79 matches found
Ubuntu 16.04 LTS / 20.04 LTS : Mailman vulnerability (USN-8067-1)
The remote Ubuntu 16.04 LTS / 20.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-8067-1 advisory. It was discovered that Mailman incorrectly handled CSRF tokens. A remote list member or moderator could possibly use their own token to craft an admin...
EUVD-2000-0697
Malware in sbrugna...
EUVD-2001-1113
Malware in sbrugna...
EUVD-2001-0290
Malware in sbrugna...
EUVD-2004-1141
Malware in sbrugna...
EUVD-2006-2938
Malware in sbrugna...
EUVD-2005-4148
Malware in sbrugna...
EUVD-2006-0060
Malware in sbrugna...
EUVD-2018-1428
Malware in sbrugna...
EUVD-2003-0955
Malware in sbrugna...
EUVD-2003-0981
Malware in sbrugna...
EUVD-2022-1824
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2021-44227
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In GNU Mailman before 2.1.38, a list member or moderator can get a CSRF token and craft an admin request using that token to set a new admin password or make...
SUSE CVE-2004-1143
The password generation in mailman before 2.1.5 generates only 5 million unique passwords, which makes it easier for remote attackers to guess passwords via a brute force attack...
SUSE CVE-2005-0202
Directory traversal vulnerability in the truepath function in private.py for Mailman 2.1.5 and earlier allows remote attackers to read arbitrary files via ".../....///" sequences, which are not properly cleansed by regular expressions that are intended to remove "../" and "./" sequences...
SUSE CVE-2006-3636
Multiple cross-site scripting XSS vulnerabilities in Mailman before 2.1.9rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
SUSE CVE-2016-6893
Cross-site request forgery CSRF vulnerability in the user options page in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the authentication of arbitrary users for requests that modify an option, as demonstrated by gaining access to the credentials of a victim's account...
SUSE CVE-2019-3693
A symlink following vulnerability in the packaging of mailman in SUSE Linux Enterprise Server 11, SUSE Linux Enterprise Server 12; openSUSE Leap 15.1 allowed local attackers to escalate their privileges from user wwwrun to root. Additionally arbitrary files could be changed to group mailman. This...
SUSE CVE-2021-42097
GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csrftoken value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin e.g., for account takeover...
The vulnerability of the GNU Mailman email distribution management package lies in its insufficient verification of the HTTP request source, allowing attackers to execute attacks by manipulating inter-site requests.
The vulnerability of the GNU Mailman email distribution management package lies in insufficient validation of the HTTP request source. Exploiting this vulnerability could allow a malicious actor to trick the victim into visiting a specially crafted web page and performing arbitrary actions on...