Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2011-0049

Published: 04/02/2011 Updated: 14/02/2024
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 535
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Mj2

Vulnerability Summary

Directory traversal vulnerability in the _list_file_get function in lib/Majordomo.pm in Majordomo 2 prior to 20110131 allows remote malicious users to read arbitrary files via .. (dot dot) sequences in the help command, as demonstrated using (1) a crafted email and (2) cgi-bin/mj_wwwusr in the web interface.

Vulnerable Product Search on Vulmon Subscribe to Product

mj2 majordomo 2 20110128

mj2 majordomo 2 20110113

mj2 majordomo 2

mj2 majordomo 2 20110124

mj2 majordomo 2 20110108

mj2 majordomo 2 20110127

mj2 majordomo 2 20110125

mj2 majordomo 2 20110117

mj2 majordomo 2 20110101

mj2 majordomo 2 20110116

mj2 majordomo 2 20110109

mj2 majordomo 2 20110115

mj2 majordomo 2 20110114

mj2 majordomo 2 20110123

mj2 majordomo 2 20110112

mj2 majordomo 2 20110103

mj2 majordomo 2 20110118

mj2 majordomo 2 20110121

mj2 majordomo 2 20110104

mj2 majordomo 2 20110129

mj2 majordomo 2 20110111

mj2 majordomo 2 20110126

mj2 majordomo 2 20110102

mj2 majordomo 2 20110105

mj2 majordomo 2 20110119

mj2 majordomo 2 20110122

mj2 majordomo 2 20110120

mj2 majordomo 2 20110106

mj2 majordomo 2 20110107

mj2 majordomo 2 20110110

Exploits

Exploit DB: Majordomo2 - 'SMTP/HTTP' Directory Traversal
Original Advisory: sitewatch/en/Advisory/View/1 Credit: Michael Brooks (sitewatch) Vulnerability: Directory Traversal Software: Majordomo2 Identifier:CVE-2011-0049 Vendor: wwwmj2org/ Affected Build: 20110121 and prior Google dork:inurl:mj_wwwusr Special thanks to Dave Miller, Reed Loden and the rest of the Mozilla secu ...
Exploit DB: Majordomo2 20110121 Directory Traversal
Majordomo2 versions 20110121 and below suffer from a directory traversal vulnerability ...

Nmap Scripts

http-majordomo2-dir-traversal

Exploits a directory traversal vulnerability existing in Majordomo2 to retrieve remote files. (CVE-2011-0049).

nmap -p80 --script http-majordomo2-dir-traversal <host/ip>

PORT   STATE SERVICE
80/tcp open  http    syn-ack
| http-majordomo2-dir-traversal: /etc/passwd was found:
|
| root:x:0:0:root:/root:/bin/bash
| bin:x:1:1:bin:/bin:/sbin/nologin
|
http-majordomo2-dir-traversal

Exploits a directory traversal vulnerability existing in Majordomo2 to retrieve remote files. (CVE-2011-0049).

nmap -p80 --script http-majordomo2-dir-traversal <host/ip>

PORT   STATE SERVICE
80/tcp open  http    syn-ack
| http-majordomo2-dir-traversal: /etc/passwd was found:
|
| root:x:0:0:root:/root:/bin/bash
| bin:x:1:1:bin:/bin:/sbin/nologin
|

References

CWE-22https://bug628064.bugzilla.mozilla.org/attachment.cgi?id=506481http://secunia.com/advisories/43125https://sitewat.ch/en/Advisory/View/1https://bugzilla.mozilla.org/show_bug.cgi?id=628064http://www.securityfocus.com/bid/46127http://www.kb.cert.org/vuls/id/363726http://www.vupen.com/english/advisories/2011/0288http://www.securitytracker.com/id?1025024http://osvdb.org/70762http://securityreason.com/securityalert/8061http://www.exploit-db.com/exploits/16103https://exchange.xforce.ibmcloud.com/vulnerabilities/65113http://www.securityfocus.com/archive/1/516150/100/0/threadedhttps://nvd.nist.govhttps://www.exploit-db.com/exploits/16103/https://www.kb.cert.org/vuls/id/363726
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895blind SQL injectionCVE-2024-5064CVE-2023-52677CVE-2023-52682CVE-2024-30051CVE-2024-35849remote attackersremote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook