Vulnerabilities > Webmin > Webmin > 1.0.50

DATE CVE VULNERABILITY TITLE RISK
2010-01-05 CVE-2009-4568 Cross-Site Scripting vulnerability in Webmin Usermin and Webmin
Cross-site scripting (XSS) vulnerability in Webmin before 1.500 and Usermin before 1.430 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
webmin CWE-79
4.3
2007-03-05 CVE-2007-1276 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
Multiple cross-site scripting (XSS) vulnerabilities in chooser.cgi in Webmin before 1.330 and Usermin before 1.260 allow remote attackers to inject arbitrary web script or HTML via a crafted filename.
4.3
2006-09-05 CVE-2006-4542 Cross-Site Scripting vulnerability in multiple products
Webmin before 1.296 and Usermin before 1.226 do not properly handle a URL with a null ("%00") character, which allows remote attackers to conduct cross-site scripting (XSS), read CGI program source code, list directories, and possibly execute programs.
6.8
2004-12-31 CVE-2004-1468 The web mail functionality in Usermin 1.x and Webmin 1.x allows remote attackers to execute arbitrary commands via shell metacharacters in an e-mail message.
network
low complexity
usermin webmin
7.5
2004-10-20 CVE-2004-0559 The maketemp.pl script in Usermin 1.070 and 1.080 allows local users to overwrite arbitrary files at install time via a symlink attack on the /tmp/.usermin directory.
local
low complexity
usermin webmin mandrakesoft
2.1
2003-03-03 CVE-2003-0101 miniserv.pl in (1) Webmin before 1.070 and (2) Usermin before 1.000 does not properly handle metacharacters such as line feeds and carriage returns (CRLF) in Base-64 encoded strings during Basic authentication, which allows remote attackers to spoof a session ID and gain root privileges.
network
low complexity
engardelinux usermin webmin
critical
10.0