Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mailman vulnerabilities and exploits
(subscribe to this query)
2.6
CVSSv2
CVE-2006-1712
Cross-site scripting (XSS) vulnerability in the private archive script (private.py) in GNU Mailman 2.1.7 allows remote malicious users to inject arbitrary web script or HTML via the action argument.
Gnu Mailman 2.1.7
7.5
CVSSv2
CVE-2002-0277
Add2it Mailman Free 1.73 and previous versions allows remote malicious users to execute arbitrary commands via shell metacharacters in the list parameter.
Add2it Mailman Free
6.8
CVSSv2
CVE-2009-2164
Multiple SQL injection vulnerabilities in Kjtechforce mailman beta1, when magic_quotes_gpc is disabled, allow remote malicious users to execute arbitrary SQL commands via (1) the code parameter to activate.php or (2) the dest parameter to index.php.
Kjtechforce Mailman Beta1
2 EDB exploits
7.5
CVSSv2
CVE-2002-0855
Cross-site scripting vulnerability in Mailman prior to 2.0.12 allows remote malicious users to execute script as other users via a subscriber's list subscription options in the (1) adminpw or (2) info parameters to the ml-name feature.
Gnu Mailman 2.0.12
2 EDB exploits
7.2
CVSSv2
CVE-2000-0861
Mailman 1.1 allows list administrators to execute arbitrary commands via shell metacharacters in the %(listname) macro expansion.
Gnu Mailman 1.1
4.3
CVSSv2
CVE-2003-0038
Cross-site scripting (XSS) vulnerability in options.py for Mailman 2.1 allows remote malicious users to inject script or HTML into web pages via the (1) email or (2) language parameters.
Gnu Mailman 2.1
2 EDB exploits
3.6
CVSSv2
CVE-1999-0850
The default permissions for Endymion MailMan allow local users to read email or modify files.
Endymion Mailman Webmail 3.0.18
7.2
CVSSv2
CVE-2019-3693
A symlink following vulnerability in the packaging of mailman in SUSE Linux Enterprise Server 11, SUSE Linux Enterprise Server 12; openSUSE Leap 15.1 allowed local malicious users to escalate their privileges from user wwwrun to root. Additionally arbitrary files could be changed...
Suse Mailman
Opensuse Backports Sle 15.0
4
CVSSv2
CVE-2021-42096
GNU Mailman prior to 2.1.35 may allow remote Privilege Escalation. A certain csrf_token value is derived from the admin password, and may be useful in conducting a brute-force attack against that password.
Gnu Mailman
Debian Debian Linux 10.0
8.5
CVSSv2
CVE-2021-42097
GNU Mailman prior to 2.1.35 may allow remote Privilege Escalation. A csrf_token value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin (e.g., for ...
Gnu Mailman
Debian Debian Linux 10.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »