Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gnu mailman vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2021-34337
An issue exists in Mailman Core prior to 3.3.5. An attacker with access to the REST API could use timing attacks to determine the value of the configured REST API password and then make arbitrary REST API calls. The REST API is bound to localhost by default, limiting the ability ...
Gnu Mailman
383
VMScore
CVE-2018-13796
An issue exists in GNU Mailman prior to 2.1.28. A crafted URL can cause arbitrary text to be displayed on a web page from a trusted site.
Gnu Mailman
668
VMScore
CVE-2006-2191
Format string vulnerability in Mailman prior to 2.1.9 allows malicious users to execute arbitrary code via unspecified vectors. NOTE: the vendor has disputed this vulnerability, stating that it is "unexploitable.
Gnu Mailman
668
VMScore
CVE-2001-1132
Mailman 2.0.x prior to 2.0.6 allows remote malicious users to gain access to list administrative pages when there is an empty site or list password, which is not properly handled during the call to the crypt function during authentication.
Gnu Mailman
755
VMScore
CVE-2002-0388
Cross-site scripting vulnerabilities in Mailman prior to 2.0.11 allow remote malicious users to execute script via (1) the admin login page, or (2) the Pipermail index summaries.
Gnu Mailman
1 EDB exploit
187
VMScore
CVE-2002-0389
Pipermail in Mailman stores private mail messages with predictable filenames in a world-executable directory, which allows local users to read private mailing list archives.
Gnu Mailman
440
VMScore
CVE-2003-0038
Cross-site scripting (XSS) vulnerability in options.py for Mailman 2.1 allows remote malicious users to inject script or HTML into web pages via the (1) email or (2) language parameters.
Gnu Mailman 2.1
2 EDB exploits
760
VMScore
CVE-2002-0855
Cross-site scripting vulnerability in Mailman prior to 2.0.12 allows remote malicious users to execute script as other users via a subscriber's list subscription options in the (1) adminpw or (2) info parameters to the ml-name feature.
Gnu Mailman 2.0.12
2 EDB exploits
641
VMScore
CVE-2000-0861
Mailman 1.1 allows list administrators to execute arbitrary commands via shell metacharacters in the %(listname) macro expansion.
Gnu Mailman 1.1
231
VMScore
CVE-2006-1712
Cross-site scripting (XSS) vulnerability in the private archive script (private.py) in GNU Mailman 2.1.7 allows remote malicious users to inject arbitrary web script or HTML via the action argument.
Gnu Mailman 2.1.7
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
remote code execution
CVE-2024-34909
CVE-2024-3317
SSTI
CVE-2024-3400
CVE-2024-30051
wireless
CVE-2024-4622
CVE-2024-4908
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »