Vulnerabilities > Webmin > Webmin > 0.990
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-07-06 | CVE-2006-3392 | Information Disclosure vulnerability in Webmin/Usermin Unspecifed Webmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML, which allows remote attackers to read arbitrary files, as demonstrated using "..%01" sequences, which bypass the removal of "../" sequences before bytes such as "%01" are removed from the filename. | 5.0 |
| 2006-06-28 | CVE-2006-3274 | Remote Directory Traversal vulnerability in Webmin Directory traversal vulnerability in Webmin before 1.280, when run on Windows, allows remote attackers to read arbitrary files via \ (backslash) characters in the URL to certain directories under the web root, such as the image directory. | 5.0 |
| 2002-12-31 | CVE-2002-2360 | Permissions, Privileges, and Access Controls vulnerability in Webmin The RPC module in Webmin 0.21 through 0.99, when installed without root or admin privileges, allows remote attackers to read and write to arbitrary files and execute arbitrary commands via remote_foreign_require and remote_foreign_call requests. | 9.3 |