Vulnerabilites related to gentoo - webmin
CVE-2012-4893 (GCVE-0-2012-4893)
Vulnerability from cvelistv5
Published
2012-09-11 19:00
Modified
2024-09-16 17:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in file/show.cgi in Webmin 1.590 and earlier allow remote attackers to hijack the authentication of privileged users for requests that (1) read files or execute (2) tar, (3) zip, or (4) gzip commands, a different issue than CVE-2012-2982.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.americaninfosec.com/research/dossiers/AISG-12-001.pdf | x_refsource_MISC | |
| http://www.kb.cert.org/vuls/id/788478 | third-party-advisory, x_refsource_CERT-VN | |
| http://americaninfosec.com/research/index.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:50:17.505Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.americaninfosec.com/research/dossiers/AISG-12-001.pdf"
},
{
"name": "VU#788478",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/788478"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://americaninfosec.com/research/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in file/show.cgi in Webmin 1.590 and earlier allow remote attackers to hijack the authentication of privileged users for requests that (1) read files or execute (2) tar, (3) zip, or (4) gzip commands, a different issue than CVE-2012-2982."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-09-11T19:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.americaninfosec.com/research/dossiers/AISG-12-001.pdf"
},
{
"name": "VU#788478",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/788478"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://americaninfosec.com/research/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4893",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in file/show.cgi in Webmin 1.590 and earlier allow remote attackers to hijack the authentication of privileged users for requests that (1) read files or execute (2) tar, (3) zip, or (4) gzip commands, a different issue than CVE-2012-2982."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.americaninfosec.com/research/dossiers/AISG-12-001.pdf",
"refsource": "MISC",
"url": "http://www.americaninfosec.com/research/dossiers/AISG-12-001.pdf"
},
{
"name": "VU#788478",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/788478"
},
{
"name": "http://americaninfosec.com/research/index.html",
"refsource": "MISC",
"url": "http://americaninfosec.com/research/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-4893",
"datePublished": "2012-09-11T19:00:00Z",
"dateReserved": "2012-09-11T00:00:00Z",
"dateUpdated": "2024-09-16T17:53:18.089Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2983 (GCVE-0-2012-2983)
Vulnerability from cvelistv5
Published
2012-09-11 18:00
Modified
2024-08-06 19:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
file/edit_html.cgi in Webmin 1.590 and earlier does not perform an authorization check before showing a file's unedited contents, which allows remote attackers to read arbitrary files via the file field.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.americaninfosec.com/research/dossiers/AISG-12-002.pdf | x_refsource_MISC | |
| http://www.kb.cert.org/vuls/id/788478 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.securitytracker.com/id?1027507 | vdb-entry, x_refsource_SECTRACK | |
| http://americaninfosec.com/research/index.html | x_refsource_MISC | |
| https://github.com/webmin/webmin/commit/4cd7bad70e23e4e19be8ccf7b9f245445b2b3b80 | x_refsource_CONFIRM | |
| http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:50:05.319Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.americaninfosec.com/research/dossiers/AISG-12-002.pdf"
},
{
"name": "VU#788478",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/788478"
},
{
"name": "1027507",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027507"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://americaninfosec.com/research/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/webmin/webmin/commit/4cd7bad70e23e4e19be8ccf7b9f245445b2b3b80"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-07-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "file/edit_html.cgi in Webmin 1.590 and earlier does not perform an authorization check before showing a file\u0027s unedited contents, which allows remote attackers to read arbitrary files via the file field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-04-12T09:00:00",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.americaninfosec.com/research/dossiers/AISG-12-002.pdf"
},
{
"name": "VU#788478",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/788478"
},
{
"name": "1027507",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027507"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://americaninfosec.com/research/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/webmin/webmin/commit/4cd7bad70e23e4e19be8ccf7b9f245445b2b3b80"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2012-2983",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "file/edit_html.cgi in Webmin 1.590 and earlier does not perform an authorization check before showing a file\u0027s unedited contents, which allows remote attackers to read arbitrary files via the file field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.americaninfosec.com/research/dossiers/AISG-12-002.pdf",
"refsource": "MISC",
"url": "http://www.americaninfosec.com/research/dossiers/AISG-12-002.pdf"
},
{
"name": "VU#788478",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/788478"
},
{
"name": "1027507",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027507"
},
{
"name": "http://americaninfosec.com/research/index.html",
"refsource": "MISC",
"url": "http://americaninfosec.com/research/index.html"
},
{
"name": "https://github.com/webmin/webmin/commit/4cd7bad70e23e4e19be8ccf7b9f245445b2b3b80",
"refsource": "CONFIRM",
"url": "https://github.com/webmin/webmin/commit/4cd7bad70e23e4e19be8ccf7b9f245445b2b3b80"
},
{
"name": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf",
"refsource": "CONFIRM",
"url": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2012-2983",
"datePublished": "2012-09-11T18:00:00",
"dateReserved": "2012-05-30T00:00:00",
"dateUpdated": "2024-08-06T19:50:05.319Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2981 (GCVE-0-2012-2981)
Vulnerability from cvelistv5
Published
2012-09-11 18:00
Modified
2024-08-06 19:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary Perl code via a crafted file associated with the type (aka monitor type name) parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.americaninfosec.com/research/dossiers/AISG-12-000.pdf | x_refsource_MISC | |
| http://www.kb.cert.org/vuls/id/788478 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.securitytracker.com/id?1027507 | vdb-entry, x_refsource_SECTRACK | |
| http://americaninfosec.com/research/index.html | x_refsource_MISC | |
| https://github.com/webmin/webmin/commit/ed7365064c189b8f136a9f952062249167d1bd9e | x_refsource_CONFIRM | |
| http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:50:05.335Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.americaninfosec.com/research/dossiers/AISG-12-000.pdf"
},
{
"name": "VU#788478",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/788478"
},
{
"name": "1027507",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027507"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://americaninfosec.com/research/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/webmin/webmin/commit/ed7365064c189b8f136a9f952062249167d1bd9e"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-07-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary Perl code via a crafted file associated with the type (aka monitor type name) parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-04-12T09:00:00",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.americaninfosec.com/research/dossiers/AISG-12-000.pdf"
},
{
"name": "VU#788478",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/788478"
},
{
"name": "1027507",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027507"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://americaninfosec.com/research/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/webmin/webmin/commit/ed7365064c189b8f136a9f952062249167d1bd9e"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2012-2981",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary Perl code via a crafted file associated with the type (aka monitor type name) parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.americaninfosec.com/research/dossiers/AISG-12-000.pdf",
"refsource": "MISC",
"url": "http://www.americaninfosec.com/research/dossiers/AISG-12-000.pdf"
},
{
"name": "VU#788478",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/788478"
},
{
"name": "1027507",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027507"
},
{
"name": "http://americaninfosec.com/research/index.html",
"refsource": "MISC",
"url": "http://americaninfosec.com/research/index.html"
},
{
"name": "https://github.com/webmin/webmin/commit/ed7365064c189b8f136a9f952062249167d1bd9e",
"refsource": "CONFIRM",
"url": "https://github.com/webmin/webmin/commit/ed7365064c189b8f136a9f952062249167d1bd9e"
},
{
"name": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf",
"refsource": "CONFIRM",
"url": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2012-2981",
"datePublished": "2012-09-11T18:00:00",
"dateReserved": "2012-05-30T00:00:00",
"dateUpdated": "2024-08-06T19:50:05.335Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0427 (GCVE-0-2005-0427)
Vulnerability from cvelistv5
Published
2005-02-15 05:00
Modified
2024-08-07 21:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The ebuild of Webmin before 1.170-r3 on Gentoo Linux includes the encrypted root password in the miniserv.users file when building a tbz2 of the webmin package, which allows remote attackers to obtain and possibly crack the encrypted password.
References
| ▼ | URL | Tags |
|---|---|---|
| http://bugs.gentoo.org/show_bug.cgi?id=77731 | x_refsource_MISC | |
| http://www.gentoo.org/security/en/glsa/glsa-200502-12.xml | vendor-advisory, x_refsource_GENTOO | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/19315 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:13:54.183Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=77731"
},
{
"name": "GLSA-200502-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200502-12.xml"
},
{
"name": "webmin-encrypted-password(19315)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19315"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-02-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The ebuild of Webmin before 1.170-r3 on Gentoo Linux includes the encrypted root password in the miniserv.users file when building a tbz2 of the webmin package, which allows remote attackers to obtain and possibly crack the encrypted password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=77731"
},
{
"name": "GLSA-200502-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200502-12.xml"
},
{
"name": "webmin-encrypted-password(19315)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19315"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0427",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ebuild of Webmin before 1.170-r3 on Gentoo Linux includes the encrypted root password in the miniserv.users file when building a tbz2 of the webmin package, which allows remote attackers to obtain and possibly crack the encrypted password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=77731",
"refsource": "MISC",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=77731"
},
{
"name": "GLSA-200502-12",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200502-12.xml"
},
{
"name": "webmin-encrypted-password(19315)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19315"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0427",
"datePublished": "2005-02-15T05:00:00",
"dateReserved": "2005-02-15T00:00:00",
"dateUpdated": "2024-08-07T21:13:54.183Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2982 (GCVE-0-2012-2982)
Vulnerability from cvelistv5
Published
2012-09-11 18:00
Modified
2024-08-06 19:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
file/show.cgi in Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary commands via an invalid character in a pathname, as demonstrated by a | (pipe) character.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.americaninfosec.com/research/dossiers/AISG-12-001.pdf | x_refsource_MISC | |
| http://www.kb.cert.org/vuls/id/788478 | third-party-advisory, x_refsource_CERT-VN | |
| https://github.com/webmin/webmin/commit/1f1411fe7404ec3ac03e803cfa7e01515e71a213 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id?1027507 | vdb-entry, x_refsource_SECTRACK | |
| http://americaninfosec.com/research/index.html | x_refsource_MISC | |
| http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:50:05.315Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.americaninfosec.com/research/dossiers/AISG-12-001.pdf"
},
{
"name": "VU#788478",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/788478"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/webmin/webmin/commit/1f1411fe7404ec3ac03e803cfa7e01515e71a213"
},
{
"name": "1027507",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027507"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://americaninfosec.com/research/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-07-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "file/show.cgi in Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary commands via an invalid character in a pathname, as demonstrated by a | (pipe) character."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-04-12T09:00:00",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.americaninfosec.com/research/dossiers/AISG-12-001.pdf"
},
{
"name": "VU#788478",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/788478"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/webmin/webmin/commit/1f1411fe7404ec3ac03e803cfa7e01515e71a213"
},
{
"name": "1027507",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027507"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://americaninfosec.com/research/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2012-2982",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "file/show.cgi in Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary commands via an invalid character in a pathname, as demonstrated by a | (pipe) character."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.americaninfosec.com/research/dossiers/AISG-12-001.pdf",
"refsource": "MISC",
"url": "http://www.americaninfosec.com/research/dossiers/AISG-12-001.pdf"
},
{
"name": "VU#788478",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/788478"
},
{
"name": "https://github.com/webmin/webmin/commit/1f1411fe7404ec3ac03e803cfa7e01515e71a213",
"refsource": "CONFIRM",
"url": "https://github.com/webmin/webmin/commit/1f1411fe7404ec3ac03e803cfa7e01515e71a213"
},
{
"name": "1027507",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027507"
},
{
"name": "http://americaninfosec.com/research/index.html",
"refsource": "MISC",
"url": "http://americaninfosec.com/research/index.html"
},
{
"name": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf",
"refsource": "CONFIRM",
"url": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2012-2982",
"datePublished": "2012-09-11T18:00:00",
"dateReserved": "2012-05-30T00:00:00",
"dateUpdated": "2024-08-06T19:50:05.315Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2012-09-11 19:55
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in file/show.cgi in Webmin 1.590 and earlier allow remote attackers to hijack the authentication of privileged users for requests that (1) read files or execute (2) tar, (3) zip, or (4) gzip commands, a different issue than CVE-2012-2982.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gentoo | webmin | * | |
| gentoo | webmin | 1.140 | |
| gentoo | webmin | 1.150 | |
| gentoo | webmin | 1.160 | |
| gentoo | webmin | 1.170 | |
| gentoo | webmin | 1.180 | |
| gentoo | webmin | 1.200 | |
| gentoo | webmin | 1.210 | |
| gentoo | webmin | 1.220 | |
| gentoo | webmin | 1.230 | |
| gentoo | webmin | 1.240 | |
| gentoo | webmin | 1.260 | |
| gentoo | webmin | 1.270 | |
| gentoo | webmin | 1.280 | |
| gentoo | webmin | 1.290 | |
