Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gnu mailman vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2005-0202
Directory traversal vulnerability in the true_path function in private.py for Mailman 2.1.5 and previous versions allows remote malicious users to read arbitrary files via ".../....///" sequences, which are not properly cleansed by regular expressions that are intended ...
Gnu Mailman 2.1.4
Gnu Mailman 2.1.5
Gnu Mailman 2.1b1
Gnu Mailman 2.1.2
Gnu Mailman 2.1.3
Gnu Mailman 2.1
Gnu Mailman 2.1.1
5
CVSSv2
CVE-2004-0412
Mailman prior to 2.1.5 allows remote malicious users to obtain user passwords via a crafted email request to the Mailman server.
Gnu Mailman 2.1b1
Gnu Mailman 2.1.1
Gnu Mailman 2.1.2
Gnu Mailman 2.1
Gnu Mailman 2.1.3
Gnu Mailman 2.1.4
5.1
CVSSv2
CVE-2001-0884
Cross-site scripting vulnerability in Mailman email archiver prior to 2.08 allows malicious users to obtain sensitive information or authentication credentials via a malicious link that is accessed by other web users.
Gnu Mailman 7.0
Gnu Mailman 5.1
Gnu Mailman 6.0
Gnu Mailman
Gnu Mailman 5.0
7.8
CVSSv2
CVE-2005-4153
Mailman 2.1.4 up to and including 2.1.6 allows remote malicious users to cause a denial of service via a message that causes the server to "fail with an Overflow on bad date data in a processed message," a different vulnerability than CVE-2005-3573.
Gnu Mailman 2.1.4
Gnu Mailman 2.1.5
Gnu Mailman 2.1.6
4.3
CVSSv2
CVE-2021-38354
The GNU-Mailman Integration WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the gm_error parameter found in the ~/includes/admin/mailing-lists-page.php file which allows malicious users to inject arbitrary web scripts, in versions up to and including 1.0.6.
Gnu-mailman Integration Project Gnu-mailman Integration
7.5
CVSSv2
CVE-2002-0388
Cross-site scripting vulnerabilities in Mailman prior to 2.0.11 allow remote malicious users to execute script via (1) the admin login page, or (2) the Pipermail index summaries.
Gnu Mailman
1 EDB exploit
NA
CVE-2021-34337
An issue exists in Mailman Core prior to 3.3.5. An attacker with access to the REST API could use timing attacks to determine the value of the configured REST API password and then make arbitrary REST API calls. The REST API is bound to localhost by default, limiting the ability ...
Gnu Mailman
2.6
CVSSv2
CVE-2006-4624
CRLF injection vulnerability in Utils.py in Mailman prior to 2.1.9rc1 allows remote malicious users to spoof messages in the error log and possibly trick the administrator into visiting malicious URLs via CRLF sequences in the URI.
Gnu Mailman
4.3
CVSSv2
CVE-2003-0992
Cross-site scripting (XSS) vulnerability in the create CGI script for Mailman prior to 2.1.3 allows remote malicious users to steal cookies of other users.
Gnu Mailman
2.1
CVSSv2
CVE-2002-0389
Pipermail in Mailman stores private mail messages with predictable filenames in a world-executable directory, which allows local users to read private mailing list archives.
Gnu Mailman
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040
privilege escalation
CVE-2024-4112
CVE-2024-32872
man-in-the-middle
CVE-2024-32788
bypass
CVE-2024-3400
CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »