Vulnerabilities > Webmin > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-25 | CVE-2022-35132 | OS Command Injection vulnerability in Webmin Usermin Usermin through 1.850 allows a remote authenticated user to execute OS commands via command injection in a filename for the GPG module. | 8.8 |
| 2022-03-02 | CVE-2022-0824 | Improper Access Control vulnerability in Webmin Improper Access Control to Remote Code Execution in GitHub repository webmin/webmin prior to 1.990. | 8.8 |
| 2020-12-29 | CVE-2020-35769 | Unspecified vulnerability in Webmin 1.962 miniserv.pl in Webmin 1.962 on Windows mishandles special characters in query arguments to the CGI program. | 7.5 |
| 2005-11-30 | CVE-2005-3912 | Format string vulnerability in miniserv.pl Perl web server in Webmin before 1.250 and Usermin before 1.180, with syslog logging enabled, allows remote attackers to cause a denial of service (crash or memory consumption) and possibly execute arbitrary code via format string specifiers in the username parameter to the login form, which is ultimately used in a syslog call. | 7.5 |
| 2005-09-22 | CVE-2005-3042 | Remote PAM Authentication Bypass vulnerability in Webmin / Usermin miniserv.pl in Webmin before 1.230 and Usermin before 1.160, when "full PAM conversations" is enabled, allows remote attackers to bypass authentication by spoofing session IDs via certain metacharacters (line feed or carriage return). | 7.5 |
| 2004-12-31 | CVE-2004-1468 | The web mail functionality in Usermin 1.x and Webmin 1.x allows remote attackers to execute arbitrary commands via shell metacharacters in an e-mail message. | 7.5 |
| 2002-08-12 | CVE-2002-0757 | Authentication Bypass vulnerability in Webmin / Usermin (1) Webmin 0.96 and (2) Usermin 0.90 with password timeouts enabled allow local and possibly remote attackers to bypass authentication and gain privileges via certain control characters in the authentication information, which can force Webmin or Usermin to accept arbitrary username/session ID combinations. | 7.5 |
| 2002-08-12 | CVE-2002-0756 | Cross-Site Scripting vulnerability in Webmin / Usermin Login Cross-site scripting vulnerability in the authentication page for (1) Webmin 0.96 and (2) Usermin 0.90 allows remote attackers to insert script into an error page and possibly steal cookies. | 7.5 |
| 2001-05-28 | CVE-2001-1074 | Information Disclosure vulnerability in Webmin Environment Variable Webmin 0.84 and earlier does not properly clear the HTTP_AUTHORIZATION environment variable when the web server is restarted, which makes authentication information available to all CGI programs and allows local users to gain privileges. | 7.2 |
| 1999-12-31 | CVE-1999-1074 | Unspecified vulnerability in Webmin Webmin before 0.5 does not restrict the number of invalid passwords that are entered for a valid username, which could allow remote attackers to gain privileges via brute force password cracking. | 7.5 |