| gentoo | webmin | 1.300 | |
| gentoo | webmin | 1.310 | |
| gentoo | webmin | 1.320 | |
| gentoo | webmin | 1.330 | |
| gentoo | webmin | 1.340 | |
| gentoo | webmin | 1.370 | |
| gentoo | webmin | 1.380 | |
| gentoo | webmin | 1.390 | |
| gentoo | webmin | 1.400 | |
| gentoo | webmin | 1.410 | |
| gentoo | webmin | 1.420 | |
| gentoo | webmin | 1.430 | |
| gentoo | webmin | 1.440 | |
| gentoo | webmin | 1.450 | |
| gentoo | webmin | 1.470 | |
| gentoo | webmin | 1.480 | |
| gentoo | webmin | 1.500 | |
| gentoo | webmin | 1.510 | |
| gentoo | webmin | 1.520 | |
| gentoo | webmin | 1.530 | |
| gentoo | webmin | 1.550 | |
| gentoo | webmin | 1.560 | |
| gentoo | webmin | 1.570 | |
| gentoo | webmin | 1.580 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gentoo:webmin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3BE0D872-5567-4B52-AF86-ECEA6B3640B4",
"versionEndIncluding": "1.590",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.140:*:*:*:*:*:*:*",
"matchCriteriaId": "708F7A39-3D58-4E48-AE71-A4892CB742F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.150:*:*:*:*:*:*:*",
"matchCriteriaId": "6FE40C73-F154-4F99-B34D-48B1D090CF9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.160:*:*:*:*:*:*:*",
"matchCriteriaId": "9BE77AF8-2706-40D4-B094-ECA970F7CE4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.170:*:*:*:*:*:*:*",
"matchCriteriaId": "365B53A4-FDEE-4D2E-A0C2-72D728F57FDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.180:*:*:*:*:*:*:*",
"matchCriteriaId": "CA77B2B5-012D-450A-8BC7-E1EACCB3EC8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.200:*:*:*:*:*:*:*",
"matchCriteriaId": "03D1DF7B-8CB8-42CC-9DDA-C5A1AD879346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.210:*:*:*:*:*:*:*",
"matchCriteriaId": "E3470725-212E-4E86-9F06-709BFE7BC99C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.220:*:*:*:*:*:*:*",
"matchCriteriaId": "2376D29D-C58F-48AD-A52E-639F438D6137",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.230:*:*:*:*:*:*:*",
"matchCriteriaId": "FE3A6060-A8DD-4714-95CF-B330D9F323EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.240:*:*:*:*:*:*:*",
"matchCriteriaId": "9643F753-6EAC-4054-B1EB-4BFBB4280D4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.260:*:*:*:*:*:*:*",
"matchCriteriaId": "82396947-1347-4365-AB4F-851A702A7F9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.270:*:*:*:*:*:*:*",
"matchCriteriaId": "F4D06F90-97F5-4936-8CFA-256C9941FF5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.280:*:*:*:*:*:*:*",
"matchCriteriaId": "60E699C5-FE91-4E6A-8242-FB54D596853F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.290:*:*:*:*:*:*:*",
"matchCriteriaId": "39AC9A61-0789-4089-AAC3-C4E085ABB80D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.300:*:*:*:*:*:*:*",
"matchCriteriaId": "36649A62-5287-4798-BE59-18954FB5F168",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.310:*:*:*:*:*:*:*",
"matchCriteriaId": "0E196054-BE88-4381-9AE9-89951A9E814B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.320:*:*:*:*:*:*:*",
"matchCriteriaId": "FCF58A8E-2DDC-4391-84F7-A2A4248DB5EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.330:*:*:*:*:*:*:*",
"matchCriteriaId": "E552C43A-947C-42DD-A914-8A8D89605FDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.340:*:*:*:*:*:*:*",
"matchCriteriaId": "390A1BA0-C32E-4B64-AF9F-FF95E9366A3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.370:*:*:*:*:*:*:*",
"matchCriteriaId": "846C3686-82FE-4C5C-892C-7C6D28965A88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.380:*:*:*:*:*:*:*",
"matchCriteriaId": "F7289E38-D1F7-4964-9D6D-CC7845C354A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.390:*:*:*:*:*:*:*",
"matchCriteriaId": "3CA5E7D8-5213-42A1-A543-DE0546250772",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.400:*:*:*:*:*:*:*",
"matchCriteriaId": "F63C7945-1A73-4267-87A2-5F3380B3BC94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.410:*:*:*:*:*:*:*",
"matchCriteriaId": "4BADBAF9-BC0D-4143-A2DB-5F30930D7FDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.420:*:*:*:*:*:*:*",
"matchCriteriaId": "29DDC8F5-8AC6-4007-964C-7A035AEE23AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.430:*:*:*:*:*:*:*",
"matchCriteriaId": "B0CD0CB1-1648-48BD-BF31-72545FF0C1E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.440:*:*:*:*:*:*:*",
"matchCriteriaId": "BD95F393-8E6D-4041-9884-DB0E02A132C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.450:*:*:*:*:*:*:*",
"matchCriteriaId": "38C59749-474C-4205-ADE1-509881CAC84A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.470:*:*:*:*:*:*:*",
"matchCriteriaId": "9C7CB881-4DAE-4698-BC75-30187D128623",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.480:*:*:*:*:*:*:*",
"matchCriteriaId": "5C6725EA-FCFD-4C00-90D9-9B5B552C193B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.500:*:*:*:*:*:*:*",
"matchCriteriaId": "87C3D974-185F-47CE-9245-32CC26CC5C00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.510:*:*:*:*:*:*:*",
"matchCriteriaId": "768351BA-C94F-4F6F-99B7-4E27C0F971C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.520:*:*:*:*:*:*:*",
"matchCriteriaId": "0B50EF46-2777-47CE-BC99-D1D5B17001FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.530:*:*:*:*:*:*:*",
"matchCriteriaId": "501F941E-609B-46B9-A2E0-B359B2DCBB15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.550:*:*:*:*:*:*:*",
"matchCriteriaId": "4ABFC5F5-CB70-4102-96F9-F0EEC9BA957F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.560:*:*:*:*:*:*:*",
"matchCriteriaId": "2FA24721-BC9A-40E2-ACAB-AA2D6C26C157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.570:*:*:*:*:*:*:*",
"matchCriteriaId": "67232DFE-C9D5-479E-8DC6-8F577D3ADBF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.580:*:*:*:*:*:*:*",
"matchCriteriaId": "8976F845-5268-47BD-A782-5B7B8492DC70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in file/show.cgi in Webmin 1.590 and earlier allow remote attackers to hijack the authentication of privileged users for requests that (1) read files or execute (2) tar, (3) zip, or (4) gzip commands, a different issue than CVE-2012-2982."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en file/show.cgi en Webmin v1.590 y anteriores, permite a atacantes remotos secuestrar la autenticaci\u00f3n de usaurios privilegiados para peticiones que (1) leen archivos o ejecutan comandos (2) tar, (3) zip, o (4) gzip, una cuestion diferente de CVE-2012-2982."
