10 matches found
EUVD-2005-0203
Malware in sbrugna...
Fedora Core 3 : mailman-2.1.5-30.fc3 (2005-132)
There is a critical security flaw in Mailman 2.1.5 which will allow attackers to read arbitrary files. The extent of the vulnerability depends on what version of Apache httpd you are running, and possibly how you have configured your web server. It is believed the vulnerability is not available...
Fedora Core 2 : mailman-2.1.5-8.fc2 (2005-131)
There is a critical security flaw in Mailman 2.1.5 which will allow attackers to read arbitrary files. The extent of the vulnerability depends on what version of Apache httpd you are running, and possibly how you have configured your web server. It is believed the vulnerability is not available...
CVE-2006-0052
The attachment scrubber Scrubber.py in Mailman 2.1.5 and earlier, when using Python's library email module 2.5, allows remote attackers to cause a denial of service mailing list delivery failure via a multipart MIME message with a single part that has two blank lines between the first boundary an...
CVE-2006-0052
Removed by vendor...
CVE-2005-3573
Scrubber.py in Mailman 2.1.5-8 does not properly handle UTF8 character encodings in filenames of e-mail attachments, which allows remote attackers to cause a denial of service application crash...
FreeBSD : mailman -- generated passwords are poor quality (b3cd00f7-c0c5-452d-87bc-086c5635333e)
Florian Weimer wrote : Mailman 2.1.5 uses weak auto-generated passwords for new subscribers. These passwords are assigned when members subscribe without specifying their own password either by email or the web frontend. Knowledge of this password allows an attacker to gain access to the list...
CVE-2005-0080
The 55optionstraceback.dpatch patch for mailman 2.1.5 in Ubuntu 4.10 displays a different error message depending on whether the e-mail address is subscribed to a private list, which allows remote attackers to determine the list membership for a given e-mail address...
CVE-2005-0080
The 55optionstraceback.dpatch patch for mailman 2.1.5 in Ubuntu 4.10 displays a different error message depending on whether the e-mail address is subscribed to a private list, which allows remote attackers to determine the list membership for a given e-mail address...
CVE-2005-0202
Removed by vendor...