Great Circle Associates: >> Majordomo Security Vulnerabilities
The which_access variable for Majordomo 2.0 through 1.94.4, and possibly earlier versions, is set to "open" by default, which allows remote attackers to identify the email addresses of members of mailing lists via a "which" command.
CVSS Score
7.8
EPSS Score
0.003
Published
2003-12-31
resend command in Majordomo allows local users to gain privileges via shell metacharacters.
CVSS Score
4.6
EPSS Score
0.001
Published
1999-12-28
Majordomo wrapper allows local users to gain privileges by specifying an alternate configuration file.
CVSS Score
4.6
EPSS Score
0.001
Published
1999-12-28
Majordomo 1.94.3 and earlier allows remote attackers to execute arbitrary commands when the advertise or noadvertise directive is used in a configuration file, via shell metacharacters in the Reply-To header.
CVSS Score
7.5
EPSS Score
0.016
Published
1997-08-24
Remote attacker can execute commands through Majordomo using the Reply-To field and a "lists" command.
CVSS Score
7.5
EPSS Score
0.061
Published
1994-06-09