}
],
"id": "CVE-2012-4893",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-09-11T19:55:00.970",
"references": [
{
"source": "cve@mitre.org",
"url": "http://americaninfosec.com/research/index.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.americaninfosec.com/research/dossiers/AISG-12-001.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/788478"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://americaninfosec.com/research/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.americaninfosec.com/research/dossiers/AISG-12-001.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/788478"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-09-11 18:55
Modified
2025-04-11 00:51
Severity ?
Summary
file/show.cgi in Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary commands via an invalid character in a pathname, as demonstrated by a | (pipe) character.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gentoo | webmin | * | |
| gentoo | webmin | 1.140 | |
| gentoo | webmin | 1.150 | |
| gentoo | webmin | 1.160 | |
| gentoo | webmin | 1.170 | |
| gentoo | webmin | 1.180 | |
| gentoo | webmin | 1.200 | |
| gentoo | webmin | 1.210 | |
| gentoo | webmin | 1.220 | |
| gentoo | webmin | 1.230 | |
| gentoo | webmin | 1.240 | |
| gentoo | webmin | 1.260 | |
| gentoo | webmin | 1.270 | |
| gentoo | webmin | 1.280 | |
| gentoo | webmin | 1.290 | |
| gentoo | webmin | 1.300 | |
| gentoo | webmin | 1.310 | |
| gentoo | webmin | 1.320 | |
| gentoo | webmin | 1.330 | |
| gentoo | webmin | 1.340 | |
| gentoo | webmin | 1.370 | |
| gentoo | webmin | 1.380 | |
| gentoo | webmin | 1.390 | |
| gentoo | webmin | 1.400 | |
| gentoo | webmin | 1.410 | |
| gentoo | webmin | 1.420 | |
| gentoo | webmin | 1.430 | |
| gentoo | webmin | 1.440 | |
| gentoo | webmin | 1.450 | |
| gentoo | webmin | 1.470 | |
| gentoo | webmin | 1.480 | |
| gentoo | webmin | 1.500 | |
| gentoo | webmin | 1.510 | |
| gentoo | webmin | 1.520 | |
| gentoo | webmin | 1.530 | |
| gentoo | webmin | 1.550 | |
| gentoo | webmin | 1.560 | |
| gentoo | webmin | 1.570 | |
| gentoo | webmin | 1.580 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gentoo:webmin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3BE0D872-5567-4B52-AF86-ECEA6B3640B4",
"versionEndIncluding": "1.590",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.140:*:*:*:*:*:*:*",
"matchCriteriaId": "708F7A39-3D58-4E48-AE71-A4892CB742F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.150:*:*:*:*:*:*:*",
"matchCriteriaId": "6FE40C73-F154-4F99-B34D-48B1D090CF9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.160:*:*:*:*:*:*:*",
"matchCriteriaId": "9BE77AF8-2706-40D4-B094-ECA970F7CE4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.170:*:*:*:*:*:*:*",
"matchCriteriaId": "365B53A4-FDEE-4D2E-A0C2-72D728F57FDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.180:*:*:*:*:*:*:*",
"matchCriteriaId": "CA77B2B5-012D-450A-8BC7-E1EACCB3EC8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.200:*:*:*:*:*:*:*",
"matchCriteriaId": "03D1DF7B-8CB8-42CC-9DDA-C5A1AD879346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.210:*:*:*:*:*:*:*",
"matchCriteriaId": "E3470725-212E-4E86-9F06-709BFE7BC99C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.220:*:*:*:*:*:*:*",
"matchCriteriaId": "2376D29D-C58F-48AD-A52E-639F438D6137",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.230:*:*:*:*:*:*:*",
"matchCriteriaId": "FE3A6060-A8DD-4714-95CF-B330D9F323EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.240:*:*:*:*:*:*:*",
"matchCriteriaId": "9643F753-6EAC-4054-B1EB-4BFBB4280D4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.260:*:*:*:*:*:*:*",
"matchCriteriaId": "82396947-1347-4365-AB4F-851A702A7F9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.270:*:*:*:*:*:*:*",
"matchCriteriaId": "F4D06F90-97F5-4936-8CFA-256C9941FF5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.280:*:*:*:*:*:*:*",
"matchCriteriaId": "60E699C5-FE91-4E6A-8242-FB54D596853F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.290:*:*:*:*:*:*:*",
"matchCriteriaId": "39AC9A61-0789-4089-AAC3-C4E085ABB80D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.300:*:*:*:*:*:*:*",
"matchCriteriaId": "36649A62-5287-4798-BE59-18954FB5F168",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.310:*:*:*:*:*:*:*",
"matchCriteriaId": "0E196054-BE88-4381-9AE9-89951A9E814B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.320:*:*:*:*:*:*:*",
"matchCriteriaId": "FCF58A8E-2DDC-4391-84F7-A2A4248DB5EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.330:*:*:*:*:*:*:*",
"matchCriteriaId": "E552C43A-947C-42DD-A914-8A8D89605FDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.340:*:*:*:*:*:*:*",
"matchCriteriaId": "390A1BA0-C32E-4B64-AF9F-FF95E9366A3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.370:*:*:*:*:*:*:*",
"matchCriteriaId": "846C3686-82FE-4C5C-892C-7C6D28965A88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.380:*:*:*:*:*:*:*",
"matchCriteriaId": "F7289E38-D1F7-4964-9D6D-CC7845C354A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.390:*:*:*:*:*:*:*",
"matchCriteriaId": "3CA5E7D8-5213-42A1-A543-DE0546250772",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.400:*:*:*:*:*:*:*",
"matchCriteriaId": "F63C7945-1A73-4267-87A2-5F3380B3BC94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.410:*:*:*:*:*:*:*",
"matchCriteriaId": "4BADBAF9-BC0D-4143-A2DB-5F30930D7FDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.420:*:*:*:*:*:*:*",
"matchCriteriaId": "29DDC8F5-8AC6-4007-964C-7A035AEE23AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.430:*:*:*:*:*:*:*",
"matchCriteriaId": "B0CD0CB1-1648-48BD-BF31-72545FF0C1E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.440:*:*:*:*:*:*:*",
"matchCriteriaId": "BD95F393-8E6D-4041-9884-DB0E02A132C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.450:*:*:*:*:*:*:*",
"matchCriteriaId": "38C59749-474C-4205-ADE1-509881CAC84A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.470:*:*:*:*:*:*:*",
"matchCriteriaId": "9C7CB881-4DAE-4698-BC75-30187D128623",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.480:*:*:*:*:*:*:*",
"matchCriteriaId": "5C6725EA-FCFD-4C00-90D9-9B5B552C193B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.500:*:*:*:*:*:*:*",
"matchCriteriaId": "87C3D974-185F-47CE-9245-32CC26CC5C00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.510:*:*:*:*:*:*:*",
"matchCriteriaId": "768351BA-C94F-4F6F-99B7-4E27C0F971C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.520:*:*:*:*:*:*:*",
"matchCriteriaId": "0B50EF46-2777-47CE-BC99-D1D5B17001FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.530:*:*:*:*:*:*:*",
"matchCriteriaId": "501F941E-609B-46B9-A2E0-B359B2DCBB15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.550:*:*:*:*:*:*:*",
"matchCriteriaId": "4ABFC5F5-CB70-4102-96F9-F0EEC9BA957F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.560:*:*:*:*:*:*:*",
"matchCriteriaId": "2FA24721-BC9A-40E2-ACAB-AA2D6C26C157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.570:*:*:*:*:*:*:*",
"matchCriteriaId": "67232DFE-C9D5-479E-8DC6-8F577D3ADBF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.580:*:*:*:*:*:*:*",
"matchCriteriaId": "8976F845-5268-47BD-A782-5B7B8492DC70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "file/show.cgi in Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary commands via an invalid character in a pathname, as demonstrated by a | (pipe) character."
},
{
"lang": "es",
"value": "file/show.cgi en Webmin v1.590 y anteriores permite a usuarios remotos autenticados ejecutar c\u00f3digo arbitrario a trav\u00e9s de un car\u00e1cter no v\u00e1lido en un nombre de ruta, como se demostr\u00f3 con | (pipe)."
}
],
"id": "CVE-2012-2982",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-09-11T18:55:01.237",
"references": [
{
"source": "cret@cert.org",
"url": "http://americaninfosec.com/research/index.html"
},
{
"source": "cret@cert.org",
"url": "http://www.americaninfosec.com/research/dossiers/AISG-12-001.pdf"
},
{
"source": "cret@cert.org",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/788478"
},
{
"source": "cret@cert.org",
"url": "http://www.securitytracker.com/id?1027507"
},
{
"source": "cret@cert.org",
"url": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf"
},
{
"source": "cret@cert.org",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/webmin/webmin/commit/1f1411fe7404ec3ac03e803cfa7e01515e71a213"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://americaninfosec.com/research/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.americaninfosec.com/research/dossiers/AISG-12-001.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/788478"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1027507"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/webmin/webmin/commit/1f1411fe7404ec3ac03e803cfa7e01515e71a213"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
The ebuild of Webmin before 1.170-r3 on Gentoo Linux includes the encrypted root password in the miniserv.users file when building a tbz2 of the webmin package, which allows remote attackers to obtain and possibly crack the encrypted password.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.140:*:*:*:*:*:*:*",
"matchCriteriaId": "708F7A39-3D58-4E48-AE71-A4892CB742F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.150:*:*:*:*:*:*:*",
"matchCriteriaId": "6FE40C73-F154-4F99-B34D-48B1D090CF9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.160:*:*:*:*:*:*:*",
"matchCriteriaId": "9BE77AF8-2706-40D4-B094-ECA970F7CE4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.170:r1:*:*:*:*:*:*",
"matchCriteriaId": "0540FAE3-5D20-4417-B6F1-15E8BF856D41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.170:r2:*:*:*:*:*:*",
"matchCriteriaId": "AE50EE6A-5CD3-4F2A-BBE1-2F32F4FBFAB2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The ebuild of Webmin before 1.170-r3 on Gentoo Linux includes the encrypted root password in the miniserv.users file when building a tbz2 of the webmin package, which allows remote attackers to obtain and possibly crack the encrypted password."
},
{
"lang": "es",
"value": "Las compilaciones de Webmin anteriores a la versi\u00f3n 1.170-r3 en Gentoo Linux incluye la contrase\u00f1a cifrada de root en el fichero miniserv.users cuando crea un tbz2 del paquete webmin, lo que permite a atacantes remotos obtener y posiblemente \u0027craquear\u0027 la contrase\u00f1a cifrada."
}
],
"id": "CVE-2005-0427",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-02T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=77731"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200502-12.xml"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19315"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=77731"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200502-12.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19315"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-09-11 18:55
Modified
2025-04-11 00:51
Severity ?
Summary
file/edit_html.cgi in Webmin 1.590 and earlier does not perform an authorization check before showing a file's unedited contents, which allows remote attackers to read arbitrary files via the file field.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gentoo | webmin | * | |
| gentoo | webmin | 1.140 | |
| gentoo | webmin | 1.150 | |
| gentoo | webmin | 1.160 | |
| gentoo | webmin | 1.170 | |
| gentoo | webmin | 1.180 | |
| gentoo | webmin | 1.200 | |
| gentoo | webmin | 1.210 | |
| gentoo | webmin | 1.220 | |
| gentoo | webmin | 1.230 | |
| gentoo | webmin | 1.240 | |
| gentoo | webmin | 1.260 | |
| gentoo | webmin | 1.270 | |
| gentoo | webmin | 1.280 | |
| gentoo | webmin | 1.290 | |
| gentoo | webmin | 1.300 | |
| gentoo | webmin | 1.310 | |
| gentoo | webmin | 1.320 | |
| gentoo | webmin | 1.330 | |
| gentoo | webmin | 1.340 | |
| gentoo | webmin | 1.370 | |
| gentoo | webmin | 1.380 | |
| gentoo | webmin | 1.390 | |
| gentoo | webmin | 1.400 | |
| gentoo | webmin | 1.410 | |
| gentoo | webmin | 1.420 | |
| gentoo | webmin | 1.430 | |
| gentoo | webmin | 1.440 | |
| gentoo | webmin | 1.450 | |
| gentoo | webmin | 1.470 | |
| gentoo | webmin | 1.480 | |
| gentoo | webmin | 1.500 | |
| gentoo | webmin | 1.510 | |
| gentoo | webmin | 1.520 | |
| gentoo | webmin | 1.530 | |
| gentoo | webmin | 1.550 | |
| gentoo | webmin | 1.560 | |
| gentoo | webmin | 1.570 | |
| gentoo | webmin | 1.580 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gentoo:webmin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3BE0D872-5567-4B52-AF86-ECEA6B3640B4",
"versionEndIncluding": "1.590",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.140:*:*:*:*:*:*:*",
"matchCriteriaId": "708F7A39-3D58-4E48-AE71-A4892CB742F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.150:*:*:*:*:*:*:*",
"matchCriteriaId": "6FE40C73-F154-4F99-B34D-48B1D090CF9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.160:*:*:*:*:*:*:*",
"matchCriteriaId": "9BE77AF8-2706-40D4-B094-ECA970F7CE4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.170:*:*:*:*:*:*:*",
"matchCriteriaId": "365B53A4-FDEE-4D2E-A0C2-72D728F57FDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.180:*:*:*:*:*:*:*",
"matchCriteriaId": "CA77B2B5-012D-450A-8BC7-E1EACCB3EC8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.200:*:*:*:*:*:*:*",
"matchCriteriaId": "03D1DF7B-8CB8-42CC-9DDA-C5A1AD879346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.210:*:*:*:*:*:*:*",
"matchCriteriaId": "E3470725-212E-4E86-9F06-709BFE7BC99C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.220:*:*:*:*:*:*:*",
"matchCriteriaId": "2376D29D-C58F-48AD-A52E-639F438D6137",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.230:*:*:*:*:*:*:*",
"matchCriteriaId": "FE3A6060-A8DD-4714-95CF-B330D9F323EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.240:*:*:*:*:*:*:*",
"matchCriteriaId": "9643F753-6EAC-4054-B1EB-4BFBB4280D4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.260:*:*:*:*:*:*:*",
"matchCriteriaId": "82396947-1347-4365-AB4F-851A702A7F9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.270:*:*:*:*:*:*:*",
"matchCriteriaId": "F4D06F90-97F5-4936-8CFA-256C9941FF5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.280:*:*:*:*:*:*:*",
"matchCriteriaId": "60E699C5-FE91-4E6A-8242-FB54D596853F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.290:*:*:*:*:*:*:*",
"matchCriteriaId": "39AC9A61-0789-4089-AAC3-C4E085ABB80D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.300:*:*:*:*:*:*:*",
"matchCriteriaId": "36649A62-5287-4798-BE59-18954FB5F168",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.310:*:*:*:*:*:*:*",
"matchCriteriaId": "0E196054-BE88-4381-9AE9-89951A9E814B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.320:*:*:*:*:*:*:*",
"matchCriteriaId": "FCF58A8E-2DDC-4391-84F7-A2A4248DB5EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.330:*:*:*:*:*:*:*",
"matchCriteriaId": "E552C43A-947C-42DD-A914-8A8D89605FDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.340:*:*:*:*:*:*:*",
"matchCriteriaId": "390A1BA0-C32E-4B64-AF9F-FF95E9366A3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.370:*:*:*:*:*:*:*",
"matchCriteriaId": "846C3686-82FE-4C5C-892C-7C6D28965A88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.380:*:*:*:*:*:*:*",
"matchCriteriaId": "F7289E38-D1F7-4964-9D6D-CC7845C354A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.390:*:*:*:*:*:*:*",
"matchCriteriaId": "3CA5E7D8-5213-42A1-A543-DE0546250772",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.400:*:*:*:*:*:*:*",
"matchCriteriaId": "F63C7945-1A73-4267-87A2-5F3380B3BC94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.410:*:*:*:*:*:*:*",
"matchCriteriaId": "4BADBAF9-BC0D-4143-A2DB-5F30930D7FDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.420:*:*:*:*:*:*:*",
"matchCriteriaId": "29DDC8F5-8AC6-4007-964C-7A035AEE23AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.430:*:*:*:*:*:*:*",
"matchCriteriaId": "B0CD0CB1-1648-48BD-BF31-72545FF0C1E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.440:*:*:*:*:*:*:*",
"matchCriteriaId": "BD95F393-8E6D-4041-9884-DB0E02A132C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.450:*:*:*:*:*:*:*",
"matchCriteriaId": "38C59749-474C-4205-ADE1-509881CAC84A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.470:*:*:*:*:*:*:*",
"matchCriteriaId": "9C7CB881-4DAE-4698-BC75-30187D128623",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.480:*:*:*:*:*:*:*",
"matchCriteriaId": "5C6725EA-FCFD-4C00-90D9-9B5B552C193B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.500:*:*:*:*:*:*:*",
"matchCriteriaId": "87C3D974-185F-47CE-9245-32CC26CC5C00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.510:*:*:*:*:*:*:*",
"matchCriteriaId": "768351BA-C94F-4F6F-99B7-4E27C0F971C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.520:*:*:*:*:*:*:*",
"matchCriteriaId": "0B50EF46-2777-47CE-BC99-D1D5B17001FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.530:*:*:*:*:*:*:*",
"matchCriteriaId": "501F941E-609B-46B9-A2E0-B359B2DCBB15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.550:*:*:*:*:*:*:*",
"matchCriteriaId": "4ABFC5F5-CB70-4102-96F9-F0EEC9BA957F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.560:*:*:*:*:*:*:*",
"matchCriteriaId": "2FA24721-BC9A-40E2-ACAB-AA2D6C26C157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.570:*:*:*:*:*:*:*",
"matchCriteriaId": "67232DFE-C9D5-479E-8DC6-8F577D3ADBF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.580:*:*:*:*:*:*:*",
"matchCriteriaId": "8976F845-5268-47BD-A782-5B7B8492DC70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "file/edit_html.cgi in Webmin 1.590 and earlier does not perform an authorization check before showing a file\u0027s unedited contents, which allows remote attackers to read arbitrary files via the file field."
},
{
"lang": "es",
"value": "file/edit_html.cgi en Webmin v1.590 y anteriores no realiza una comprobaci\u00f3n de autorizaci\u00f3n antes de mostrar el contenido de un archivo sin editar, lo que permite a atacantes remotos leer archivos de su elecci\u00f3n a trav\u00e9s del campo de archivo."
}
],
"id": "CVE-2012-2983",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-09-11T18:55:01.283",
"references": [
{
"source": "cret@cert.org",
"url": "http://americaninfosec.com/research/index.html"
},
{
"source": "cret@cert.org",
"url": "http://www.americaninfosec.com/research/dossiers/AISG-12-002.pdf"
},
{
"source": "cret@cert.org",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/788478"
},
{
"source": "cret@cert.org",
"url": "http://www.securitytracker.com/id?1027507"
},
{
"source": "cret@cert.org",
"url": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf"
},
{
"source": "cret@cert.org",
"url": "https://github.com/webmin/webmin/commit/4cd7bad70e23e4e19be8ccf7b9f245445b2b3b80"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://americaninfosec.com/research/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.americaninfosec.com/research/dossiers/AISG-12-002.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/788478"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1027507"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/webmin/webmin/commit/4cd7bad70e23e4e19be8ccf7b9f245445b2b3b80"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-09-11 18:55
Modified
2025-04-11 00:51
Severity ?
Summary
Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary Perl code via a crafted file associated with the type (aka monitor type name) parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gentoo | webmin | * | |
| gentoo | webmin | 1.140 | |
| gentoo | webmin | 1.150 | |
| gentoo | webmin | 1.160 | |
| gentoo | webmin | 1.170 | |
| gentoo | webmin | 1.180 | |
| gentoo | webmin | 1.200 | |
| gentoo | webmin | 1.210 | |
| gentoo | webmin | 1.220 | |
| gentoo | webmin | 1.230 | |
| gentoo | webmin | 1.240 | |
| gentoo | webmin | 1.260 | |
| gentoo | webmin | 1.270 | |
| gentoo | webmin | 1.280 | |
| gentoo | webmin | 1.290 | |
| gentoo | webmin | 1.300 | |
| gentoo | webmin | 1.310 | |
| gentoo | webmin | 1.320 | |
| gentoo | webmin | 1.330 | |
| gentoo | webmin | 1.340 | |
| gentoo | webmin | 1.370 | |
| gentoo | webmin | 1.380 | |
| gentoo | webmin | 1.390 | |
| gentoo | webmin | 1.400 | |
| gentoo | webmin | 1.410 | |
| gentoo | webmin | 1.420 | |
| gentoo | webmin | 1.430 | |
| gentoo | webmin | 1.440 | |
| gentoo | webmin | 1.450 | |
| gentoo | webmin | 1.470 | |
| gentoo | webmin | 1.480 | |
| gentoo | webmin | 1.500 | |
| gentoo | webmin | 1.510 | |
| gentoo | webmin | 1.520 | |
| gentoo | webmin | 1.530 | |
| gentoo | webmin | 1.550 | |
| gentoo | webmin | 1.560 | |
| gentoo | webmin | 1.570 | |
| gentoo | webmin | 1.580 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:gentoo:webmin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3BE0D872-5567-4B52-AF86-ECEA6B3640B4",
"versionEndIncluding": "1.590",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.140:*:*:*:*:*:*:*",
"matchCriteriaId": "708F7A39-3D58-4E48-AE71-A4892CB742F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.150:*:*:*:*:*:*:*",
"matchCriteriaId": "6FE40C73-F154-4F99-B34D-48B1D090CF9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.160:*:*:*:*:*:*:*",
"matchCriteriaId": "9BE77AF8-2706-40D4-B094-ECA970F7CE4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.170:*:*:*:*:*:*:*",
"matchCriteriaId": "365B53A4-FDEE-4D2E-A0C2-72D728F57FDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.180:*:*:*:*:*:*:*",
"matchCriteriaId": "CA77B2B5-012D-450A-8BC7-E1EACCB3EC8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.200:*:*:*:*:*:*:*",
"matchCriteriaId": "03D1DF7B-8CB8-42CC-9DDA-C5A1AD879346",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.210:*:*:*:*:*:*:*",
