Endymion: >> Mailman Webmail Security Vulnerabilities
Directory traversal vulnerability in Endymion MailMan before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) and a null character in the ALTERNATE_TEMPLATES parameter for various mmstdo*.cgi programs.
CVSS Score
5.0
EPSS Score
0.012
Published
2002-08-12
MailMan Webmail 3.0.25 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the alternate_template parameter.
CVSS Score
10.0
EPSS Score
0.095
Published
2001-02-16
The default permissions for Endymion MailMan allow local users to read email or modify files.
CVSS Score
3.6
EPSS Score
0.001
Published
1999-12-02