CVSS: 6.5EPSS: 2%CPEs: 1EXPL: 0CVE-2006-4624 – mailman logfile CRLF injection
https://notcve.org/view.php?id=CVE-2006-4624
07 Sep 2006 — CRLF injection vulnerability in Utils.py in Mailman before 2.1.9rc1 allows remote attackers to spoof messages in the error log and possibly trick the administrator into visiting malicious URLs via CRLF sequences in the URI. Vulnerabilidad de inyección CRLF en Utils.py de Mailman anterior a 2.1.9rc1 permite a atacantes remotos suplantar mensajes en el log de errores y posiblemente engañar al administrador para que visite URLs maliciosas mediante secuencias CLRF en la URI. • http://mail.python.org/pipermail/mailman-announce/2006-September/000087.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 5%CPEs: 27EXPL: 0CVE-2006-0052
https://notcve.org/view.php?id=CVE-2006-0052
31 Mar 2006 — The attachment scrubber (Scrubber.py) in Mailman 2.1.5 and earlier, when using Python's library email module 2.5, allows remote attackers to cause a denial of service (mailing list delivery failure) via a multipart MIME message with a single part that has two blank lines between the first boundary and the end boundary. • ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc •
CVSS: 7.5EPSS: 5%CPEs: 24EXPL: 0CVE-2005-3573
https://notcve.org/view.php?id=CVE-2005-3573
16 Nov 2005 — Scrubber.py in Mailman 2.1.5-8 does not properly handle UTF8 character encodings in filenames of e-mail attachments, which allows remote attackers to cause a denial of service (application crash). • ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U •
CVSS: 6.1EPSS: 1%CPEs: 25EXPL: 0CVE-2004-1177
https://notcve.org/view.php?id=CVE-2004-1177
10 Jan 2005 — Cross-site scripting (XSS) vulnerability in the driver script in mailman before 2.1.5 allows remote attackers to inject arbitrary web script or HTML via a URL, which is not properly escaped in the resulting error page. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=287555 •
CVSS: 9.8EPSS: 0%CPEs: 25EXPL: 0CVE-2004-1143
https://notcve.org/view.php?id=CVE-2004-1143
31 Dec 2004 — The password generation in mailman before 2.1.5 generates only 5 million unique passwords, which makes it easier for remote attackers to guess passwords via a brute force attack. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286796 •
CVSS: 7.5EPSS: 1%CPEs: 21EXPL: 0CVE-2003-0991
https://notcve.org/view.php?id=CVE-2003-0991
03 Mar 2004 — Unknown vulnerability in the mail command handler in Mailman before 2.0.14 allows remote attackers to cause a denial of service (crash) via malformed e-mail commands. Vulnerabilidad desconocida en el manejador de instrucciones por correo en Mailman anteriores a 2.0.14 permite a atacantes remotos causar una denegación de servicio (caída) mediante instrucciones de correo electrónico malformadas. • ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc •
CVSS: 6.8EPSS: 3%CPEs: 1EXPL: 0CVE-2003-0965
https://notcve.org/view.php?id=CVE-2003-0965
15 Jan 2004 — Cross-site scripting (XSS) vulnerability in the admin CGI script for Mailman before 2.1.4 allows remote attackers to steal session cookies and conduct unauthorized activities. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Mailman anteriores a 2.1.4 permite a atacantes remotos robar cookies de sesión y llevar a cabo actividades no autorizadas. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000842 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2003-0992
https://notcve.org/view.php?id=CVE-2003-0992
15 Jan 2004 — Cross-site scripting (XSS) vulnerability in the create CGI script for Mailman before 2.1.3 allows remote attackers to steal cookies of other users. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el scritp de creación de CGI en Mailman anteriores a 2.1.3 permite a atacantes remotos robar cookies de otros usuarios. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000842 •