8 matches found
Uber: It's possible to view configuration and/or source code on uchat.awscorp.uberinternal.com without
Summary Configuration file and/or source code information leakage without Uber OneLogin SSO authentication. Security Impact Misconfiguration on the server results in information leakage without authentication. Reproduction Steps...
Fedora Core 2 : mailman-2.1.5-8.fc2 (2005-131)
There is a critical security flaw in Mailman 2.1.5 which will allow attackers to read arbitrary files. The extent of the vulnerability depends on what version of Apache httpd you are running, and possibly how you have configured your web server. It is believed the vulnerability is not available...
Fedora Core 3 : mailman-2.1.5-30.fc3 (2005-132)
There is a critical security flaw in Mailman 2.1.5 which will allow attackers to read arbitrary files. The extent of the vulnerability depends on what version of Apache httpd you are running, and possibly how you have configured your web server. It is believed the vulnerability is not available...
Gentoo Security Advisory GLSA 200502-11 (mailman)
The remote host is missing updates announced in advisory GLSA 200502-11. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
FreeBSD Ports: mailman, ja-mailman
The remote host is missing an update to the system as announced in the referenced advisory. VID c7ccc33f-7d31-11d9-a9e7-0001020eed82 OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...
RHEL 4 : mailman (RHSA-2005:137)
The remote Redhat Enterprise Linux 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2005:137 advisory. Mailman is software to help manage email discussion lists. A flaw in the truepath function of Mailman was discovered. A remote attacker who is a membe...
Mandrake Linux Security Advisory : mailman (MDKSA-2005:037)
A vulnerability was discovered in Mailman, which allows a remote directory traversal exploit using URLs of the form '.../....///' to access private Mailman configuration data. The vulnerability lies in the Mailman/Cgi/private.py file. Updated packages correct this issue. %NASLMINLEVEL 70300 C...
CVE-2005-0202
CVE-2005-0202 concerns a directory-traversal in Mailman 2.1.5 and earlier, arising from an insufficient cleanse of "../" and "../" sequences in the true_path function of private.py. The flaw allows remote attackers to read arbitrary files by crafting URLs like ".../....///". The issue is caused b...