77 matches found
Ubuntu 16.04 LTS / 20.04 LTS : Mailman vulnerability (USN-8067-1)
The remote Ubuntu 16.04 LTS / 20.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-8067-1 advisory. It was discovered that Mailman incorrectly handled CSRF tokens. A remote list member or moderator could possibly use their own token to craft an admin...
EUVD-2000-0697
Malware in sbrugna...
EUVD-2001-1113
Malware in sbrugna...
EUVD-2001-0290
Malware in sbrugna...
EUVD-2003-0955
Malware in sbrugna...
EUVD-2003-0981
Malware in sbrugna...
EUVD-2004-1141
Malware in sbrugna...
EUVD-2005-4148
Malware in sbrugna...
EUVD-2006-2938
Malware in sbrugna...
EUVD-2006-0060
Malware in sbrugna...
EUVD-2018-1428
Malware in sbrugna...
EUVD-2022-1824
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2021-44227
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In GNU Mailman before 2.1.38, a list member or moderator can get a CSRF token and craft an admin request using that token to set a new admin password or make...
SUSE CVE-2004-1143
The password generation in mailman before 2.1.5 generates only 5 million unique passwords, which makes it easier for remote attackers to guess passwords via a brute force attack...
SUSE CVE-2005-0202
Directory traversal vulnerability in the truepath function in private.py for Mailman 2.1.5 and earlier allows remote attackers to read arbitrary files via ".../....///" sequences, which are not properly cleansed by regular expressions that are intended to remove "../" and "./" sequences...
SUSE CVE-2006-3636
Multiple cross-site scripting XSS vulnerabilities in Mailman before 2.1.9rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
SUSE CVE-2016-6893
Cross-site request forgery CSRF vulnerability in the user options page in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the authentication of arbitrary users for requests that modify an option, as demonstrated by gaining access to the credentials of a victim's account...
SUSE CVE-2019-3693
A symlink following vulnerability in the packaging of mailman in SUSE Linux Enterprise Server 11, SUSE Linux Enterprise Server 12; openSUSE Leap 15.1 allowed local attackers to escalate their privileges from user wwwrun to root. Additionally arbitrary files could be changed to group mailman. This...
SUSE CVE-2021-42097
GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csrftoken value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin e.g., for account takeover...
mailman: CSRF token derived from admin password allows offline brute-force attack
Sensitive information is exposed to unprivileged users in mailman. The hash of the list admin password is used to derive the CSRF Cross-site Request Forgery token, which is exposed to unprivileged members of a list. Malicious members may use the CSRF token to perform an offline brute-force attack...