8 matches found
WordPress plugin Blocksy 代码问题漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
AlmaLinux 8 : mailman:2.1 (ALSA-2021:4826)
The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2021:4826 advisory. mailman: CSRF token bypass allows to perform CSRF attacks and account takeover CVE-2021-42097 mailman: CSRF token derived from admin password allows offli...
Security update for mailman (important)
openSUSE Security Update: Security update for mailman Announcement ID: openSUSE-SU-2021:1436-1 Rating: important References: 1047218 1191959 1191960 Cross-References: CVE-2021-42096 CVE-2021-42097 CVSS scores: CVE-2021-42096 SUSE: 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-42097...
CVE-2021-42097
GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csrftoken value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin e.g., for account takeover...
CVE-2021-42096
GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A certain csrftoken value is derived from the admin password, and may be useful in conducting a brute-force attack against that password...
CVE-2021-42096
Removed by vendor...
CVE-2021-42096
GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A certain csrftoken value is derived from the admin password, and may be useful in conducting a brute-force attack against that password...
PT-2021-23524 · Unknown +8 · Gnu Mailman +8
Name of the Vulnerable Software and Affected Versions: GNU Mailman versions prior to 2.1.35 Description: The issue allows remote Privilege Escalation. A csrf token value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, an...