Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mailman vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2001-0290
Vulnerability in Mailman 2.0.1 and previous versions allows list administrators to obtain user passwords.
Gnu Mailman
NA
CVE-2001-1132
Mailman 2.0.x prior to 2.0.6 allows remote malicious users to gain access to list administrative pages when there is an empty site or list password, which is not properly handled during the call to the crypt function during authentication.
Gnu Mailman
6.3
CVSSv3
CVE-2021-34337
An issue exists in Mailman Core prior to 3.3.5. An attacker with access to the REST API could use timing attacks to determine the value of the configured REST API password and then make arbitrary REST API calls. The REST API is bound to localhost by default, limiting the ability ...
Gnu Mailman
NA
CVE-2002-0388
Cross-site scripting vulnerabilities in Mailman prior to 2.0.11 allow remote malicious users to execute script via (1) the admin login page, or (2) the Pipermail index summaries.
Gnu Mailman
1 EDB exploit
NA
CVE-2003-0965
Cross-site scripting (XSS) vulnerability in the admin CGI script for Mailman prior to 2.1.4 allows remote malicious users to steal session cookies and conduct unauthorized activities.
Gnu Mailman
NA
CVE-2003-0992
Cross-site scripting (XSS) vulnerability in the create CGI script for Mailman prior to 2.1.3 allows remote malicious users to steal cookies of other users.
Gnu Mailman
NA
CVE-2006-2191
Format string vulnerability in Mailman prior to 2.1.9 allows malicious users to execute arbitrary code via unspecified vectors. NOTE: the vendor has disputed this vulnerability, stating that it is "unexploitable.
Gnu Mailman
NA
CVE-2002-0389
Pipermail in Mailman stores private mail messages with predictable filenames in a world-executable directory, which allows local users to read private mailing list archives.
Gnu Mailman
NA
CVE-2004-0182
Mailman prior to 2.0.13 allows remote malicious users to cause a denial of service (crash) via an email message with an empty subject field.
Gnu Mailman
NA
CVE-2003-0038
Cross-site scripting (XSS) vulnerability in options.py for Mailman 2.1 allows remote malicious users to inject script or HTML into web pages via the (1) email or (2) language parameters.
Gnu Mailman 2.1
2 EDB exploits
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
SSRF
buffer overflow
CVE-2023-28952
CVE-2023-41822
CVE-2024-27956
CVE-2023-7028
CVE-2024-34447
CVE-2024-34460
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »