Mailman@2.1.5 Security Vulnerabilities and Issues — Mailman@2.1.5 CVE List

Lucene search

GnuMailman2.1.5

4 matches found

CVE•added 2005/05/02 4:0 a.m.•63 views

CVE-2005-0202

Directory traversal vulnerability in the true_path function in private.py for Mailman 2.1.5 and earlier allows remote attackers to read arbitrary files via ".../....///" sequences, which are not properly cleansed by regular expressions that are intended to remove "../" and "./" sequences.

5CVSS9.3AI score0.02731EPSS

CVE•added 2005/12/11 2:3 a.m.•60 views

CVE-2005-4153

Mailman 2.1.4 through 2.1.6 allows remote attackers to cause a denial of service via a message that causes the server to "fail with an Overflow on bad date data in a processed message," a different vulnerability than CVE-2005-3573.

7.8CVSS6.2AI score0.08698EPSS

CVE•added 2005/11/16 7:42 a.m.•59 views

CVE-2005-3573

Scrubber.py in Mailman 2.1.5-8 does not properly handle UTF8 character encodings in filenames of e-mail attachments, which allows remote attackers to cause a denial of service (application crash).

5CVSS6.2AI score0.05745EPSS

CVE•added 2005/05/02 4:0 a.m.•52 views

CVE-2005-0080

The 55_options_traceback.dpatch patch for mailman 2.1.5 in Ubuntu 4.10 displays a different error message depending on whether the e-mail address is subscribed to a private list, which allows remote attackers to determine the list membership for a given e-mail address.

5CVSS6.6AI score0.00391EPSS