/show.cgi component and allows an authenticated user, with access to the File Manager Module, to execute arbitrary commands with root privileges. The module has been tested successfully with Webim 1.580 over Ubuntu 10.04.

tags | exploit, arbitrary, cgi, root
systems | linux, ubuntu
advisories | CVE-2012-2982, OSVDB-85248
MD5 | dc34581214599ff103986008fd746663
Secunia Security Advisory 50512
Posted Sep 7, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Multiple vulnerabilities have been reported in Webmin, which can be exploited by malicious users to compromise a vulnerable system and by malicious people to disclose certain sensitive information.

tags | advisory, vulnerability
MD5 | 7ae46f098ad3397ad05875b53ade91ad
Mandriva Linux Security Advisory 2011-109
Posted Jun 13, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-109 - Cross-site scripting vulnerability in Webmin 1.540 and earlier allows local users to inject arbitrary web script or HTML via a chfn command that changes the real field, related to useradmin/index.cgi and useradmin/user-lib.pl.

tags | advisory, web, arbitrary, local, cgi, xss
systems | linux, mandriva
advisories | CVE-2011-1937
MD5 | e87ae0e106e95f5f418a2cc6b3ba8d08
Webmin 1.540 Cross Site Scripting / Command Execution
Posted Apr 25, 2011
Authored by Javier Bassi

Webmin versions 1.540 and below suffer from a cross site scripting vulnerability that allows for remote command execution.

tags | exploit, remote, xss
MD5 | 18ddeecb8ae5179db810c833a7e59b32
Secunia Security Advisory 44263
Posted Apr 25, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Javier Bassi has discovered a vulnerability in Webmin, which can be exploited by malicious, local users to gain escalated privileges.

tags | advisory, local
MD5 | e6a1b5b067ce25e7c046d710504f9ba6
Page 1 of 3
Back123Next

File Archive:

September 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    14 Files
  • 2
    Sep 2nd
    19 Files
  • 3
    Sep 3rd
    9 Files
  • 4
    Sep 4th
    1 Files
  • 5
    Sep 5th
    2 Files
  • 6
    Sep 6th
    3 Files
  • 7
    Sep 7th
    12 Files
  • 8
    Sep 8th
    22 Files
  • 9
    Sep 9th
    17 Files
  • 10
    Sep 10th
    19 Files
  • 11
    Sep 11th
    3 Files
  • 12
    Sep 12th
    2 Files
  • 13
    Sep 13th
    15 Files
  • 14
    Sep 14th
    16 Files
  • 15
    Sep 15th
    15 Files
  • 16
    Sep 16th
    7 Files
  • 17
    Sep 17th
    13 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close