Total
86 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2001-1074 | 1 Webmin | 1 Webmin | 2023-12-10 | 7.2 HIGH | N/A |
Webmin 0.84 and earlier does not properly clear the HTTP_AUTHORIZATION environment variable when the web server is restarted, which makes authentication information available to all CGI programs and allows local users to gain privileges. | |||||
CVE-1999-1074 | 1 Webmin | 1 Webmin | 2023-12-10 | 7.5 HIGH | N/A |
Webmin before 0.5 does not restrict the number of invalid passwords that are entered for a valid username, which could allow remote attackers to gain privileges via brute force password cracking. | |||||
CVE-2001-1196 | 1 Webmin | 1 Webmin | 2023-12-10 | 10.0 HIGH | N/A |
Directory traversal vulnerability in edit_action.cgi of Webmin Directory 0.91 allows attackers to gain privileges via a '..' (dot dot) in the argument. | |||||
CVE-2001-0222 | 1 Webmin | 1 Webmin | 2023-12-10 | 1.2 LOW | N/A |
webmin 0.84 and earlier allows local users to overwrite and create arbitrary files via a symlink attack. | |||||
CVE-2002-1947 | 1 Webmin | 1 Webmin | 2023-12-10 | 6.4 MEDIUM | N/A |
Webmin 0.21 through 1.0 uses the same built-in SSL key for all installations, which allows remote attackers to eavesdrop or highjack the SSL session. | |||||
CVE-2002-1673 | 1 Webmin | 1 Webmin | 2023-12-10 | 3.6 LOW | N/A |
The web interface for Webmin 0.92 does not properly quote or filter script code in files that are displayed to the interface, which allows local users to execute script and possibly steal cookies by inserting the script into certain files or fields, such as a real user name entry in the passwd file. |