Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mailman vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2002-0277
Add2it Mailman Free 1.73 and previous versions allows remote malicious users to execute arbitrary commands via shell metacharacters in the list parameter.
Add2it Mailman Free
668
VMScore
CVE-2002-0278
Directory traversal vulnerability in Add2it Mailman Free 1.73 and previous versions allows remote malicious users to modify arbitrary files via a .. (dot dot) in the list parameter.
Add2it Mailman Free
231
VMScore
CVE-2006-1712
Cross-site scripting (XSS) vulnerability in the private archive script (private.py) in GNU Mailman 2.1.7 allows remote malicious users to inject arbitrary web script or HTML via the action argument.
Gnu Mailman 2.1.7
440
VMScore
CVE-2003-0038
Cross-site scripting (XSS) vulnerability in options.py for Mailman 2.1 allows remote malicious users to inject script or HTML into web pages via the (1) email or (2) language parameters.
Gnu Mailman 2.1
2 EDB exploits
641
VMScore
CVE-2000-0861
Mailman 1.1 allows list administrators to execute arbitrary commands via shell metacharacters in the %(listname) macro expansion.
Gnu Mailman 1.1
760
VMScore
CVE-2002-0855
Cross-site scripting vulnerability in Mailman prior to 2.0.12 allows remote malicious users to execute script as other users via a subscriber's list subscription options in the (1) adminpw or (2) info parameters to the ml-name feature.
Gnu Mailman 2.0.12
2 EDB exploits
320
VMScore
CVE-1999-0850
The default permissions for Endymion MailMan allow local users to read email or modify files.
Endymion Mailman Webmail 3.0.18
383
VMScore
CVE-2021-43331
In GNU Mailman prior to 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS.
Gnu Mailman
Debian Debian Linux 9.0
356
VMScore
CVE-2021-43332
In GNU Mailman prior to 2.1.36, the CSRF token for the Cgi/admindb.py admindb page contains an encrypted version of the list admin password. This could potentially be cracked by a moderator via an offline brute-force attack.
Gnu Mailman
Debian Debian Linux 9.0
356
VMScore
CVE-2021-42096
GNU Mailman prior to 2.1.35 may allow remote Privilege Escalation. A certain csrf_token value is derived from the admin password, and may be useful in conducting a brute-force attack against that password.
Gnu Mailman
Debian Debian Linux 10.0
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-17519
open redirect
CVE-2024-21683
cache poisoning
CVE-2021-47524
CVE-2021-47521
CVE-2024-5229
CVE-2021-47560
local
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »