12 matches found
CVE-2016-10792
cPanel before 59.9999.145 allows code execution in the context of other accounts via mailman list archives SEC-141...
EUVD-2002-0386
Malware in sbrugna...
EUVD-2012-2345
Malware in sbrugna...
RHEL 4 : mailman (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - mailman: Local users able to read private mailing list archives CVE-2002-0389 Note that Nessus has not tested for...
mailman: XSS via file attachments in list archives
GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed application/octet-stream MIME parts. This behavior may contribute to XSS attacks against list-archive visitors, because an HTTP reply from an archive web server may lack a MIME type, and a web browser may perform MIME sniffing,...
CVE-2016-10792
cPanel before 59.9999.145 allows code execution in the context of other accounts via mailman list archives SEC-141...
CVE-2016-10792
CVE-2016-10792 affects cPanel prior to 59.9999.145. The vulnerability allows code execution in the context of other accounts via mailman list archives (SEC-141). This is the explicit impact described in connected references. The provided documents do not specify the exact vulnerable component or ...
CVE-2012-2352
The archive management arcmanage page in wwsympa/wwsympa.fcgi.in in Sympa before 6.1.11 does not check permissions, which allows remote attackers to list, read, and delete arbitrary list archives via vectors related to the 1 doarcmanage, 2 doarcdownload, or 3 doarcdelete functions...
UBUNTU-CVE-2012-2352
The archive management arcmanage page in wwsympa/wwsympa.fcgi.in in Sympa before 6.1.11 does not check permissions, which allows remote attackers to list, read, and delete arbitrary list archives via vectors related to the 1 doarcmanage, 2 doarcdownload, or 3 doarcdelete functions...
CVE-2012-2352
The archive management arcmanage page in wwsympa/wwsympa.fcgi.in in Sympa before 6.1.11 does not check permissions, which allows remote attackers to list, read, and delete arbitrary list archives via vectors related to the 1 doarcmanage, 2 doarcdownload, or 3 doarcdelete functions...
Mailman < 2.1.6b1 Directory Traversal Vulnerability
Mailman is prone to a directory traversal vulnerability. SPDX-FileCopyrightText: 2005 George A. Theall Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gnu:mailman";...
ezmlm-cgi/ezmlm-idx-0.40 security advisory
Summary: ezmlm-cgi is part of the ezmlm-idx-0.40.tar.gz package and allows web access to mailing list archives. When ezmlm-cgi is installed SUID user other than root, it can be used to execute arbitrary commands with the effective uid of the SUID user. Scope: Default installations of ezmlm-idx-0....