MiracleLinux 7 : mailman-2.1.15-30.el7 (AXSA:2020-4558:01)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2020-4558:01 advisory. mailman: Cross-site scripting vulnerability allows malicious listowners to inject scripts into listinfo pages CVE-2018-0618 mailman: Mishandled URLs...

MiracleLinux 4 : mailman-2.1.12-14.AXS4.2 (AXSA:2011-73:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2011-73:01 advisory. Mailman is software to help manage email discussion lists, much like Majordomo and Smartmail. Unlike most similar products, Mailman gives each mailing...

EUVD-2006-4612

Malware in sbrugna...

Exploit for OS Command Injection in Gnu Mailman

CVE-2025-43920: Command Injection via Email Subject in GNU Mai...

The software’s vulnerability involves providing a web interface for accessing GNU Mailman v3 archives and interacting with Hyperkitty lists. This vulnerability allows an attacker to gain access to confidential data.

The vulnerability of the software that provides a web interface for accessing GNU Mailman v3 archives and interacting with Hyperkitty lists is related to an error during the import of private distribution list archives, which later became publicly accessible. Exploiting this vulnerability could...

security flaw

Directory traversal vulnerability in the truepath function in private.py for Mailman 2.1.5 and earlier allows remote attackers to read arbitrary files via ".../....///" sequences, which are not properly cleansed by regular expressions that are intended to remove "../" and "./" sequences...

mailman -- generated passwords are poor quality

Florian Weimer wrote: Mailman 2.1.5 uses weak auto-generated passwords for new subscribers. These passwords are assigned when members subscribe without specifying their own password either by email or the web frontend. Knowledge of this password allows an attacker to gain access to the list archi...

[Full-Disclosure] [ GLSA 200406-04 ] Mailman: Member password disclosure vulnerability

Gentoo Linux Security Advisory GLSA 200406-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...

CVE-2003-0965

Cross-site scripting XSS vulnerability in the admin CGI script for Mailman before 2.1.4 allows remote attackers to steal session cookies and conduct unauthorized activities...

CVE-2000-0861

Mailman 1.1 allows list administrators to execute arbitrary commands via shell metacharacters in the %listname macro expansion...