CVE-2020-37002

Ajenti 2.1.36 contains a post-authenticated remote command execution vulnerability that allows remote attackers to execute arbitrary commands after successful login. Attackers can leverage the /api/terminal/create endpoint to send a netcat reverse shell payload targeting a specified IP and port...

CVE-2020-37002 Ajenti 2.1.36 Authenticated Remote Code Execution

Ajenti 2.1.36 contains a post-authenticated remote command execution vulnerability that allows remote attackers to execute arbitrary commands after successful login. Attackers can leverage the /api/terminal/create endpoint to send a netcat reverse shell payload targeting a specified IP and port...

CVE-2020-37002

CVE-2020-37002 — Ajenti 2.1.36 : An authentication bypass vulnerability exists in the web admin panel that allows remote attackers, after successful login, to execute arbitrary commands via the "/api/terminal/create" endpoint. The impact is described as command execution with potential reverse sh...

CVE-2020-37002

Ajenti 2.1.36 contains a post-authenticated remote command execution vulnerability that allows remote attackers to execute arbitrary commands after successful login. Attackers can leverage the /api/terminal/create endpoint to send a netcat reverse shell payload targeting a specified IP and port...

PT-2026-5278

Ajenti 2.1.36 contains an authentication bypass vulnerability that allows remote attackers to execute arbitrary commands after successful login. Attackers can leverage the /api/terminal/create endpoint to send a netcat reverse shell payload targeting a specified IP and port...

OESA-2021-1444 mailman security update

Mailman is free software for managing electronic mail discussion and e-newsletter lists. Mailman is integrated with the web, making it easy for users to manage their accounts and for list owners to administer their lists. Mailman supports built-in archiving, automatic bounce processing, content...

CVE-2021-43331

In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS...

CVE-2021-43331

In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS...

UBUNTU-CVE-2021-43331

In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS...

PT-2021-5365 · Unknown +4 · Gnu Mailman +4

Name of the Vulnerable Software and Affected Versions: GNU Mailman versions prior to 2.1.36 Description: The issue is related to insufficient restriction of authentication attempts in GNU Mailman, allowing a remote attacker to bypass authentication by guessing the administrator's password using a...

GNU Mailman 跨站脚本漏洞

GNU Mailman is a free suite of software from the GNU community for managing e-mail discussions and e-mail lists. The software can be integrated with Web projects to make it easy for users to manage email subscription accounts and provides built-in archiving, automatic forwarding processing, conte...