CVE Tools

usermin

Unclassifiedunknown

8

Cumulative CVEs

5

Monthly snapshots

#20

Peak rank

Top products

Latest CVEs

The 14 most recently published vulnerabilities affecting usermin.

CVE-2015-2079Usermin 0.980 through 1.x before 1.660 allows uconfig_save.cgi sig_file_free remote code execution because it uses the two argument (not three argument) form of Perl open.9.9Apr 28, 2025
CVE-2007-1276Multiple cross-site scripting (XSS) vulnerabilities in chooser.cgi in Webmin before 1.330 and Usermin before 1.260 allow remote attackers to inject arbitrary web script or HTML via a crafted filename.4.3Mar 5, 2007
CVE-2006-4246Usermin before 1.220 (20060629) allows remote attackers to read arbitrary files, possibly related to chfn/save.cgi not properly handling an empty shell parameter, which results in changing root's s...3.6Sep 19, 2006
CVE-2006-4542Webmin before 1.296 and Usermin before 1.226 do not properly handle a URL with a null ("%00") character, which allows remote attackers to conduct cross-site scripting (XSS), read CGI program source...6.8Sep 5, 2006
CVE-2006-3392Webmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML, which allows remote attackers to read arbitrary files, as demonstrated using "..%01" sequences, w...5.0Jul 6, 2006
CVE-2005-3042miniserv.pl in Webmin before 1.230 and Usermin before 1.160, when "full PAM conversations" is enabled, allows remote attackers to bypass authentication by spoofing session IDs via certain metachara...7.5Sep 22, 2005
CVE-2005-1177Unknown vulnerability in (1) Webmin and (2) Usermin before 1.200 causes Webmin to change permissions and ownership of configuration files, with unknown impact.10.0Apr 19, 2005
CVE-2004-1468The web mail functionality in Usermin 1.x and Webmin 1.x allows remote attackers to execute arbitrary commands via shell metacharacters in an e-mail message.7.5Feb 13, 2005
CVE-2004-0559The maketemp.pl script in Usermin 1.070 and 1.080 allows local users to overwrite arbitrary files at install time via a symlink attack on the /tmp/.usermin directory.2.1Sep 24, 2004
CVE-2004-0588Cross-site scripting (XSS) vulnerability in the web mail module for Usermin 1.070 allows remote attackers to insert arbitrary HTML and script via e-mail messages.6.8Jun 23, 2004
CVE-2004-0583The account lockout functionality in (1) Webmin 1.140 and (2) Usermin 1.070 does not parse certain character strings, which allows remote attackers to conduct a brute force attack to guess user IDs...5.0Jun 23, 2004
CVE-2003-0101miniserv.pl in (1) Webmin before 1.070 and (2) Usermin before 1.000 does not properly handle metacharacters such as line feeds and carriage returns (CRLF) in Base-64 encoded strings during Basic au...10.0Feb 26, 2003
CVE-2002-0757(1) Webmin 0.96 and (2) Usermin 0.90 with password timeouts enabled allow local and possibly remote attackers to bypass authentication and gain privileges via certain control characters in the auth...7.5Jul 26, 2002
CVE-2002-0756Cross-site scripting vulnerability in the authentication page for (1) Webmin 0.96 and (2) Usermin 0.90 allows remote attackers to insert script into an error page and possibly steal cookies.7.5Jul 26, 2002