Webmin (CVE-2019-15107) - Zero Day Remote Exploit
We have been made aware of a remote exploit in Webmin 1.920 (latest) that would allow users to run arbitrary commands.
The function that is being exploited is related to the user password change that appears to be enabled by default. It is recommended that you disable that function and also temporarily disable password_change.cgi at the file system level until a patch has been released.
Please monitor the change log for updates:
At the time of writing this, no patch has been issued to our knowledge!
source : RACK911 Labs security mail
My list of reliable providers :
Ramnode : HostHatch : Dediserve : Serverica : CloudCone : OnePoundWebHosting : Vultr : Lunanode : Few more under testing!