Gnu: >> Mailman Security Vulnerabilities
Cross-site scripting vulnerabilities in Mailman before 2.0.11 allow remote attackers to execute script via (1) the admin login page, or (2) the Pipermail index summaries.
CVSS Score
7.5
EPSS Score
0.031
Published
2002-06-18
Pipermail in Mailman stores private mail messages with predictable filenames in a world-executable directory, which allows local users to read private mailing list archives.
CVSS Score
2.1
EPSS Score
0.002
Published
2002-06-18
Cross-site scripting vulnerability in Mailman email archiver before 2.08 allows attackers to obtain sensitive information or authentication credentials via a malicious link that is accessed by other web users.
CVSS Score
5.1
EPSS Score
0.007
Published
2001-12-21
Mailman 2.0.x before 2.0.6 allows remote attackers to gain access to list administrative pages when there is an empty site or list password, which is not properly handled during the call to the crypt function during authentication.
CVSS Score
7.5
EPSS Score
0.009
Published
2001-09-05
Vulnerability in Mailman 2.0.1 and earlier allows list administrators to obtain user passwords.
CVSS Score
4.6
EPSS Score
0.001
Published
2001-05-03
Mailman 1.1 allows list administrators to execute arbitrary commands via shell metacharacters in the %(listname) macro expansion.
CVSS Score
7.2
EPSS Score
0.0
Published
2000-11-14
The wrapper program in mailman 2.0beta3 and 2.0beta4 does not properly cleanse untrusted format strings, which allows local users to gain privileges.
CVSS Score
4.6
EPSS Score
0.001
Published
2000-10-20
Page 5