CVSS: 7.5EPSS: 5%CPEs: 27EXPL: 0CVE-2006-0052
https://notcve.org/view.php?id=CVE-2006-0052
31 Mar 2006 — The attachment scrubber (Scrubber.py) in Mailman 2.1.5 and earlier, when using Python's library email module 2.5, allows remote attackers to cause a denial of service (mailing list delivery failure) via a multipart MIME message with a single part that has two blank lines between the first boundary and the end boundary. • ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc •
CVSS: 7.5EPSS: 5%CPEs: 24EXPL: 0CVE-2005-3573
https://notcve.org/view.php?id=CVE-2005-3573
16 Nov 2005 — Scrubber.py in Mailman 2.1.5-8 does not properly handle UTF8 character encodings in filenames of e-mail attachments, which allows remote attackers to cause a denial of service (application crash). • ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U •
CVSS: 6.1EPSS: 1%CPEs: 25EXPL: 0CVE-2004-1177
https://notcve.org/view.php?id=CVE-2004-1177
10 Jan 2005 — Cross-site scripting (XSS) vulnerability in the driver script in mailman before 2.1.5 allows remote attackers to inject arbitrary web script or HTML via a URL, which is not properly escaped in the resulting error page. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=287555 •
CVSS: 9.8EPSS: 0%CPEs: 25EXPL: 0CVE-2004-1143
https://notcve.org/view.php?id=CVE-2004-1143
31 Dec 2004 — The password generation in mailman before 2.1.5 generates only 5 million unique passwords, which makes it easier for remote attackers to guess passwords via a brute force attack. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286796 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2004-0182
https://notcve.org/view.php?id=CVE-2004-0182
17 Apr 2004 — Mailman before 2.0.13 allows remote attackers to cause a denial of service (crash) via an email message with an empty subject field. • ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.asc •
CVSS: 7.5EPSS: 1%CPEs: 21EXPL: 0CVE-2003-0991
https://notcve.org/view.php?id=CVE-2003-0991
03 Mar 2004 — Unknown vulnerability in the mail command handler in Mailman before 2.0.14 allows remote attackers to cause a denial of service (crash) via malformed e-mail commands. Vulnerabilidad desconocida en el manejador de instrucciones por correo en Mailman anteriores a 2.0.14 permite a atacantes remotos causar una denegación de servicio (caída) mediante instrucciones de correo electrónico malformadas. • ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc •
CVSS: 6.8EPSS: 3%CPEs: 1EXPL: 0CVE-2003-0965
https://notcve.org/view.php?id=CVE-2003-0965
15 Jan 2004 — Cross-site scripting (XSS) vulnerability in the admin CGI script for Mailman before 2.1.4 allows remote attackers to steal session cookies and conduct unauthorized activities. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Mailman anteriores a 2.1.4 permite a atacantes remotos robar cookies de sesión y llevar a cabo actividades no autorizadas. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000842 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2003-0992
https://notcve.org/view.php?id=CVE-2003-0992
15 Jan 2004 — Cross-site scripting (XSS) vulnerability in the create CGI script for Mailman before 2.1.3 allows remote attackers to steal cookies of other users. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el scritp de creación de CGI en Mailman anteriores a 2.1.3 permite a atacantes remotos robar cookies de otros usuarios. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000842 •
CVSS: 7.5EPSS: 3%CPEs: 1EXPL: 1CVE-2002-0388 – GNU Mailman 2.0.x - Admin Login Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2002-0388
31 May 2002 — Cross-site scripting vulnerabilities in Mailman before 2.0.11 allow remote attackers to execute script via (1) the admin login page, or (2) the Pipermail index summaries. • https://www.exploit-db.com/exploits/21480 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2001-1132
https://notcve.org/view.php?id=CVE-2001-1132
05 Sep 2001 — Mailman 2.0.x before 2.0.6 allows remote attackers to gain access to list administrative pages when there is an empty site or list password, which is not properly handled during the call to the crypt function during authentication. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000420 •