CVSS: 6.1EPSS: 1%CPEs: 25EXPL: 0CVE-2004-1177
https://notcve.org/view.php?id=CVE-2004-1177
10 Jan 2005 — Cross-site scripting (XSS) vulnerability in the driver script in mailman before 2.1.5 allows remote attackers to inject arbitrary web script or HTML via a URL, which is not properly escaped in the resulting error page. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=287555 •
CVSS: 9.8EPSS: 0%CPEs: 25EXPL: 0CVE-2004-1143
https://notcve.org/view.php?id=CVE-2004-1143
31 Dec 2004 — The password generation in mailman before 2.1.5 generates only 5 million unique passwords, which makes it easier for remote attackers to guess passwords via a brute force attack. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286796 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2004-0182
https://notcve.org/view.php?id=CVE-2004-0182
17 Apr 2004 — Mailman before 2.0.13 allows remote attackers to cause a denial of service (crash) via an email message with an empty subject field. • ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.asc •
CVSS: 7.5EPSS: 1%CPEs: 21EXPL: 0CVE-2003-0991
https://notcve.org/view.php?id=CVE-2003-0991
03 Mar 2004 — Unknown vulnerability in the mail command handler in Mailman before 2.0.14 allows remote attackers to cause a denial of service (crash) via malformed e-mail commands. Vulnerabilidad desconocida en el manejador de instrucciones por correo en Mailman anteriores a 2.0.14 permite a atacantes remotos causar una denegación de servicio (caída) mediante instrucciones de correo electrónico malformadas. • ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc •
CVSS: 6.8EPSS: 3%CPEs: 1EXPL: 0CVE-2003-0965
https://notcve.org/view.php?id=CVE-2003-0965
15 Jan 2004 — Cross-site scripting (XSS) vulnerability in the admin CGI script for Mailman before 2.1.4 allows remote attackers to steal session cookies and conduct unauthorized activities. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Mailman anteriores a 2.1.4 permite a atacantes remotos robar cookies de sesión y llevar a cabo actividades no autorizadas. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000842 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2003-0992
https://notcve.org/view.php?id=CVE-2003-0992
15 Jan 2004 — Cross-site scripting (XSS) vulnerability in the create CGI script for Mailman before 2.1.3 allows remote attackers to steal cookies of other users. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el scritp de creación de CGI en Mailman anteriores a 2.1.3 permite a atacantes remotos robar cookies de otros usuarios. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000842 •
CVSS: 7.5EPSS: 3%CPEs: 1EXPL: 1CVE-2002-0388 – GNU Mailman 2.0.x - Admin Login Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2002-0388
31 May 2002 — Cross-site scripting vulnerabilities in Mailman before 2.0.11 allow remote attackers to execute script via (1) the admin login page, or (2) the Pipermail index summaries. • https://www.exploit-db.com/exploits/21480 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2001-1132
https://notcve.org/view.php?id=CVE-2001-1132
05 Sep 2001 — Mailman 2.0.x before 2.0.6 allows remote attackers to gain access to list administrative pages when there is an empty site or list password, which is not properly handled during the call to the crypt function during authentication. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000420 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2001-0290
https://notcve.org/view.php?id=CVE-2001-0290
03 May 2001 — Vulnerability in Mailman 2.0.1 and earlier allows list administrators to obtain user passwords. • http://archives.neohapsis.com/archives/bugtraq/2001-03/0031.html •