Mailman Security Vulnerabilities and Issues — Mailman CVE List

Lucene search

GnuMailman

6 matches found

CVE•added 2006/09/06 12:4 a.m.•70 views

CVE-2006-3636

Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.9rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

6.8CVSS5.5AI score0.2227EPSS

CVE•added 2006/09/07 7:4 p.m.•62 views

CVE-2006-4624

CRLF injection vulnerability in Utils.py in Mailman before 2.1.9rc1 allows remote attackers to spoof messages in the error log and possibly trick the administrator into visiting malicious URLs via CRLF sequences in the URI.

2.6CVSS6.6AI score0.02388EPSS

CVE•added 2006/09/06 12:4 a.m.•52 views

CVE-2006-2941

Mailman before 2.1.9rc1 allows remote attackers to cause a denial of service via unspecified vectors involving "standards-breaking RFC 2231 formatted headers".

5CVSS6.3AI score0.06125EPSS

CVE•added 2006/03/31 11:6 a.m.•51 views

CVE-2006-0052

The attachment scrubber (Scrubber.py) in Mailman 2.1.5 and earlier, when using Python's library email module 2.5, allows remote attackers to cause a denial of service (mailing list delivery failure) via a multipart MIME message with a single part that has two blank lines between the first boundary ...

5CVSS6.2AI score0.06409EPSS

CVE•added 2006/09/19 9:7 p.m.•48 views

CVE-2006-2191

Format string vulnerability in Mailman before 2.1.9 allows attackers to execute arbitrary code via unspecified vectors. NOTE: the vendor has disputed this vulnerability, stating that it is "unexploitable.

7.5CVSS7.2AI score0.00537EPSS

CVE•added 2006/04/11 7:6 p.m.•42 views

CVE-2006-1712

Cross-site scripting (XSS) vulnerability in the private archive script (private.py) in GNU Mailman 2.1.7 allows remote attackers to inject arbitrary web script or HTML via the action argument.

2.6CVSS5.5AI score0.00558EPSS