Directory traversal vulnerability in Endymion MailMan prior to 3.1 allows remote malicious users to read arbitrary files via a .. (dot dot) and a null character in the ALTERNATE_TEMPLATES parameter for various mmstdo*.cgi programs.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
endymion mailman webmail 3.0 |
||
endymion mailman webmail 3.0.1 |
||
endymion mailman webmail 3.0.10 |
||
endymion mailman webmail 3.0.23 |
||
endymion mailman webmail 3.0.24 |
||
endymion mailman webmail 3.0.26 |
||
endymion mailman webmail 3.0.27 |
||
endymion mailman webmail 3.0.15 |
||
endymion mailman webmail 3.0.16 |
||
endymion mailman webmail 3.0.18 |
||
endymion mailman webmail 3.0.19 |
||
endymion mailman webmail 3.0.33 |
||
endymion mailman webmail 3.0.34 |
||
endymion mailman webmail 3.0.35 |
||
endymion mailman webmail 3.0.4 |
||
endymion mailman webmail 3.0.12 |
||
endymion mailman webmail 3.0.14 |
||
endymion mailman webmail 3.0.2 |
||
endymion mailman webmail 3.0.21 |
||
endymion mailman webmail 3.0.29 |
||
endymion mailman webmail 3.0.31 |
||
endymion mailman webmail 3.0.7 |
||
endymion mailman webmail 3.0.11 |
||
endymion mailman webmail 3.0.13 |
||
endymion mailman webmail 3.0.20 |
||
endymion mailman webmail 3.0.22 |
||
endymion mailman webmail 3.0.28 |
||
endymion mailman webmail 3.0.30 |
||
endymion mailman webmail 3.0.32 |
||
endymion mailman webmail 3.0.6 |
||
endymion mailman webmail 3.0.8 |
Vulmon