The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Webmin

vulnerability note CVE-2019-9624

Webmin/Usermin: code execution via Java File Manager / Upload And Download

Synthesis of the vulnerability

An attacker can use a vulnerability via Java File Manager / Upload And Download of Webmin/Usermin, in order to run code.
Impacted products: Usermin, Webmin.
Severity: 1/4.
Consequences: administrator access/rights.
Provenance: privileged account.
Creation date: 08/03/2019.
Identifiers: CVE-2019-9624, VIGILANCE-VUL-28694.

Description of the vulnerability

An attacker can use a vulnerability via Java File Manager / Upload And Download of Webmin/Usermin, in order to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2018-19191

Webmin: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Webmin, in order to run JavaScript code in the context of the web site.
Impacted products: Webmin.
Severity: 1/4.
Consequences: client access/rights.
Provenance: privileged account.
Creation date: 15/01/2019.
Identifiers: CVE-2018-19191, VIGILANCE-VUL-28275.

Description of the vulnerability

The Webmin product offers a web service.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Webmin, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2018-8712

Webmin: file reading via save_log.cgi

Synthesis of the vulnerability

A local attacker can read a file via save_log.cgi of Webmin, in order to obtain sensitive information.
Impacted products: Webmin.
Severity: 2/4.
Consequences: data reading.
Provenance: privileged account.
Creation date: 15/03/2018.
Identifiers: CVE-2018-8712, VIGILANCE-VUL-25560.

Description of the vulnerability

A local attacker can read a file via save_log.cgi of Webmin, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2017-17089

Webmin: Cross Site Scripting via run.cgi

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via run.cgi of Webmin, in order to run JavaScript code in the context of the web site.
Impacted products: Webmin.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 02/01/2018.
Identifiers: CVE-2017-17089, VIGILANCE-VUL-24918.

Description of the vulnerability

The Webmin product offers a web service.

However, it does not filter received data via run.cgi before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting via run.cgi of Webmin, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2017-15644 CVE-2017-15645 CVE-2017-15646

Webmin: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Webmin.
Impacted products: Webmin.
Severity: 3/4.
Consequences: user access/rights, client access/rights, data reading, data creation/edition, data deletion.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 3.
Creation date: 16/10/2017.
Identifiers: CVE-2017-15644, CVE-2017-15645, CVE-2017-15646, VIGILANCE-VUL-24146.

Description of the vulnerability

An attacker can use several vulnerabilities of Webmin.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2017-9313

Webmin: three Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger three Cross Site Scripting of Webmin, in order to run JavaScript code in the context of the web site.
Impacted products: Webmin.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 03/07/2017.
Identifiers: CVE-2017-9313, VIGILANCE-VUL-23122.

Description of the vulnerability

An attacker can trigger three Cross Site Scripting of Webmin, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

vulnerability 22690

Webmin: several Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger several Cross Site Scripting of Webmin, in order to run JavaScript code in the context of the web site.
Impacted products: Webmin.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 10/05/2017.
Identifiers: VIGILANCE-VUL-22690.

Description of the vulnerability

The Webmin product offers a web user interface.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger several Cross Site Scripting of Webmin, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2017-2106

Webmin: multiple Cross Site Scripting via miniserv.pl

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via miniserv.pl of Webmin, in order to run JavaScript code in the context of the web site.
Impacted products: Webmin.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 02/05/2017.
Identifiers: CVE-2017-2106, VIGILANCE-VUL-22619.

Description of the vulnerability

The Webmin product offers a web service.

However, it does not filter received data via miniserv.pl before inserting them in generated HTML error pages.

An attacker can therefore trigger a Cross Site Scripting via miniserv.pl of Webmin, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

vulnerability note 20354

Webmin: vulnerability via Authentic Theme

Synthesis of the vulnerability

A vulnerability which can be exploited by non-root users via Authentic Theme of Webmin was announced.
Impacted products: Webmin.
Severity: 2/4.
Consequences: unknown consequence, administrator access/rights, privileged access/rights, user access/rights, client access/rights, data reading, data creation/edition, data deletion, data flow, denial of service on server, denial of service on service, denial of service on client, disguisement.
Provenance: document.
Creation date: 10/08/2016.
Identifiers: VIGILANCE-VUL-20354.

Description of the vulnerability

A vulnerability which can be exploited by non-root users via Authentic Theme of Webmin was announced.
Full Vigil@nce bulletin... (Free trial)

vulnerability note 19714

Webmin: vulnerability via Authentic theme

Synthesis of the vulnerability

A vulnerability via Authentic theme of Webmin was announced.
Impacted products: Webmin.
Severity: 2/4.
Consequences: unknown consequence, administrator access/rights, privileged access/rights, user access/rights, client access/rights, data reading, data creation/edition, data deletion, data flow, denial of service on server, denial of service on service, denial of service on client, disguisement.
Provenance: document.
Creation date: 27/05/2016.
Identifiers: VIGILANCE-VUL-19714.

Description of the vulnerability

A vulnerability via Authentic theme of Webmin was announced.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Webmin: