16974 matches found
CVE-2021-40347
The CVE-2021-40347 issue affects GNU Mailman Postorius (views/list.py) for versions before 1.3.5. An authenticated attacker can send a crafted POST request to unsubscribe any user from a mailing list and can reveal whether that address was subscribed. Remediation: upgrade Postorius to 1.3.5 or ne...
CVE-2021-38354
The GNU-Mailman Integration WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the gmerror parameter found in the /includes/admin/mailing-lists-page.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.6...
CVE-2021-38354
The GNU-Mailman Integration WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the gmerror parameter found in the /includes/admin/mailing-lists-page.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.6...
Cross site scripting
The GNU-Mailman Integration WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the gmerror parameter found in the /includes/admin/mailing-lists-page.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.6...
CVE-2021-38354
The issue is a Reflected Cross-Site Scripting vulnerability in the WordPress plugin GNU-Mailman Integration (versions up to and including 1.0.6). The flaw is triggered via the gm_error parameter in the file path ~/includes/admin/mailing-lists-page.php , allowing an attacker to inject arbitrary we...
CVE-2021-38354 GNU-Mailman Integration <= 1.0.6 Reflected Cross-Site Scripting
The GNU-Mailman Integration WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the gmerror parameter found in the /includes/admin/mailing-lists-page.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.6...
WordPress 插件跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists i...
Debian DSA-4970-1 : postorius - security update
The remote Debian 10 / 11 host has a package installed that is affected by a vulnerability as referenced in the dsa-4970 advisory. Kevin Israel discovered that Postorius, the administrative web frontend for Mailman 3, didn't validate whether a logged-in user owns the email address when...
GNU-Mailman Integration <= 1.0.6 - Reflected Cross-Site Scripting
The plugin is vulnerable to Reflected Cross-Site Scripting via the gmerror parameter found in the /includes/admin/mailing-lists-page.php file which allows attackers to inject arbitrary web scripts...
GNU Mailman 访问控制错误漏洞
GNU Mailman is a free suite of software from the GNU community for managing e-mail discussions and e-mail lists. The software integrates with web projects to make it easy for users to manage email subscription accounts and provides built-in archiving, automatic forwarding processing, content...
WordPress GNU-Mailman Integration plugin <= 1.0.6 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress GNU-Mailman Integration plugin versions = 1.0.6. Solution This plugin has been closed as of September 7, 2021 and is not available for download. This closure is temporary, pending a full review...
PT-2021-22867 · Gnu +2 · Gnu Mailman Postorius +2
Name of the Vulnerable Software and Affected Versions: GNU Mailman Postorius versions prior to 1.3.5 Description: An issue was discovered in views/list.py in GNU Mailman Postorius. An attacker, logged into any account, can send a crafted POST request to unsubscribe any user from a mailing list,...
USN-5064-1: GNU cpio vulnerability
Maverick Chung and Qiaoyi Fang discovered that cpio incorrectly handled certain pattern files. A remote attacker could use this issue to cause cpio to crash, resulting in a denial of service, or possibly execute arbitrary code...
ROS-2-1267
2.1267 Memory Leak in GNU Tar CVE-2021-20193 1. Vulnerability description: The vulnerability allows a remote attacker to perform a DoS attack on a target system. The vulnerability exists due to a memory leak in the readheader function in list.c. A remote attacker could pass a specially crafted...
Ubuntu 18.04 LTS / 20.04 LTS : GNU cpio vulnerability (USN-5064-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5064-1 advisory. Maverick Chung and Qiaoyi Fang discovered that cpio incorrectly handled certain pattern files. A remote attacker could use this issue to cause cpio to...
ROS-2-439
2.439 Vulnerability in GNU C Library glibc 2.32 CVE-2016-10228,CVE-2020-10029. 1. Vulnerability Description: CVE-2016-10228 Looping in iconv utility, manifested when run with "-c" option, in case of incorrect multibyte data processing. CVE-2020-10029 Stack corruption when trigonometric functions...
ROS-2-2188
2.2188 Memory Leak in GNU Tar CVE-2021-20193 1. Vulnerability Description: Vulnerability allows a remote attacker to perform a DoS attack on a target system. The vulnerability exists due to a memory leak in the readheader function in list.c. A remote attacker could pass a specially crafted archiv...
ROS-2-1189
2.1189 Memory Leak in GNU Tar CVE-2021-20193 1. Vulnerability Description: The vulnerability allows a remote attacker to perform a DoS attack on a target system. The vulnerability exists due to a memory leak in the readheader function in list.c. A remote attacker could pass a specially crafted...
ROS-2-655
2.655 Memory Leak in GNU Tar CVE-2021-20193 1. Vulnerability Description: The vulnerability allows a remote attacker to perform a DoS attack on a target system. The vulnerability exists due to a memory leak in the readheader function in list.c. A remote attacker could pass a specially crafted...
ROS-2-462
2.462 Memory Leak in GNU Tar CVE-2021-20193 1. Vulnerability Description: The vulnerability allows a remote attacker to perform a DoS attack on a target system. The vulnerability exists due to a memory leak in the readheader function in list.c. A remote attacker could pass a specially crafted...