5 results (0.007 seconds)

CVSS: 9.8EPSS: 72%CPEs: 1EXPL: 1

MajorDoMo (aka Major Domestic Module) before 0662e5e allows command execution via thumb.php shell metacharacters. NOTE: this is unrelated to the Majordomo mailing-list manager. MajorDoMo (también conocido como Major Domestic Module) anterior a 0662e5e permite la ejecución de comandos a través de metacaracteres del shell thumb.php. NOTA: esto no está relacionado con el administrador de listas de correo de Majordomo. MajorDoMo versions prior to 0662e5e suffer from an unauthenticated remote code execution vulnerability. • https://github.com/Chocapikk/CVE-2023-50917 http://packetstormsecurity.com/files/176273/MajorDoMo-Remote-Code-Execution.html http://packetstormsecurity.com/files/176669/MajorDoMo-Command-Injection.html http://seclists.org/fulldisclosure/2023/Dec/19 https://github.com/sergejey/majordomo/commit/0662e5ebfb133445ff6154b69c61019357092178 https://github.com/sergejey/majordomo/commit/3ec3ffb863ea3c2661ab27d398776c551f4daaac https://chocapikk.com/posts/2023/cve-2023-50917 https://github.com/sergejey/majordomo • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1

The which_access variable for Majordomo 2.0 through 1.94.4, and possibly earlier versions, is set to "open" by default, which allows remote attackers to identify the email addresses of members of mailing lists via a "which" command. • http://securityreason.com/securityalert/3235 http://www.securityfocus.com/archive/1/310113 http://www.securityfocus.com/bid/6761 https://exchange.xforce.ibmcloud.com/vulnerabilities/11243 • CWE-16: Configuration •

CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 1

resend command in Majordomo allows local users to gain privileges via shell metacharacters. • https://www.exploit-db.com/exploits/19698 http://marc.info/?l=bugtraq&m=94780294009285&w=2 http://www.securityfocus.com/bid/902 •

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1

Majordomo 1.94.3 and earlier allows remote attackers to execute arbitrary commands when the advertise or noadvertise directive is used in a configuration file, via shell metacharacters in the Reply-To header. • http://www.securityfocus.com/archive/1/7527 https://exchange.xforce.ibmcloud.com/vulnerabilities/502 •

CVSS: 7.5EPSS: 5%CPEs: 2EXPL: 1

Remote attacker can execute commands through Majordomo using the Reply-To field and a "lists" command. • https://www.exploit-db.com/exploits/20597 https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0207 •