Filtered by vendor Webmin
Subscriptions
Total
106 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-15641 | 1 Webmin | 1 Webmin | 2024-11-21 | N/A |
| xmlrpc.cgi in Webmin through 1.930 allows authenticated XXE attacks. By default, only root, admin, and sysadm can access xmlrpc.cgi. | ||||
| CVE-2019-12840 | 1 Webmin | 1 Webmin | 2024-11-21 | N/A |
| In Webmin through 1.910, any user authorized to the "Package Updates" module can execute arbitrary commands with root privileges via the data parameter to update.cgi. | ||||
| CVE-2018-8712 | 1 Webmin | 1 Webmin | 2024-11-21 | N/A |
| An issue was discovered in Webmin 1.840 and 1.880 when the default Yes setting of "Can view any file as a log file" is enabled. As a result of weak default configuration settings, limited users have full access rights to the underlying Unix system files, allowing the user to read sensitive data from the local system (using Local File Include) such as the '/etc/shadow' file via a "GET /syslog/save_log.cgi?view=1&file=/etc/shadow" request. | ||||
| CVE-2018-19191 | 1 Webmin | 1 Webmin | 2024-11-21 | N/A |
| Webmin 1.890 has XSS via /config.cgi?webmin, the /shell/index.cgi history parameter, /shell/index.cgi?stripped=1, or the /webminlog/search.cgi uall or mall parameter. | ||||
| CVE-2024-44762 | 1 Webmin | 1 Usermin | 2024-10-18 | 5.3 Medium |
| A discrepancy in error messages for invalid login attempts in Webmin Usermin v2.100 allows attackers to enumerate valid user accounts. | ||||
| CVE-2024-45692 | 2 Virtualmin, Webmin | 2 Virtualmin, Webmin | 2024-09-05 | 7.5 High |
| Webmin before 2.202 and Virtualmin before 7.20.2 allow a network traffic loop via spoofed UDP packets on port 10000. | ||||