Vulnerabilities > GNU > Mailman > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-12-02 | CVE-2021-44227 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products In GNU Mailman before 2.1.38, a list member or moderator can get a CSRF token and craft an admin request (using that token) to set a new admin password or make other changes. | 8.8 |
2021-10-21 | CVE-2021-42097 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products GNU Mailman before 2.1.35 may allow remote Privilege Escalation. | 8.0 |
2015-04-13 | CVE-2015-2775 | Path Traversal vulnerability in multiple products Directory traversal vulnerability in GNU Mailman before 2.1.20, when not using a static alias, allows remote attackers to execute arbitrary files via a .. | 7.6 |
2005-12-11 | CVE-2005-4153 | Denial Of Service vulnerability in GNU Mailman 2.1.4/2.1.5/2.1.6 Mailman 2.1.4 through 2.1.6 allows remote attackers to cause a denial of service via a message that causes the server to "fail with an Overflow on bad date data in a processed message," a different vulnerability than CVE-2005-3573. | 7.8 |
2004-12-31 | CVE-2004-1143 | Unspecified vulnerability in GNU Mailman The password generation in mailman before 2.1.5 generates only 5 million unique passwords, which makes it easier for remote attackers to guess passwords via a brute force attack. | 7.5 |
2002-09-05 | CVE-2002-0855 | Cross-Site Scripting vulnerability in GNU Mailman 2.0.12 Cross-site scripting vulnerability in Mailman before 2.0.12 allows remote attackers to execute script as other users via a subscriber's list subscription options in the (1) adminpw or (2) info parameters to the ml-name feature. | 7.5 |
2002-06-18 | CVE-2002-0388 | HTML Injection vulnerability in GNU Mailman Pipermail Index Summary Cross-site scripting vulnerabilities in Mailman before 2.0.11 allow remote attackers to execute script via (1) the admin login page, or (2) the Pipermail index summaries. | 7.5 |
2001-09-05 | CVE-2001-1132 | Unspecified vulnerability in GNU Mailman Mailman 2.0.x before 2.0.6 allows remote attackers to gain access to list administrative pages when there is an empty site or list password, which is not properly handled during the call to the crypt function during authentication. | 7.5 |
2000-11-14 | CVE-2000-0861 | Unspecified vulnerability in GNU Mailman 1.1 Mailman 1.1 allows list administrators to execute arbitrary commands via shell metacharacters in the %(listname) macro expansion. | 7.2 |