Multiple cross-site scripting (XSS) vulnerabilities in chooser.cgi in Webmin before 1.330 and Usermin before 1.260 allow remote attackers to inject arbitrary web script or HTML via a crafted filename.
Max CVSS
4.3
EPSS Score
0.57%
Published
2007-03-05
Updated
2017-07-29
Webmin before 1.296 and Usermin before 1.226 do not properly handle a URL with a null ("%00") character, which allows remote attackers to conduct cross-site scripting (XSS), read CGI program source code, list directories, and possibly execute programs.
Max CVSS
6.8
EPSS Score
2.45%
Published
2006-09-05
Updated
2017-07-20
Usermin before 1.220 (20060629) allows remote attackers to read arbitrary files, possibly related to chfn/save.cgi not properly handling an empty shell parameter, which results in changing root's shell instead of the shell of a specified user.
Max CVSS
3.6
EPSS Score
0.29%
Published
2006-09-19
Updated
2017-07-20
CVE-2006-3392
Public exploit
Webmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML, which allows remote attackers to read arbitrary files, as demonstrated using "..%01" sequences, which bypass the removal of "../" sequences before bytes such as "%01" are removed from the filename. NOTE: This is a different issue than CVE-2006-3274.
Max CVSS
5.0
EPSS Score
95.55%
Published
2006-07-06
Updated
2018-10-18
Unknown vulnerability in (1) Webmin and (2) Usermin before 1.200 causes Webmin to change permissions and ownership of configuration files, with unknown impact.
Max CVSS
10.0
EPSS Score
0.52%
Published
2005-05-02
Updated
2017-07-11
The web mail functionality in Usermin 1.x and Webmin 1.x allows remote attackers to execute arbitrary commands via shell metacharacters in an e-mail message.
Max CVSS
7.5
EPSS Score
0.68%
Published
2004-12-31
Updated
2017-07-11
The maketemp.pl script in Usermin 1.070 and 1.080 allows local users to overwrite arbitrary files at install time via a symlink attack on the /tmp/.usermin directory.
Max CVSS
2.1
EPSS Score
0.04%
Published
2004-10-20
Updated
2017-07-11
7 vulnerabilities found