Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
7 vulnerabilities found for Usermin by Webmin Project
JVNDB-2024-000059
Vulnerability from jvndb - Published: 2024-07-09 14:27 - Updated:2024-07-09 14:27
Severity
Summary
Multiple vulnerabilities in multiple Webmin products
Details
Multiple Webmin products contain multiple vulnerabilities listed below.
* sysinfo.cgi is vulnerable to cross-site scripting (CWE-79)
CVE-2024-36450
* session_login.cgi is vulnerable to cross-site scripting (CWE-79)
CVE-2024-36453
* ajaxterm module is vulnerable to improper handling of insufficient permissions or privileges (CWE-280)
CVE-2024-36451
* ajaxterm module is vulnerable to cross-site request forgery (CWE-352)
CVE-2024-36452
CVE-2024-36450, CVE-2024-36451, CVE-2024-36452
Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVE-2024-36453
hibiki moriyama of STNet, Incorporated reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000059.html",
"dc:date": "2024-07-09T14:27+09:00",
"dcterms:issued": "2024-07-09T14:27+09:00",
"dcterms:modified": "2024-07-09T14:27+09:00",
"description": "Multiple Webmin products contain multiple vulnerabilities listed below.\r\n * sysinfo.cgi is vulnerable to cross-site scripting (CWE-79)\r\n CVE-2024-36450\r\n * session_login.cgi is vulnerable to cross-site scripting (CWE-79)\r\n CVE-2024-36453\r\n * ajaxterm module is vulnerable to improper handling of insufficient permissions or privileges (CWE-280)\r\n CVE-2024-36451\r\n * ajaxterm module is vulnerable to cross-site request forgery (CWE-352)\r\n CVE-2024-36452\r\n\r\nCVE-2024-36450, CVE-2024-36451, CVE-2024-36452\r\nToshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.\r\n\r\nCVE-2024-36453\r\nhibiki moriyama of STNet, Incorporated reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000059.html",
"sec:cpe": [
{
"#text": "cpe:/a:webmin:usermin",
"@product": "Usermin",
"@vendor": "Webmin Project",
"@version": "2.2"
},
{
"#text": "cpe:/a:webmin:webmin",
"@product": "Webmin",
"@vendor": "Webmin Project",
"@version": "2.2"
},
{
"#text": "cpe:/a:webmin:webmin",
"@product": "Webmin",
"@vendor": "Webmin Project",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "8.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2024-000059",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN81442045/index.html",
"@id": "JVN#81442045",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-36450",
"@id": "CVE-2024-36450",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-36451",
"@id": "CVE-2024-36451",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-36452",
"@id": "CVE-2024-36452",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-36453",
"@id": "CVE-2024-36453",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-352",
"@title": "Cross-Site Request Forgery(CWE-352)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Multiple vulnerabilities in multiple Webmin products"
}
JVNDB-2016-000202
Vulnerability from jvndb - Published: 2016-10-07 13:50 - Updated:2017-05-16 17:52
Severity
Summary
Usermin cross-site scripting vulnerabilties
Details
Usermin is a web-based interface used to manage webmail. Usermin contains reflected cross-site scripting vulnerabilities in /filter/save_forward.cgi, /filter/save.cgi and /man/search.cgi.
Toshinobu Honjo of NTT Communications Corporation reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000202.html",
"dc:date": "2017-05-16T17:52+09:00",
"dcterms:issued": "2016-10-07T13:50+09:00",
"dcterms:modified": "2017-05-16T17:52+09:00",
"description": "Usermin is a web-based interface used to manage webmail. Usermin contains reflected cross-site scripting vulnerabilities in /filter/save_forward.cgi, /filter/save.cgi and /man/search.cgi.\r\n\r\nToshinobu Honjo of NTT Communications Corporation reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000202.html",
"sec:cpe": {
"#text": "cpe:/a:webmin:usermin",
"@product": "Usermin",
"@vendor": "Webmin Project",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "6.1",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000202",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN32504719/index.html",
"@id": "JVN#32504719",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4897",
"@id": "CVE-2016-4897",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-4897",
"@id": "CVE-2016-4897",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Usermin cross-site scripting vulnerabilties"
}
JVNDB-2014-000058
Vulnerability from jvndb - Published: 2014-06-20 13:56 - Updated:2014-07-23 10:59Summary
Usermin vulnerable to cross-site scripting
Details
Usermin is a web-based interface used to manage webmail. Usermin contains a cross-site scripting vulnerability.
