Vulnerabilities > GNU > Mailman
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-11-16 | CVE-2005-3573 | Denial Of Service vulnerability in GNU Mailman Attachment Scrubber UTF8 Filename Scrubber.py in Mailman 2.1.5-8 does not properly handle UTF8 character encodings in filenames of e-mail attachments, which allows remote attackers to cause a denial of service (application crash). | 5.0 |
| 2005-05-02 | CVE-2005-0202 | Unspecified vulnerability in GNU Mailman Directory traversal vulnerability in the true_path function in private.py for Mailman 2.1.5 and earlier allows remote attackers to read arbitrary files via ".../....///" sequences, which are not properly cleansed by regular expressions that are intended to remove "../" and "./" sequences. | 5.0 |
| 2005-05-02 | CVE-2005-0080 | Remote Security vulnerability in Ubuntu Linux The 55_options_traceback.dpatch patch for mailman 2.1.5 in Ubuntu 4.10 displays a different error message depending on whether the e-mail address is subscribed to a private list, which allows remote attackers to determine the list membership for a given e-mail address. | 5.0 |
| 2005-01-10 | CVE-2004-1177 | Unspecified vulnerability in GNU Mailman Cross-site scripting (XSS) vulnerability in the driver script in mailman before 2.1.5 allows remote attackers to inject arbitrary web script or HTML via a URL, which is not properly escaped in the resulting error page. network gnu | 4.3 |
| 2004-12-31 | CVE-2004-1143 | Unspecified vulnerability in GNU Mailman The password generation in mailman before 2.1.5 generates only 5 million unique passwords, which makes it easier for remote attackers to guess passwords via a brute force attack. | 7.5 |
| 2004-08-18 | CVE-2004-0412 | Password Retrieval vulnerability in GNU Mailman Mailman before 2.1.5 allows remote attackers to obtain user passwords via a crafted email request to the Mailman server. | 5.0 |
| 2004-06-01 | CVE-2004-0182 | Unspecified vulnerability in GNU Mailman Mailman before 2.0.13 allows remote attackers to cause a denial of service (crash) via an email message with an empty subject field. | 5.0 |
| 2004-03-03 | CVE-2003-0991 | Remote Denial Of Service vulnerability in GNU Mailman Malformed Message Unknown vulnerability in the mail command handler in Mailman before 2.0.14 allows remote attackers to cause a denial of service (crash) via malformed e-mail commands. | 5.0 |
| 2004-02-17 | CVE-2003-0992 | Unspecified vulnerability in GNU Mailman Cross-site scripting (XSS) vulnerability in the create CGI script for Mailman before 2.1.3 allows remote attackers to steal cookies of other users. network gnu | 4.3 |
| 2004-02-17 | CVE-2003-0965 | Cross-Site Scripting vulnerability in GNU Mailman Admin Page Cross-site scripting (XSS) vulnerability in the admin CGI script for Mailman before 2.1.4 allows remote attackers to steal session cookies and conduct unauthorized activities. network gnu | 6.8 |