Archive for July, 2019:

CVE-2019-15642 – Authenticated RCE on Webmin <= 1.920

CVE-2019-15642 – Authenticated RCE on Webmin <= 1.920

Rpc.cgi After the XXE, we found another bug in Webmin. This time it’s rpc.cgi which is vulnerable. More precisely a call to “unserialise_variable” function is done before than...
Published on: Jul 31 2019
By: Loïc
1 Comment
CVE-2019-15641 – Authenticated XXE on Webmin <= 1.930

CVE-2019-15641 – Authenticated XXE on Webmin <= 1.930

Description From http://www.webmin.com : Webmin is a web-based interface for system administration for Unix. Using any modern web browser, you can setup user accounts, Apache, DNS, file sharing...
Published on: Jul 30 2019
By: Loïc
Leave a Comment
CVE-2019-13031 – XXE on LemonLDAP::NG < 2.0.5

CVE-2019-13031 – XXE on LemonLDAP::NG < 2.0.5

Global presentation As described on https://lemonldap-ng.org/start : LemonLDAP::NG is an open source Web Single Sign On (WebSSO), Access Management and Identity Federation product, written...
Published on: Jul 23 2019
By: Calypt
Leave a Comment