CVSS: 10.0EPSS: 85%CPEs: 1EXPL: 3CVE-2023-50917 – MajorDoMo Command Injection
https://notcve.org/view.php?id=CVE-2023-50917
15 Dec 2023 — MajorDoMo (aka Major Domestic Module) before 0662e5e allows command execution via thumb.php shell metacharacters. NOTE: this is unrelated to the Majordomo mailing-list manager. MajorDoMo (también conocido como Major Domestic Module) anterior a 0662e5e permite la ejecución de comandos a través de metacaracteres del shell thumb.php. NOTA: esto no está relacionado con el administrador de listas de correo de Majordomo. MajorDoMo versions prior to 0662e5e suffer from an unauthenticated remote code execution vuln... • https://packetstorm.news/files/id/176669 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.2EPSS: 0%CPEs: 3EXPL: 1CVE-2003-1367
https://notcve.org/view.php?id=CVE-2003-1367
31 Dec 2003 — The which_access variable for Majordomo 2.0 through 1.94.4, and possibly earlier versions, is set to "open" by default, which allows remote attackers to identify the email addresses of members of mailing lists via a "which" command. • http://securityreason.com/securityalert/3235 • CWE-16: Configuration •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 2CVE-2000-0037 – Majordomo 1.94.4/1.94.5 - Local -C Parameter
https://notcve.org/view.php?id=CVE-2000-0037
28 Dec 1999 — Majordomo wrapper allows local users to gain privileges by specifying an alternate configuration file. • https://www.exploit-db.com/exploits/19699 •