Vulnerabilities > Webmin > Webmin > 1.520
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-08-26 | CVE-2019-15642 | Code Injection vulnerability in Webmin rpc.cgi in Webmin through 1.920 allows authenticated Remote Code Execution via a crafted object name because unserialise_variable makes an eval call. | 6.5 |
2019-08-26 | CVE-2019-15641 | XXE vulnerability in Webmin xmlrpc.cgi in Webmin through 1.930 allows authenticated XXE attacks. | 6.8 |
2019-08-16 | CVE-2019-15107 | OS Command Injection vulnerability in Webmin An issue was discovered in Webmin <=1.920. | 9.8 |
2019-06-15 | CVE-2019-12840 | OS Command Injection vulnerability in Webmin In Webmin through 1.910, any user authorized to the "Package Updates" module can execute arbitrary commands with root privileges via the data parameter to update.cgi. | 9.0 |
2017-12-30 | CVE-2017-17089 | Cross-site Scripting vulnerability in Webmin custom/run.cgi in Webmin before 1.870 allows remote authenticated administrators to conduct XSS attacks via the description field in the custom command functionality. | 3.5 |
2017-10-19 | CVE-2017-15646 | Cross-site Scripting vulnerability in Webmin Webmin before 1.860 has XSS with resultant remote code execution. | 4.3 |
2017-10-19 | CVE-2017-15645 | Cross-Site Request Forgery (CSRF) vulnerability in Webmin CSRF exists in Webmin 1.850. | 6.8 |
2017-10-19 | CVE-2017-15644 | Server-Side Request Forgery (SSRF) vulnerability in Webmin SSRF exists in Webmin 1.850 via the PATH_INFO to tunnel/link.cgi, as demonstrated by a GET request for tunnel/link.cgi/http://INTRANET-IP:8000. | 5.0 |
2017-07-04 | CVE-2017-9313 | Cross-site Scripting vulnerability in Webmin Multiple Cross-site scripting (XSS) vulnerabilities in Webmin before 1.850 allow remote attackers to inject arbitrary web script or HTML via the sec parameter to view_man.cgi, the referers parameter to change_referers.cgi, or the name parameter to save_user.cgi. | 4.3 |
2017-04-28 | CVE-2017-2106 | Cross-site Scripting vulnerability in Webmin Multiple cross-site scripting vulnerabilities in Webmin versions prior to 1.830 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |