Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2011-0063

Published: 15/03/2011 Updated: 10/10/2018
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 505
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Mj2

Vulnerability Summary

The _list_file_get function in lib/Majordomo.pm in Majordomo 2 20110203 and previous versions allows remote malicious users to conduct directory traversal attacks and read arbitrary files via a ./.../ sequence in the "extra" parameter to the help command, which causes the regular expression to produce .. (dot dot) sequences. NOTE: this vulnerability is due to an incomplete fix for CVE-2011-0049.

Vulnerable Product Search on Vulmon Subscribe to Product

mj2 majordomo 2 20110103

mj2 majordomo 2 20110104

mj2 majordomo 2 20110112

mj2 majordomo 2 20110111

mj2 majordomo 2 20110120

mj2 majordomo 2 20110119

mj2 majordomo 2 20110122

mj2 majordomo 2 20110125

mj2 majordomo 2 20110128

mj2 majordomo 2 20110101

mj2 majordomo 2 20110102

mj2 majordomo 2 20110110

mj2 majordomo 2 20110109

mj2 majordomo 2 20110118

mj2 majordomo 2 20110117

mj2 majordomo 2 20110129

mj2 majordomo 2 20110126

mj2 majordomo 2

mj2 majordomo 2 20110107

mj2 majordomo 2 20110108

mj2 majordomo 2 20110116

mj2 majordomo 2 20110115

mj2 majordomo 2 20110123

mj2 majordomo 2 20110130

mj2 majordomo 2 20110201

mj2 majordomo 2 20110202

mj2 majordomo 2 20110105

mj2 majordomo 2 20110106

mj2 majordomo 2 20110114

mj2 majordomo 2 20110113

mj2 majordomo 2 20110121

mj2 majordomo 2 20110124

mj2 majordomo 2 20110127

mj2 majordomo 2 20110131

Exploits

Exploit DB: Majordomo2 - 'SMTP/HTTP' Directory Traversal
Original Advisory: sitewatch/en/Advisory/View/1 Credit: Michael Brooks (sitewatch) Vulnerability: Directory Traversal Software: Majordomo2 Identifier:CVE-2011-0049 Vendor: wwwmj2org/ Affected Build: 20110121 and prior Google dork:inurl:mj_wwwusr Special thanks to Dave Miller, Reed Loden and the rest of the Mozilla secu ...
Exploit DB: Majordomo2 Directory Traversal
Majordomo2 suffers from a directory traversal vulnerability in the help command The parameter named extra is not properly sanitized Versions 20110203 and below are affected ...

References

CWE-22http://secunia.com/advisories/43631http://sotiriu.de/adv/NSOADV-2011-003.txthttps://bugzilla.mozilla.org/show_bug.cgi?id=631307http://securityreason.com/securityalert/8133https://exchange.xforce.ibmcloud.com/vulnerabilities/66011http://www.securityfocus.com/archive/1/516923/100/0/threadedhttps://nvd.nist.govhttps://www.exploit-db.com/exploits/16103/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
firmwareCVE-2023-52866CVE-2024-4367CVE-2024-1721CVE-2023-34992XML injectionCVE-2023-52817SQLCVE-2023-52855
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook