8748 matches found
CVE-2005-4794
Cisco IP Phones 7902/7905/7912, ATA 186/188, Unity Express, ACNS, and Subscriber Edge Services Manager SESM allows remote attackers to cause a denial of service crash or instability via a compressed DNS packet with a label length byte with an incorrect offset...
Mailman Password Retrieval
The target is running version of the Mailman mailing list software that allows a list subscriber to retrieve the mailman password of any other subscriber by means of a specially crafted mail message to the server. That is, a message sent to $listname-request@$target containing the lines : passwor...
Mailman private.py true_path Function Traversal Arbitrary File Access
According to its version number, the remote installation of Mailman reportedly is affected by a directory traversal vulnerability in 'Cgi/private.py'. The flaw comes into play only on web servers that don't strip extraneous slashes from URLs, such as Apache 1.3.x, and allows a list subscriber,...
mailman -- generated passwords are poor quality
Florian Weimer wrote: Mailman 2.1.5 uses weak auto-generated passwords for new subscribers. These passwords are assigned when members subscribe without specifying their own password either by email or the web frontend. Knowledge of this password allows an attacker to gain access to the list archi...
security flaw
Buffer overflow in Ethereal 0.9.15 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed GTP MSISDN string...
Important: Red Hat Security Advisory: : Updated mailman packages close cross-site scripting vulnerability
Updated mailman packages are now available for Red Hat Power Tools 7 and 7.1. These updates close a cross-site scripting vulnerability present in mailman versions prior to version 2.0.12. Mailman versions prior to 2.0.12 contain a cross-site scripting vulnerability in the processing of invalid...
CVE-2002-0855
Cross-site scripting vulnerability in Mailman before 2.0.12 allows remote attackers to execute script as other users via a subscriber's list subscription options in the 1 adminpw or 2 info parameters to the ml-name feature...
webtv-insecurities.txt
Date: Mon, 12 Oct 1998 21:32:49 -0600 MDT From: mea culpa To: InfoSec News Subject: ISN Web TV owns your cache Forwarded From: Jon http://www.usatoday.com/life/cyber/zd/zd7.htm 10/12/98- WebTV is watching you From: Inter@ctive Week Online Microsoft Corp.'s WebTV Networks Inc. is quietly using a...