Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Mailman
(Gnu)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 44 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2005-05-02 | CVE-2005-0202 | Directory traversal vulnerability in the true_path function in private.py for Mailman 2.1.5 and earlier allows remote attackers to read arbitrary files via ".../....///" sequences, which are not properly cleansed by regular expressions that are intended to remove "../" and "./" sequences. | Mailman | N/A | ||
| 2005-05-02 | CVE-2005-0080 | The 55_options_traceback.dpatch patch for mailman 2.1.5 in Ubuntu 4.10 displays a different error message depending on whether the e-mail address is subscribed to a private list, which allows remote attackers to determine the list membership for a given e-mail address. | Mailman, Ubuntu_linux | N/A | ||
| 2005-01-10 | CVE-2004-1177 | Cross-site scripting (XSS) vulnerability in the driver script in mailman before 2.1.5 allows remote attackers to inject arbitrary web script or HTML via a URL, which is not properly escaped in the resulting error page. | Mailman | N/A | ||
| 2004-12-31 | CVE-2004-1143 | The password generation in mailman before 2.1.5 generates only 5 million unique passwords, which makes it easier for remote attackers to guess passwords via a brute force attack. | Mailman | N/A | ||
| 2004-08-18 | CVE-2004-0412 | Mailman before 2.1.5 allows remote attackers to obtain user passwords via a crafted email request to the Mailman server. | Mailman | N/A | ||
| 2004-06-01 | CVE-2004-0182 | Mailman before 2.0.13 allows remote attackers to cause a denial of service (crash) via an email message with an empty subject field. | Mailman | N/A | ||
| 2004-02-17 | CVE-2003-0992 | Cross-site scripting (XSS) vulnerability in the create CGI script for Mailman before 2.1.3 allows remote attackers to steal cookies of other users. | Mailman | N/A | ||
| 2004-03-03 | CVE-2003-0991 | Unknown vulnerability in the mail command handler in Mailman before 2.0.14 allows remote attackers to cause a denial of service (crash) via malformed e-mail commands. | Mailman, Propack | N/A | ||
| 2004-02-17 | CVE-2003-0965 | Cross-site scripting (XSS) vulnerability in the admin CGI script for Mailman before 2.1.4 allows remote attackers to steal session cookies and conduct unauthorized activities. | Mailman | N/A | ||
| 2003-02-07 | CVE-2003-0038 | Cross-site scripting (XSS) vulnerability in options.py for Mailman 2.1 allows remote attackers to inject script or HTML into web pages via the (1) email or (2) language parameters. | Mailman | N/A |