7 results (0.004 seconds)

CVSS: 9.8EPSS: 72%CPEs: 1EXPL: 1

MajorDoMo (aka Major Domestic Module) before 0662e5e allows command execution via thumb.php shell metacharacters. NOTE: this is unrelated to the Majordomo mailing-list manager. MajorDoMo (también conocido como Major Domestic Module) anterior a 0662e5e permite la ejecución de comandos a través de metacaracteres del shell thumb.php. NOTA: esto no está relacionado con el administrador de listas de correo de Majordomo. MajorDoMo versions prior to 0662e5e suffer from an unauthenticated remote code execution vulnerability. • https://github.com/Chocapikk/CVE-2023-50917 http://packetstormsecurity.com/files/176273/MajorDoMo-Remote-Code-Execution.html http://packetstormsecurity.com/files/176669/MajorDoMo-Command-Injection.html http://seclists.org/fulldisclosure/2023/Dec/19 https://github.com/sergejey/majordomo/commit/0662e5ebfb133445ff6154b69c61019357092178 https://github.com/sergejey/majordomo/commit/3ec3ffb863ea3c2661ab27d398776c551f4daaac https://chocapikk.com/posts/2023/cve-2023-50917 https://github.com/sergejey/majordomo • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0

Cross-site scripting (XSS) vulnerability in the Majordomo extension 1.1.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de comandos en sitios cruzados en la extensión de TYPO3 "Majordomo" v1.1.3 y anteriores permite a atacantes remotos inyectar HTML o scripts web a través de vectores no especificados. • http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1

The which_access variable for Majordomo 2.0 through 1.94.4, and possibly earlier versions, is set to "open" by default, which allows remote attackers to identify the email addresses of members of mailing lists via a "which" command. • http://securityreason.com/securityalert/3235 http://www.securityfocus.com/archive/1/310113 http://www.securityfocus.com/bid/6761 https://exchange.xforce.ibmcloud.com/vulnerabilities/11243 • CWE-16: Configuration •

CVSS: 4.6EPSS: 0%CPEs: 2EXPL: 2

Majordomo wrapper allows local users to gain privileges by specifying an alternate configuration file. • https://www.exploit-db.com/exploits/19699 https://www.exploit-db.com/exploits/19700 http://marc.info/?l=bugtraq&m=94780294009285&w=2 http://www.redhat.com/support/errata/RHSA-2000-005.html http://www.securityfocus.com/bid/903 •

CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 1

resend command in Majordomo allows local users to gain privileges via shell metacharacters. • https://www.exploit-db.com/exploits/19698 http://marc.info/?l=bugtraq&m=94780294009285&w=2 http://www.securityfocus.com/bid/902 •