exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 77 RSS Feed

Files

webmin.php.txt
Posted Jul 12, 2006
Authored by joffer | Site securitydot.net

Webmin / Usermin arbitrary file disclosure exploit for versions below 1.290.

tags | exploit, arbitrary
SHA-256 | 26df64b339f3c6e96203965593eddaf4e3dbfc84f8cc18992edf84b8f460390c

Related Files

Webmin 1.984 File Manager Remote Code Execution
Posted Nov 2, 2022
Authored by jheysel-r7, faisalfs10x | Site metasploit.com

In Webmin version 1.984, any authenticated low privilege user without access rights to the File Manager module could interact with file manager functionalities such as downloading files from remote URLs and changing file permissions. It is possible to achieve remote code execution via a crafted .cgi file by chaining those functionalities in the file manager.

tags | exploit, remote, cgi, code execution
advisories | CVE-2022-0824
SHA-256 | 174516108c4d106859887c676523c5bd94d8fe133ba6657e421890c8d9f7ef89
Webmin Package Updates Command Injection
Posted Aug 10, 2022
Authored by Christophe de la Fuente, Emir Polat | Site metasploit.com

This Metasploit module exploits an arbitrary command injection in Webmin versions prior to 1.997. Webmin uses the OS package manager (apt, yum, etc.) to perform package updates and installation. Due to a lack of input sanitization, it is possible to inject an arbitrary command that will be concatenated to the package manager call. This exploit requires authentication and the account must have access to the Software Package Updates module.

tags | exploit, arbitrary
advisories | CVE-2022-36446
SHA-256 | 40335e81c5e1920c59b3fa7d7b9555cf342eefb7151f937070f230f69f2b8ee3
Webmin 1.996 Remote Code Execution
Posted Aug 1, 2022
Authored by Emir Polat

Webmin version 1.996 suffers from an authenticated remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2022-36446
SHA-256 | a89c83a46baf912bad79b59cea2c4954e3ac100a48e421ae4b7e8c04fc532526
Webmin 1.984 Remote Code Execution
Posted Mar 9, 2022
Authored by faisalfs10x

Webmin version 1.984 authenticated remote code execution exploit.

tags | exploit, remote, code execution
advisories | CVE-2022-0824
SHA-256 | 7286890f523f72cddacdb1075dae1a9d259f00e38f0108409ebfb8be0654690a
Webmin 1.973 Cross Site Request Forgery
Posted Jul 20, 2021
Authored by Mesh3l_911, Z0ldyck

Webmin version 1.973 cross site request forgery exploit that loads a reverse shell.

tags | exploit, shell, csrf
advisories | CVE-2021-31761
SHA-256 | 8a316a9307c0d4b3b8fa1f3bb02ab7e2a5d250b7b981658538c23e171ca98d24
Webmin 1.973 Cross Site Request Forgery
Posted Jul 14, 2021
Authored by Mesh3l_911, Z0ldyck

Webmin version 1.973 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
advisories | CVE-2021-31762
SHA-256 | 6584fbea56cb36aed6cf20c070f41684482266289815df1aa41748fc786befa2
Webmin 1.962 Remote Command Execution
Posted Dec 22, 2020
Authored by AkkuS | Site metasploit.com

This Metasploit module exploits an arbitrary command execution vulnerability in Webmin 1.962 and lower versions. Any user authorized to the Package Updates module can execute arbitrary commands with root privileges. It emerged by circumventing the measure taken for CVE-2019-12840.

tags | exploit, arbitrary, root
advisories | CVE-2020-35606
SHA-256 | 0b9d3eed2396c63f8c369c41bb33853aea8748348ce034096856277e638001d6
Webmin 1.920 Remote Code Execution
Posted Sep 15, 2019
Authored by BoSSaLiNiE

Webmin version 1.920 remote code execution exploit that leverages the vulnerability noted in CVE-2019-15107.

tags | exploit, remote, code execution
advisories | CVE-2019-15107
SHA-256 | 233192a3d19175ea1314a59b24a433a47278e7d0fd3f5a72f4fdeb8334763b0e
Webmin 1.920 rpc.cgi Remote Root
Posted Sep 2, 2019
Authored by James Bercegay

This Metasploit module exploits Webmin versions 1.930 and below. This exploit takes advantage of a code execution issue within the function unserialise_variable() located in web-lib-funcs.pl, in order to gain root. The only prerequisite is a valid session id.

tags | exploit, web, root, code execution
SHA-256 | a204c6065da489d3ae9470a7346273b6cabd6fe1e769d74907481d037f95676d
Webmin 1.890 expired Remote Root
Posted Aug 26, 2019
Authored by Todor Donev

Webmin version 1.890 (based on 1.920 research) expired remote root exploit.

tags | exploit, remote, root
SHA-256 | a6a036a769a8e7b287b106998aecc0d0606fab73f1bcd56db60804eebb9820a9
Webmin 1.920 password_change.cgi Backdoor
Posted Aug 23, 2019
Authored by wvu | Site metasploit.com

This Metasploit module exploits a backdoor in Webmin versions 1.890 through 1.920. Only the SourceForge downloads were backdoored, but they are listed as official downloads on the project's site. Unknown attacker(s) inserted Perl qx statements into the build server's source code on two separate occasions: once in April 2018, introducing the backdoor in the 1.890 release, and in July 2018, reintroducing the backdoor in releases 1.900 through 1.920. Only version 1.890 is exploitable in the default install. Later affected versions require the expired password changing feature to be enabled.

tags | exploit, perl
advisories | CVE-2019-15107
SHA-256 | a77b36da3b341bc12695770cadbf155d839a3d53526172e82c4c2022be857299
Webmin 1.920 Remote Root
Posted Aug 20, 2019
Authored by Todor Donev

Webmin version 1.920 remote root exploit.

tags | exploit, remote, root
SHA-256 | 24da0743c530b7cde50344fe79a0f147dea9975a51294a92407b1d5fe39f2f39
Webmin 1.920 Remote Command Execution
Posted Aug 19, 2019
Authored by Zerial

Webmin unauthenticated remote command execution exploit that identifies whether or not a target is vulnerable.

tags | exploit, remote
advisories | CVE-2019-15107
SHA-256 | 971076293bd447b89480caa6102ab463befa5dda10bc69b8d76aee1339d399d8
Webmin 1.920 Remote Code Execution
Posted Aug 12, 2019
Authored by Ozkan Mustafa Akkus | Site metasploit.com

This Metasploit module exploits an arbitrary command execution vulnerability in Webmin versions 1.920 and below. If the password change module is turned on, the unauthenticated user can execute arbitrary commands with root privileges.

tags | exploit, arbitrary, root
SHA-256 | ec772fb6a45fb88e2351faaab0600ee20a86b66126a1ccf91608cd56b9347361
Webmin 1.910 Remote Command Execution
Posted Jun 11, 2019
Authored by Ozkan Mustafa Akkus | Site metasploit.com

This Metasploit module exploits an arbitrary command execution vulnerability in Webmin 1.910 and lower versions. Any user authorized to the "Package Updates" module can execute arbitrary commands with root privileges.

tags | exploit, arbitrary, root
advisories | CVE-2019-12840
SHA-256 | caa352f2bdb2cd2ebe21355770a606a5756d88a75639e90b6ef5f0792ec9e235
Webmin 1.900 Upload Authenticated Remote Command Execution
Posted Mar 15, 2019
Authored by Ozkan Mustafa Akkus, Ziconius | Site metasploit.com

This Metasploit module exploits an arbitrary command execution vulnerability in Webmin 1.900 and lower versions. Any user authorized to the "Upload and Download" module can execute arbitrary commands with root privileges. In addition, if the Running Processes (proc) privilege is set the user can accurately determine which directory to upload to. Webmin application files can be written/overwritten, which allows remote code execution. The module has been tested successfully with Webmin 1.900 on Ubuntu v18.04.

tags | exploit, remote, arbitrary, root, code execution
systems | linux, ubuntu
SHA-256 | cb30da254f071764bf5594bfe148a729f959e85798593b2141d4d5c66b873f67
Usermin 1.750 Remote Command Execution
Posted Feb 28, 2019
Authored by Ozkan Mustafa Akkus | Site metasploit.com

