Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mailman vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2000-0861
Mailman 1.1 allows list administrators to execute arbitrary commands via shell metacharacters in the %(listname) macro expansion.
Gnu Mailman 1.1
NA
CVE-2006-1712
Cross-site scripting (XSS) vulnerability in the private archive script (private.py) in GNU Mailman 2.1.7 allows remote malicious users to inject arbitrary web script or HTML via the action argument.
Gnu Mailman 2.1.7
NA
CVE-2009-2164
Multiple SQL injection vulnerabilities in Kjtechforce mailman beta1, when magic_quotes_gpc is disabled, allow remote malicious users to execute arbitrary SQL commands via (1) the code parameter to activate.php or (2) the dest parameter to index.php.
Kjtechforce Mailman Beta1
2 EDB exploits
NA
CVE-2002-0277
Add2it Mailman Free 1.73 and previous versions allows remote malicious users to execute arbitrary commands via shell metacharacters in the list parameter.
Add2it Mailman Free
NA
CVE-2002-0855
Cross-site scripting vulnerability in Mailman prior to 2.0.12 allows remote malicious users to execute script as other users via a subscriber's list subscription options in the (1) adminpw or (2) info parameters to the ml-name feature.
Gnu Mailman 2.0.12
2 EDB exploits
NA
CVE-2002-0278
Directory traversal vulnerability in Add2it Mailman Free 1.73 and previous versions allows remote malicious users to modify arbitrary files via a .. (dot dot) in the list parameter.
Add2it Mailman Free
NA
CVE-1999-0850
The default permissions for Endymion MailMan allow local users to read email or modify files.
Endymion Mailman Webmail 3.0.18
7.8
CVSSv3
CVE-2019-3693
A symlink following vulnerability in the packaging of mailman in SUSE Linux Enterprise Server 11, SUSE Linux Enterprise Server 12; openSUSE Leap 15.1 allowed local malicious users to escalate their privileges from user wwwrun to root. Additionally arbitrary files could be changed...
Suse Mailman
Opensuse Backports Sle 15.0
4.3
CVSSv3
CVE-2021-42096
GNU Mailman prior to 2.1.35 may allow remote Privilege Escalation. A certain csrf_token value is derived from the admin password, and may be useful in conducting a brute-force attack against that password.
Gnu Mailman
Debian Debian Linux 10.0
8
CVSSv3
CVE-2021-42097
GNU Mailman prior to 2.1.35 may allow remote Privilege Escalation. A csrf_token value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin (e.g., for ...
Gnu Mailman
Debian Debian Linux 10.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37884
CVE-2024-6003
remote
brute force
information disclosure
CVE-2024-27801
CVE-2024-30078
CVE-2024-31870
CVE-2024-6042
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »