Vulnerabilities > Usermin > Usermin > 1.070
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-03-05 | CVE-2007-1276 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Multiple cross-site scripting (XSS) vulnerabilities in chooser.cgi in Webmin before 1.330 and Usermin before 1.260 allow remote attackers to inject arbitrary web script or HTML via a crafted filename. | 4.3 |
| 2006-09-19 | CVE-2006-4246 | Remote Denial of Service vulnerability in Usermin Change User Details Usermin before 1.220 (20060629) allows remote attackers to read arbitrary files, possibly related to chfn/save.cgi not properly handling an empty shell parameter, which results in changing root's shell instead of the shell of a specified user. | 3.6 |
| 2006-09-05 | CVE-2006-4542 | Cross-Site Scripting vulnerability in multiple products Webmin before 1.296 and Usermin before 1.226 do not properly handle a URL with a null ("%00") character, which allows remote attackers to conduct cross-site scripting (XSS), read CGI program source code, list directories, and possibly execute programs. | 6.8 |
| 2005-05-02 | CVE-2005-1177 | Denial-Of-Service vulnerability in Usermin Unknown vulnerability in (1) Webmin and (2) Usermin before 1.200 causes Webmin to change permissions and ownership of configuration files, with unknown impact. | 10.0 |
| 2004-12-31 | CVE-2004-1468 | The web mail functionality in Usermin 1.x and Webmin 1.x allows remote attackers to execute arbitrary commands via shell metacharacters in an e-mail message. | 7.5 |
| 2004-10-20 | CVE-2004-0559 | The maketemp.pl script in Usermin 1.070 and 1.080 allows local users to overwrite arbitrary files at install time via a symlink attack on the /tmp/.usermin directory. | 2.1 |
| 2004-08-06 | CVE-2004-0588 | Unspecified vulnerability in Usermin 1.070 Cross-site scripting (XSS) vulnerability in the web mail module for Usermin 1.070 allows remote attackers to insert arbitrary HTML and script via e-mail messages. network usermin | 6.8 |
| 2004-08-06 | CVE-2004-0583 | Multiple Unspecified vulnerability in Webmin The account lockout functionality in (1) Webmin 1.140 and (2) Usermin 1.070 does not parse certain character strings, which allows remote attackers to conduct a brute force attack to guess user IDs and passwords. | 5.0 |