This Metasploit module exploits an arbitrary command execution vulnerability in Usermin 1.750 and lower versions. This vulnerability has the same characteristics as the Webmin 1.900 RCE.

tags | exploit, arbitrary
SHA-256 | 505ea2f8624f6e3310d6adcbed739f255d5848596538d08bca4e2634ea2ba8d5
Webmin 1.900 Remote Command Execution
Posted Jan 18, 2019
Authored by Ozkan Mustafa Akkus | Site metasploit.com

This Metasploit module exploits an arbitrary command execution vulnerability in Webmin versions 1.900 and below. Any user authorized to the "Java file manager" and "Upload and Download" fields, to execute arbitrary commands with root privileges. In addition, "Running Processes" field must be authorized to discover the directory to be uploaded. A vulnerable file can be printed on the original files of the Webmin application. The vulnerable file we are uploading should be integrated with the application. Therefore, a ".cgi" file with the vulnerability belong to webmin application should be used. The module has been tested successfully with Webmin version 1.900 over Debian 4.9.18.

tags | exploit, java, arbitrary, cgi, root
systems | linux, debian
SHA-256 | 220bdda523afcc7f1ded8735ea03ed18dad447ecbc6744a6c32035e4ce3c5dfe
Webmin 1.890 Cross Site Scripting
Posted Jan 15, 2019
Authored by Foo Jong Meng

Webmin version 1.890 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-19191
SHA-256 | df2769aae251744c88a9aba69305e69dc2d69864c7abbbafb511aad1671db2e9
Webmin 1.850 SSRF / CSRF / Cross Site Scripting / Command Execution
Posted Oct 16, 2017
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Webmin version 1.850 suffers from server side request forgery, cross site request forgery, and cross site scripting vulnerabilities, the last of which can lead to remote command execution.

tags | exploit, vulnerability, xss, csrf
advisories | CVE-2017-15646, CVE-2017-15645, CVE-2017-15644
SHA-256 | d11573ef8f901da4b1c7a343b9844592c00e8cb689d9d4a889cdc4549e895f61
Webmin 1.840 Cross Site Scripting
Posted Jul 3, 2017
Authored by Andy Tan

Webmin version 1.840 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2017-9313
SHA-256 | 79946720292e47f07df049f75813db652a8eb34758c01e099c3680a62e2fb2d5
Mandriva Linux Security Advisory 2014-062
Posted Mar 17, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-062 - Multiple XSS, CSRF, and arbitrary code execution vulnerabilities that impact Webmin versions prior to 1.620. SA51201. The 1.680 version fixed security issues that could be exploited by un-trusted Webmin users in the PHP Configuration and Webalizer modules. The Authen::Libwrap perl module used by Webmin is also being provided. The updated packages have been upgraded to the 1.680 version which is not vulnerable to these issues.

tags | advisory, arbitrary, perl, php, vulnerability, code execution
systems | linux, mandriva
advisories | CVE-2012-2981, CVE-2012-2982, CVE-2012-2983, CVE-2012-4893
SHA-256 | 27b82adda7cb7ed9776d3685dcfbfc3fe196fe892f153a6b846e4276aa1cd841
Webmin 1.670 Cross Site Scripting
Posted Mar 15, 2014
Authored by William Costa

Webmin version 1.670 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 7d18e9a92a225522958af02a7a14f6ae3ea0e0a8e5b98324a3cf3c5c316a8e4b
Secunia Security Advisory 51515
Posted Dec 12, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Oracle has acknowledge multiple vulnerabilities in Webmin included in Solaris, which can be exploited by malicious users to compromise a vulnerable system and by malicious people disclose certain sensitive information.

tags | advisory, vulnerability
systems | solaris
SHA-256 | 4879e214288243526ad0fbf2e271bba64c6a5c86804c24350d24547a527be56d
Secunia Security Advisory 51201
Posted Nov 5, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Webmin, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
SHA-256 | f4d5e6cfc597565ad9ac0d304681294c14d9ba77cca4ebda069dbd0e2c3a68fc
Page 1 of 4
Back1234Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close