Mailman private.py true_path Function Traversal Arbitrary File Access
According to its version number, the remote installation of Mailman reportedly is affected by a directory traversal vulnerability in 'Cgi/private.py'. The flaw comes into play only on web servers that don't strip extraneous slashes from URLs, such as Apache 1.3.x, and allows a list subscriber,...