) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:gnu:mailman:2.1.2:*:*:*:*:*:*:*
- CPE Name Search: true
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2006-3636 |
Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.9rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Published: September 05, 2006; 8:04:00 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
| CVE-2006-0052 |
The attachment scrubber (Scrubber.py) in Mailman 2.1.5 and earlier, when using Python's library email module 2.5, allows remote attackers to cause a denial of service (mailing list delivery failure) via a multipart MIME message with a single part that has two blank lines between the first boundary and the end boundary. Published: March 31, 2006; 6:06:00 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
| CVE-2005-3573 |
Scrubber.py in Mailman 2.1.5-8 does not properly handle UTF8 character encodings in filenames of e-mail attachments, which allows remote attackers to cause a denial of service (application crash). Published: November 16, 2005; 2:42:00 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
| CVE-2005-0202 |
Directory traversal vulnerability in the true_path function in private.py for Mailman 2.1.5 and earlier allows remote attackers to read arbitrary files via ".../....///" sequences, which are not properly cleansed by regular expressions that are intended to remove "../" and "./" sequences. Published: May 02, 2005; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
| CVE-2004-1177 |
Cross-site scripting (XSS) vulnerability in the driver script in mailman before 2.1.5 allows remote attackers to inject arbitrary web script or HTML via a URL, which is not properly escaped in the resulting error page. Published: January 10, 2005; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
| CVE-2004-1143 |
The password generation in mailman before 2.1.5 generates only 5 million unique passwords, which makes it easier for remote attackers to guess passwords via a brute force attack. Published: December 31, 2004; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
| CVE-2004-0412 |
Mailman before 2.1.5 allows remote attackers to obtain user passwords via a crafted email request to the Mailman server. Published: August 18, 2004; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
| CVE-2003-0965 |
Cross-site scripting (XSS) vulnerability in the admin CGI script for Mailman before 2.1.4 allows remote attackers to steal session cookies and conduct unauthorized activities. Published: February 17, 2004; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
| CVE-2003-0992 |
Cross-site scripting (XSS) vulnerability in the create CGI script for Mailman before 2.1.3 allows remote attackers to steal cookies of other users. Published: February 17, 2004; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
| CVE-2002-0389 |
Pipermail in Mailman stores private mail messages with predictable filenames in a world-executable directory, which allows local users to read private mailing list archives. Published: June 18, 2002; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |
| CVE-2001-0884 |
Cross-site scripting vulnerability in Mailman email archiver before 2.08 allows attackers to obtain sensitive information or authentication credentials via a malicious link that is accessed by other web users. Published: December 21, 2001; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 5.1 MEDIUM |