Keigo Yamazaki of LAC Co., Ltd reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000058.html",
"dc:date": "2014-07-23T10:59+09:00",
"dcterms:issued": "2014-06-20T13:56+09:00",
"dcterms:modified": "2014-07-23T10:59+09:00",
"description": "Usermin is a web-based interface used to manage webmail. Usermin contains a cross-site scripting vulnerability.\r\n\r\nKeigo Yamazaki of LAC Co., Ltd reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000058.html",
"sec:cpe": {
"#text": "cpe:/a:webmin:usermin",
"@product": "Usermin",
"@vendor": "Webmin Project",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2014-000058",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN92737498/index.html",
"@id": "JVN#92737498",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3884",
"@id": "CVE-2014-3884",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3884",
"@id": "CVE-2014-3884",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Usermin vulnerable to cross-site scripting"
}
JVNDB-2014-000057
Vulnerability from jvndb - Published: 2014-06-20 13:56 - Updated:2014-06-24 13:44Summary
Usermin vulnerable to OS command injection
Details
Usermin is a web-based interface used to manage webmail. Usermin contains an OS command injection vulnerability.
Keigo Yamazaki of LAC Co., Ltd reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
|
|
||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000057.html",
"dc:date": "2014-06-24T13:44+09:00",
"dcterms:issued": "2014-06-20T13:56+09:00",
"dcterms:modified": "2014-06-24T13:44+09:00",
"description": "Usermin is a web-based interface used to manage webmail. Usermin contains an OS command injection vulnerability.\r\n\r\nKeigo Yamazaki of LAC Co., Ltd reported this vulnerability to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000057.html",
"sec:cpe": {
"#text": "cpe:/a:webmin:usermin",
"@product": "Usermin",
"@vendor": "Webmin Project",
"@version": "2.2"
},
"sec:cvss": {
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2014-000057",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN48805624/index.html",
"@id": "JVN#48805624",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3883",
"@id": "CVE-2014-3883",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3883",
"@id": "CVE-2014-3883",
"@source": "NVD"
},
{
"#text": "http://www.ipa.go.jp/security/ciadr/vul/20140620-jvn.html",
"@id": "Security Alert for Usermin vulnerable to OS command injection (JVN#48805624)",
"@source": "IPA SECURITY ALERTS"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-78",
"@title": "OS Command Injection(CWE-78)"
}
],
"title": "Usermin vulnerable to OS command injection"
}
JVNDB-2005-000537
Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-05-21 00:00Summary
Webmin and Usermin authentication bypass vulnerability
Details
Webmin and Usermin, web-based system management tools for UNIX, contain a vulnerability which may allow a remote attacker to bypass authentication when PAM authentication is used.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000537.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "Webmin and Usermin, web-based system management tools for UNIX, contain a vulnerability which may allow a remote attacker to bypass authentication when PAM authentication is used.",
"link": "https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000537.html",
"sec:cpe": [
{
"#text": "cpe:/a:webmin:usermin",
"@product": "Usermin",
"@vendor": "Webmin Project",
"@version": "2.2"
},
{
"#text": "cpe:/a:webmin:webmin",
"@product": "Webmin",
"@vendor": "Webmin Project",
"@version": "2.2"
},
{
"#text": "cpe:/o:misc:miraclelinux_asianux_server",
"@product": "Asianux Server",
"@vendor": "Cybertrust Japan Co., Ltd.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "9.3",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2005-000537",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN40940493/index.html",
"@id": "JVN#40940493",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3042",
"@id": "CVE-2005-3042",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-3042",
"@id": "CVE-2005-3042",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/16858/",
"@id": "SA16858",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/14889",
"@id": "14889",
"@source": "BID"
},
{
"#text": "http://www.frsirt.com/english/advisories/2005/1791",
"@id": "FrSIRT/ADV-2005-1791",
"@source": "FRSIRT"
}
],
"title": "Webmin and Usermin authentication bypass vulnerability"
}
JVNDB-2006-000938
Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-05-21 00:00Summary
Webmin directory traversal vulnerability
Details
Webmin is a web-based system management tool.
Webmin contains a directory traversal vulnerability which allows to bypass authentication.
As of June 30, 2006, patched versions of the module addressing this vulnerability for all OS platforms are available from the vendor. This vulnerability was originally reported as an issue specific to the Windows platform. The vendor announces that the vulnerability affects the product on any OS platforms.
References
| Type | URL | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000938.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "Webmin is a web-based system management tool.\r\nWebmin contains a directory traversal vulnerability which allows to bypass authentication.\r\n\r\nAs of June 30, 2006, patched versions of the module addressing this vulnerability for all OS platforms are available from the vendor. This vulnerability was originally reported as an issue specific to the Windows platform. The vendor announces that the vulnerability affects the product on any OS platforms.",
"link": "https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000938.html",
"sec:cpe": [
{
"#text": "cpe:/a:webmin:usermin",
"@product": "Usermin",
"@vendor": "Webmin Project",
"@version": "2.2"
},
{
"#text": "cpe:/a:webmin:webmin",
"@product": "Webmin",
"@vendor": "Webmin Project",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2006-000938",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN67974490/index.html",
"@id": "JVN#67974490",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3274",
"@id": "CVE-2006-3274",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-3274",
"@id": "CVE-2006-3274",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/20777",
"@id": "SA20777",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/18613",
"@id": "18613",
"@source": "BID"
},
{
"#text": "http://xforce.iss.net/xforce/xfdb/27366",
"@id": "27366",
"@source": "XF"
},
{
"#text": "http://securitytracker.com/id?1016375",
"@id": "1016375",
"@source": "SECTRACK"
},
{
"#text": "http://www.frsirt.com/english/advisories/2006/2493",
"@id": "FrSIRT/ADV-2006-2493",
"@source": "FRSIRT"
}
],
"title": "Webmin directory traversal vulnerability"
}
JVNDB-2006-000939
Vulnerability from jvndb - Published: 2008-05-21 00:00 - Updated:2008-05-21 00:00Summary
Multiple vulnerabilities in Webmin and Usermin
Details
Webmin and Usermin, web-based system management tools, contain the following vulnerabilities:
- Execution of arbitrary files and viewing source code by bypassing Webmin and Usermin's access restrictions
- Cross-site scripting
We are aware that these vulnerabilities have been addressed in Webmin development version 1.297 and Usermin development version 1.226, as of August 31, 2006. Please refer to "Development Versions of Webmin and Usermin" on the vendor's website for information on the latest versions of the software.
References
| Type | URL | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000939.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "Webmin and Usermin, web-based system management tools, contain the following vulnerabilities:\r\n\r\n- Execution of arbitrary files and viewing source code by bypassing Webmin and Usermin\u0027s access restrictions\r\n- Cross-site scripting\r\n\r\nWe are aware that these vulnerabilities have been addressed in Webmin development version 1.297 and Usermin development version 1.226, as of August 31, 2006. Please refer to \"Development Versions of Webmin and Usermin\" on the vendor\u0027s website for information on the latest versions of the software.",
"link": "https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000939.html",
"sec:cpe": [
{
"#text": "cpe:/a:webmin:usermin",
"@product": "Usermin",
"@vendor": "Webmin Project",
"@version": "2.2"
},
{
"#text": "cpe:/a:webmin:webmin",
"@product": "Webmin",
"@vendor": "Webmin Project",
"@version": "2.2"
},
{
"#text": "cpe:/o:misc:miraclelinux_asianux_server",
"@product": "Asianux Server",
"@vendor": "Cybertrust Japan Co., Ltd.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2006-000939",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN99776858/index.html",
"@id": "JVN#99776858",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4542",
"@id": "CVE-2006-4542",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-4542",
"@id": "CVE-2006-4542",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/21690",
"@id": "SA21690",
"@source": "SECUNIA"
},
{
"#text": "http://secunia.com/advisories/22114",
"@id": "SA22114",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/19820",
"@id": "19820",
"@source": "BID"
},
{
"#text": "http://xforce.iss.net/xforce/xfdb/28699",
"@id": "28699",
"@source": "XF"
},
{
"#text": "http://securitytracker.com/id?1016776",
"@id": "1016776",
"@source": "SECTRACK"
},
{
"#text": "http://securitytracker.com/id?1016777",
"@id": "1016777",
"@source": "SECTRACK"
},
{
"#text": "http://www.frsirt.com/english/advisories/2006/3424",
"@id": "FrSIRT/ADV-2006-3424",
"@source": "FRSIRT"
}
],
"title": "Multiple vulnerabilities in Webmin and Usermin"
}