"matchCriteriaId": "E3470725-212E-4E86-9F06-709BFE7BC99C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.220:*:*:*:*:*:*:*",
"matchCriteriaId": "2376D29D-C58F-48AD-A52E-639F438D6137",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.230:*:*:*:*:*:*:*",
"matchCriteriaId": "FE3A6060-A8DD-4714-95CF-B330D9F323EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.240:*:*:*:*:*:*:*",
"matchCriteriaId": "9643F753-6EAC-4054-B1EB-4BFBB4280D4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.260:*:*:*:*:*:*:*",
"matchCriteriaId": "82396947-1347-4365-AB4F-851A702A7F9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.270:*:*:*:*:*:*:*",
"matchCriteriaId": "F4D06F90-97F5-4936-8CFA-256C9941FF5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.280:*:*:*:*:*:*:*",
"matchCriteriaId": "60E699C5-FE91-4E6A-8242-FB54D596853F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.290:*:*:*:*:*:*:*",
"matchCriteriaId": "39AC9A61-0789-4089-AAC3-C4E085ABB80D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.300:*:*:*:*:*:*:*",
"matchCriteriaId": "36649A62-5287-4798-BE59-18954FB5F168",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.310:*:*:*:*:*:*:*",
"matchCriteriaId": "0E196054-BE88-4381-9AE9-89951A9E814B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.320:*:*:*:*:*:*:*",
"matchCriteriaId": "FCF58A8E-2DDC-4391-84F7-A2A4248DB5EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.330:*:*:*:*:*:*:*",
"matchCriteriaId": "E552C43A-947C-42DD-A914-8A8D89605FDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.340:*:*:*:*:*:*:*",
"matchCriteriaId": "390A1BA0-C32E-4B64-AF9F-FF95E9366A3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.370:*:*:*:*:*:*:*",
"matchCriteriaId": "846C3686-82FE-4C5C-892C-7C6D28965A88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.380:*:*:*:*:*:*:*",
"matchCriteriaId": "F7289E38-D1F7-4964-9D6D-CC7845C354A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.390:*:*:*:*:*:*:*",
"matchCriteriaId": "3CA5E7D8-5213-42A1-A543-DE0546250772",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.400:*:*:*:*:*:*:*",
"matchCriteriaId": "F63C7945-1A73-4267-87A2-5F3380B3BC94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.410:*:*:*:*:*:*:*",
"matchCriteriaId": "4BADBAF9-BC0D-4143-A2DB-5F30930D7FDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.420:*:*:*:*:*:*:*",
"matchCriteriaId": "29DDC8F5-8AC6-4007-964C-7A035AEE23AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.430:*:*:*:*:*:*:*",
"matchCriteriaId": "B0CD0CB1-1648-48BD-BF31-72545FF0C1E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.440:*:*:*:*:*:*:*",
"matchCriteriaId": "BD95F393-8E6D-4041-9884-DB0E02A132C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.450:*:*:*:*:*:*:*",
"matchCriteriaId": "38C59749-474C-4205-ADE1-509881CAC84A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.470:*:*:*:*:*:*:*",
"matchCriteriaId": "9C7CB881-4DAE-4698-BC75-30187D128623",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.480:*:*:*:*:*:*:*",
"matchCriteriaId": "5C6725EA-FCFD-4C00-90D9-9B5B552C193B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.500:*:*:*:*:*:*:*",
"matchCriteriaId": "87C3D974-185F-47CE-9245-32CC26CC5C00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.510:*:*:*:*:*:*:*",
"matchCriteriaId": "768351BA-C94F-4F6F-99B7-4E27C0F971C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.520:*:*:*:*:*:*:*",
"matchCriteriaId": "0B50EF46-2777-47CE-BC99-D1D5B17001FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.530:*:*:*:*:*:*:*",
"matchCriteriaId": "501F941E-609B-46B9-A2E0-B359B2DCBB15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.550:*:*:*:*:*:*:*",
"matchCriteriaId": "4ABFC5F5-CB70-4102-96F9-F0EEC9BA957F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.560:*:*:*:*:*:*:*",
"matchCriteriaId": "2FA24721-BC9A-40E2-ACAB-AA2D6C26C157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.570:*:*:*:*:*:*:*",
"matchCriteriaId": "67232DFE-C9D5-479E-8DC6-8F577D3ADBF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gentoo:webmin:1.580:*:*:*:*:*:*:*",
"matchCriteriaId": "8976F845-5268-47BD-A782-5B7B8492DC70",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary Perl code via a crafted file associated with the type (aka monitor type name) parameter."
},
{
"lang": "es",
"value": "Webmin v1.590 y anteriores permite a usuarios remotos autenticados ejecutar cualquier c\u00f3digo Perl de su elecci\u00f3n a trav\u00e9s de un archivo (creado para tal fin) asociado con el par\u00e1metro \u0027type\u0027(tambi\u00e9n conocido como \u0027monitor type name\u0027).\r\n"
}
],
"id": "CVE-2012-2981",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-09-11T18:55:01.160",
"references": [
{
"source": "cret@cert.org",
"url": "http://americaninfosec.com/research/index.html"
},
{
"source": "cret@cert.org",
"url": "http://www.americaninfosec.com/research/dossiers/AISG-12-000.pdf"
},
{
"source": "cret@cert.org",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/788478"
},
{
"source": "cret@cert.org",
"url": "http://www.securitytracker.com/id?1027507"
},
{
"source": "cret@cert.org",
"url": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf"
},
{
"source": "cret@cert.org",
"tags": [
"Patch"
],
"url": "https://github.com/webmin/webmin/commit/ed7365064c189b8f136a9f952062249167d1bd9e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://americaninfosec.com/research/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.americaninfosec.com/research/dossiers/AISG-12-000.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/788478"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1027507"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/webmin/webmin/commit/ed7365064c189b8f136a9f952062249167d1bd9e"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}