CVE-2003-1367
https://notcve.org/view.php?id=CVE-2003-1367
The which_access variable for Majordomo 2.0 through 1.94.4, and possibly earlier versions, is set to "open" by default, which allows remote attackers to identify the email addresses of members of mailing lists via a "which" command. • http://securityreason.com/securityalert/3235 http://www.securityfocus.com/archive/1/310113 http://www.securityfocus.com/bid/6761 https://exchange.xforce.ibmcloud.com/vulnerabilities/11243 • CWE-16: Configuration •
CVE-2000-0037 – Majordomo 1.94.4/1.94.5 - Local -C Parameter
https://notcve.org/view.php?id=CVE-2000-0037
Majordomo wrapper allows local users to gain privileges by specifying an alternate configuration file. • https://www.exploit-db.com/exploits/19699 https://www.exploit-db.com/exploits/19700 http://marc.info/?l=bugtraq&m=94780294009285&w=2 http://www.redhat.com/support/errata/RHSA-2000-005.html http://www.securityfocus.com/bid/903 •
CVE-2000-0035 – Great Circle Associates Majordomo 1.94.4 - Local resend
https://notcve.org/view.php?id=CVE-2000-0035
resend command in Majordomo allows local users to gain privileges via shell metacharacters. • https://www.exploit-db.com/exploits/19698 http://marc.info/?l=bugtraq&m=94780294009285&w=2 http://www.securityfocus.com/bid/902 •
CVE-1999-1220
https://notcve.org/view.php?id=CVE-1999-1220
Majordomo 1.94.3 and earlier allows remote attackers to execute arbitrary commands when the advertise or noadvertise directive is used in a configuration file, via shell metacharacters in the Reply-To header. • http://www.securityfocus.com/archive/1/7527 https://exchange.xforce.ibmcloud.com/vulnerabilities/502 •
CVE-1999-0207 – Majordomo 1.89/1.90 - 'lists' Command Execution
https://notcve.org/view.php?id=CVE-1999-0207
Remote attacker can execute commands through Majordomo using the Reply-To field and a "lists" command. • https://www.exploit-db.com/exploits/20597 https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0207 •