The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Webmin

threat CVE-2019-15642

Webmin: code execution via rpc.cgi

Synthesis of the vulnerability

An attacker can use a vulnerability via rpc.cgi of Webmin, in order to run code.
Severity: 2/4.
Creation date: 27/08/2019.
Identifiers: CVE-2019-15642, VIGILANCE-VUL-30172.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use a vulnerability via rpc.cgi of Webmin, in order to run code.
Full Vigil@nce bulletin... (Free trial)

weakness alert CVE-2019-15641

Webmin: external XML entity injection via xmlrpc.cgi

Synthesis of the vulnerability

An attacker can transmit malicious XML data via xmlrpc.cgi to Webmin, in order to read a file, scan sites, or trigger a denial of service.
Severity: 2/4.
Creation date: 27/08/2019.
Identifiers: CVE-2019-15641, VIGILANCE-VUL-30171.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can transmit malicious XML data via xmlrpc.cgi to Webmin, in order to read a file, scan sites, or trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability note 30116

Webmin: Cross Site Scripting via Authentic Theme

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via Authentic Theme of Webmin, in order to run JavaScript code in the context of the web site.
Severity: 2/4.
Creation date: 21/08/2019.
Identifiers: VIGILANCE-VUL-30116.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can trigger a Cross Site Scripting via Authentic Theme of Webmin, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer weakness CVE-2019-12840

Webmin: privilege escalation via Package Updates

Synthesis of the vulnerability

An attacker can bypass restrictions via Package Updates of Webmin, in order to escalate his privileges.
Severity: 1/4.
Creation date: 17/06/2019.
Identifiers: CVE-2019-12840, VIGILANCE-VUL-29541.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can bypass restrictions via Package Updates of Webmin, in order to escalate his privileges.
Full Vigil@nce bulletin... (Free trial)

computer weakness alert CVE-2019-9624

Webmin/Usermin: code execution via Java File Manager / Upload And Download

Synthesis of the vulnerability

An attacker can use a vulnerability via Java File Manager / Upload And Download of Webmin/Usermin, in order to run code.
Severity: 1/4.
Creation date: 08/03/2019.
Identifiers: CVE-2019-9624, VIGILANCE-VUL-28694.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use a vulnerability via Java File Manager / Upload And Download of Webmin/Usermin, in order to run code.
Full Vigil@nce bulletin... (Free trial)

threat bulletin CVE-2018-19191

Webmin: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Webmin, in order to run JavaScript code in the context of the web site.
Severity: 1/4.
Creation date: 15/01/2019.
Identifiers: CVE-2018-19191, VIGILANCE-VUL-28275.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Webmin product offers a web service.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Webmin, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

cybersecurity bulletin CVE-2018-8712

Webmin: file reading via save_log.cgi

Synthesis of the vulnerability

A local attacker can read a file via save_log.cgi of Webmin, in order to obtain sensitive information.
Severity: 2/4.
Creation date: 15/03/2018.
Identifiers: CVE-2018-8712, VIGILANCE-VUL-25560.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

A local attacker can read a file via save_log.cgi of Webmin, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

weakness bulletin CVE-2017-17089

Webmin: Cross Site Scripting via run.cgi

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via run.cgi of Webmin, in order to run JavaScript code in the context of the web site.
Severity: 2/4.
Creation date: 02/01/2018.
Identifiers: CVE-2017-17089, VIGILANCE-VUL-24918.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

The Webmin product offers a web service.

However, it does not filter received data via run.cgi before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting via run.cgi of Webmin, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2017-15644 CVE-2017-15645 CVE-2017-15646

Webmin: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Webmin.
Severity: 3/4.
Number of vulnerabilities in this bulletin: 3.
Creation date: 16/10/2017.
Identifiers: CVE-2017-15644, CVE-2017-15645, CVE-2017-15646, VIGILANCE-VUL-24146.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can use several vulnerabilities of Webmin.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2017-9313

Webmin: three Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger three Cross Site Scripting of Webmin, in order to run JavaScript code in the context of the web site.
Severity: 2/4.
Creation date: 03/07/2017.
Identifiers: CVE-2017-9313, VIGILANCE-VUL-23122.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

An attacker can trigger three Cross Site Scripting of Webmin, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Webmin: