Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mailman vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2002-0277
Add2it Mailman Free 1.73 and previous versions allows remote malicious users to execute arbitrary commands via shell metacharacters in the list parameter.
Add2it Mailman Free
NA
CVE-2002-0278
Directory traversal vulnerability in Add2it Mailman Free 1.73 and previous versions allows remote malicious users to modify arbitrary files via a .. (dot dot) in the list parameter.
Add2it Mailman Free
NA
CVE-2006-1712
Cross-site scripting (XSS) vulnerability in the private archive script (private.py) in GNU Mailman 2.1.7 allows remote malicious users to inject arbitrary web script or HTML via the action argument.
Gnu Mailman 2.1.7
NA
CVE-2003-0038
Cross-site scripting (XSS) vulnerability in options.py for Mailman 2.1 allows remote malicious users to inject script or HTML into web pages via the (1) email or (2) language parameters.
Gnu Mailman 2.1
2 EDB exploits
NA
CVE-2002-0855
Cross-site scripting vulnerability in Mailman prior to 2.0.12 allows remote malicious users to execute script as other users via a subscriber's list subscription options in the (1) adminpw or (2) info parameters to the ml-name feature.
Gnu Mailman 2.0.12
2 EDB exploits
NA
CVE-2009-2164
Multiple SQL injection vulnerabilities in Kjtechforce mailman beta1, when magic_quotes_gpc is disabled, allow remote malicious users to execute arbitrary SQL commands via (1) the code parameter to activate.php or (2) the dest parameter to index.php.
Kjtechforce Mailman Beta1
2 EDB exploits
NA
CVE-1999-0850
The default permissions for Endymion MailMan allow local users to read email or modify files.
Endymion Mailman Webmail 3.0.18
8.8
CVSSv3
CVE-2021-44227
In GNU Mailman prior to 2.1.38, a list member or moderator can get a CSRF token and craft an admin request (using that token) to set a new admin password or make other changes.
Gnu Mailman
Debian Debian Linux 9.0
7.8
CVSSv3
CVE-2019-3693
A symlink following vulnerability in the packaging of mailman in SUSE Linux Enterprise Server 11, SUSE Linux Enterprise Server 12; openSUSE Leap 15.1 allowed local malicious users to escalate their privileges from user wwwrun to root. Additionally arbitrary files could be changed...
Suse Mailman
Opensuse Backports Sle 15.0
6.1
CVSSv3
CVE-2021-43331
In GNU Mailman prior to 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS.
Gnu Mailman
Debian Debian Linux 9.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4761
command injection
CVE-2024-3676
IDOR
CVE-2024-30039
CVE-2024-32113
CVE-2024-30049
CVE-2024-4776
SQL injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »