8 matches found
SLES9: Security update for mailman
The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: mailman For more information, please visit the referenced security advisories. More details may also be found by searching for keyword 5018754 within the SuS...
Gentoo Security Advisory GLSA 200501-29 (mailman)
The remote host is missing updates announced in advisory GLSA 200501-29. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
Fedora Core 2 : mailman-2.1.5-10.fc2 (2005-241)
A cross-site scripting XSS flaw in the driver script of mailman prior to version 2.1.5 could allow remote attackers to execute scripts as other web users. The Common Vulnerabilities and Exposures project cve.mitre.org has assigned the name CVE-2004-1177 to this issue. Users of mailman should upda...
RHEL 4 : mailman (RHSA-2005:235)
The remote Redhat Enterprise Linux 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2005:235 advisory. Mailman manages electronic mail discussion and e-newsletter lists. A cross-site scripting XSS flaw in the driver script of mailman prior to version...
CVE-2004-1177
CVE-2004-1177 is an XSS vulnerability in Mailman’s driver script (affecting mailman up to before 2.1.5) where an unescaped URL in an error page can inject arbitrary script/HTML. Public references (GHSA advisory and multiple OpenVAS/Debian/SUSE entries) confirm the issue and link to affected Mailm...
CVE-2004-1177
Cross-site scripting XSS vulnerability in the driver script in mailman before 2.1.5 allows remote attackers to inject arbitrary web script or HTML via a URL, which is not properly escaped in the resulting error page...
CVE-2004-1177
Removed by vendor...
CVE-2004-1177
Cross-site scripting XSS vulnerability in the driver script in mailman before 2.1.5 allows remote attackers to inject arbitrary web script or HTML via a URL, which is not properly escaped in the resulting error page...