Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Mailman
(Gnu)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 47 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2006-03-31 | CVE-2006-0052 | The attachment scrubber (Scrubber.py) in Mailman 2.1.5 and earlier, when using Python's library email module 2.5, allows remote attackers to cause a denial of service (mailing list delivery failure) via a multipart MIME message with a single part that has two blank lines between the first boundary and the end boundary. | Mailman | N/A | ||
| 2005-12-11 | CVE-2005-4153 | Mailman 2.1.4 through 2.1.6 allows remote attackers to cause a denial of service via a message that causes the server to "fail with an Overflow on bad date data in a processed message," a different vulnerability than CVE-2005-3573. | Mailman | N/A | ||
| 2005-11-16 | CVE-2005-3573 | Scrubber.py in Mailman 2.1.5-8 does not properly handle UTF8 character encodings in filenames of e-mail attachments, which allows remote attackers to cause a denial of service (application crash). | Mailman | N/A | ||
| 2005-05-02 | CVE-2005-0202 | Directory traversal vulnerability in the true_path function in private.py for Mailman 2.1.5 and earlier allows remote attackers to read arbitrary files via ".../....///" sequences, which are not properly cleansed by regular expressions that are intended to remove "../" and "./" sequences. | Mailman | N/A | ||
| 2005-05-02 | CVE-2005-0080 | The 55_options_traceback.dpatch patch for mailman 2.1.5 in Ubuntu 4.10 displays a different error message depending on whether the e-mail address is subscribed to a private list, which allows remote attackers to determine the list membership for a given e-mail address. | Mailman, Ubuntu_linux | N/A | ||
| 2005-01-10 | CVE-2004-1177 | Cross-site scripting (XSS) vulnerability in the driver script in mailman before 2.1.5 allows remote attackers to inject arbitrary web script or HTML via a URL, which is not properly escaped in the resulting error page. | Mailman | N/A | ||
| 2004-12-31 | CVE-2004-1143 | The password generation in mailman before 2.1.5 generates only 5 million unique passwords, which makes it easier for remote attackers to guess passwords via a brute force attack. | Mailman | N/A | ||
| 2004-08-18 | CVE-2004-0412 | Mailman before 2.1.5 allows remote attackers to obtain user passwords via a crafted email request to the Mailman server. | Mailman | N/A | ||
| 2004-06-01 | CVE-2004-0182 | Mailman before 2.0.13 allows remote attackers to cause a denial of service (crash) via an email message with an empty subject field. | Mailman | N/A | ||
| 2004-02-17 | CVE-2003-0992 | Cross-site scripting (XSS) vulnerability in the create CGI script for Mailman before 2.1.3 allows remote attackers to steal cookies of other users. | Mailman | N/A |