CVE-2019-15642 – Authenticated RCE on Webmin <= 1.920
Rpc.cgi
After the XXE, we found another bug in Webmin. This time it’s rpc.cgi which is vulnerable. More precisely a call to “unserialise_variable” function is done before than...
Posts Tagged ‘Vulnerability’:
CVE-2019-15641 – Authenticated XXE on Webmin <= 1.930
Description
From http://www.webmin.com :
Webmin is a web-based interface for system administration for Unix. Using any modern web browser, you can setup user accounts, Apache, DNS, file sharing...
CVE-2019-13031 – XXE on LemonLDAP::NG < 2.0.5
Global presentation
As described on https://lemonldap-ng.org/start :
LemonLDAP::NG is an open source Web Single Sign On (WebSSO), Access Management and Identity Federation product, written...