Total vulnerabilities in the database
file/show.cgi in Webmin 1.590 and earlier allows remote authenticated users to execute arbitrary commands via an invalid character in a pathname, as demonstrated by a | (pipe) character.
| Software | From | Fixed in |
|---|---|---|
| gentoo / webmin | 1.370 | 1.370.x |
| gentoo / webmin | 1.340 | 1.340.x |
| gentoo / webmin | 1.260 | 1.260.x |
| gentoo / webmin | 1.450 | 1.450.x |
| gentoo / webmin | 1.160 | 1.160.x |
| gentoo / webmin | 1.230 | 1.230.x |
| gentoo / webmin | 1.400 | 1.400.x |
| gentoo / webmin | 1.480 | 1.480.x |
| gentoo / webmin | 1.220 | 1.220.x |
| gentoo / webmin | 1.150 | 1.150.x |
| gentoo / webmin | 1.270 | 1.270.x |
| gentoo / webmin | 1.330 | 1.330.x |
| gentoo / webmin | 1.380 | 1.380.x |
| gentoo / webmin | 1.210 | 1.210.x |
| gentoo / webmin | 1.390 | 1.390.x |
| gentoo / webmin | 1.510 | 1.510.x |
| gentoo / webmin | 1.560 | 1.560.x |
| gentoo / webmin | 1.320 | 1.320.x |
| gentoo / webmin | - | 1.590.x |
| gentoo / webmin | 1.200 | 1.200.x |
| gentoo / webmin | 1.410 | 1.410.x |
| gentoo / webmin | 1.500 | 1.500.x |
| gentoo / webmin | 1.470 | 1.470.x |
| gentoo / webmin | 1.140 | 1.140.x |
| gentoo / webmin | 1.430 | 1.430.x |
| gentoo / webmin | 1.280 | 1.280.x |
| gentoo / webmin | 1.300 | 1.300.x |
| gentoo / webmin | 1.290 | 1.290.x |
| gentoo / webmin | 1.240 | 1.240.x |
| gentoo / webmin | 1.440 | 1.440.x |
| gentoo / webmin | 1.170 | 1.170.x |
| gentoo / webmin | 1.580 | 1.580.x |
| gentoo / webmin | 1.420 | 1.420.x |
| gentoo / webmin | 1.180 | 1.180.x |
| gentoo / webmin | 1.310 | 1.310.x |
| gentoo / webmin | 1.530 | 1.530.x |
| gentoo / webmin | 1.570 | 1.570.x |
| gentoo / webmin | 1.520 | 1.520.x |
| gentoo / webmin | 1.550 | 1.550.x |