CVE-2026-27176

MajorDoMo aka Major Domestic Module contains a reflected cross-site scripting XSS vulnerability in command.php. The $qry parameter is rendered directly into the HTML page without sanitization via htmlspecialchars, both in an input field value attribute and in a paragraph element. An attacker can...

CVE-2026-27175

CVE-2026-27175 : MajorDoMo is vulnerable to unauthenticated OS command injection via rc/index.php. The user input parameter is interpolated into a command string inside double quotes without sanitization, and the command is inserted into a queue by safe_exec() and later executed by the web-access...

MajorDoMo 安全漏洞

MajorDoMo is an open-source DIY smart home automation platform developed by the MajorDoMo community. There is a security vulnerability in MajorDoMo. This vulnerability stems from the saverestore module, which exposes its admin method through the /objects/?module=saverestore endpoint without...

CVE-2003-1367

The whichaccess variable for Majordomo 2.0 through 1.94.4, and possibly earlier versions, is set to "open" by default, which allows remote attackers to identify the email addresses of members of mailing lists via a "which" command...

CVE-2000-0037

Majordomo wrapper allows local users to gain privileges by specifying an alternate configuration file...

Majordomo 1.94.4/1.94.5 - Local -C Parameter (1)

source: https://www.securityfocus.com/bid/903/info It is possible for a local user to gain majordomo privileges through a vulnerability which allows privileged arbitrary commands to be executed. If the -C parameter is passed to majordomo or one of several other scripts when run with the setuid ro...

Majordomo 1.94.41.94.5 - Local -C Parameter (1)

Majordomo 1.94.41.94.5 - Local -C Parameter 1 source: https://www.securityfocus.com/bid/903/info It is possible for a local user to gain majordomo privileges through a vulnerability which allows privileged arbitrary commands to be executed. If the -C parameter is passed to majordomo or one of...

Majordomo 1.94.4/1.94.5 - Local -C Parameter (2)

// source: https://www.securityfocus.com/bid/903/info It is possible for a local user to gain majordomo privileges through a vulnerability which allows privileged arbitrary commands to be executed. If the -C parameter is passed to majordomo or one of several other scripts when run with the setuid...

Great Circle Associates Majordomo 1.94.4 - Local resend

Great Circle Associates Majordomo 1.94.4 - Local resend source: https://www.securityfocus.com/bid/902/info It is possible to execute arbitrary commands with elevated privileges through exploiting the majordomo binary, "resend". A setuid root wrapper program calls resend after setuiding and...

Great Circle Associates Majordomo 1.94.4 - Local resend

source: https://www.securityfocus.com/bid/902/info It is possible to execute arbitrary commands with elevated privileges through exploiting the majordomo binary, "resend". A setuid root wrapper program calls resend after setuiding and setgiding to lowered but still elevated privileges which it ru...

CVE-1999-1220

Majordomo 1.94.3 and earlier allows remote attackers to execute arbitrary commands when the advertise or noadvertise directive is used in a configuration file, via shell metacharacters in the Reply-To header...

CVE-1999-0207

Remote attacker can execute commands through Majordomo using the Reply-To field and a "lists" command...

Majordomo 1.891.90 - lists Command Execution

Majordomo 1.891.90 - lists Command Execution source: https://www.securityfocus.com/bid/2310/info Majordomo is a perl-based Internet e-mail list server. Versions prior to 1.91 are vulnerable to an attack whereby specially crafted e-mail headers are incorrectly processed, yielding the ability to...