CVSS: 6.8EPSS: 22%CPEs: 12EXPL: 1CVE-2006-3636 – Mailman 2.1.x - Multiple Input Validation Vulnerabilities
https://notcve.org/view.php?id=CVE-2006-3636
06 Sep 2006 — Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.9rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Mailman anterior a 2.1.9rc1 permite a un atacante remoto inyectar secuencias de comandos web o HTML a través de vectores no especificados. • https://www.exploit-db.com/exploits/28570 •
CVSS: 7.5EPSS: 6%CPEs: 12EXPL: 0CVE-2006-2941
https://notcve.org/view.php?id=CVE-2006-2941
06 Sep 2006 — Mailman before 2.1.9rc1 allows remote attackers to cause a denial of service via unspecified vectors involving "standards-breaking RFC 2231 formatted headers". Mailman anterior a 2.1.9rc1 permite a un atacante remoto provocar denegación de servicio a través de vectores no especificados que envuelven "cabeceras formadas de estándar-rotos RFC 2231". • http://mail.python.org/pipermail/mailman-announce/2006-September/000087.html •
CVSS: 7.5EPSS: 6%CPEs: 27EXPL: 0CVE-2006-0052
https://notcve.org/view.php?id=CVE-2006-0052
31 Mar 2006 — The attachment scrubber (Scrubber.py) in Mailman 2.1.5 and earlier, when using Python's library email module 2.5, allows remote attackers to cause a denial of service (mailing list delivery failure) via a multipart MIME message with a single part that has two blank lines between the first boundary and the end boundary. • ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc •
CVSS: 7.5EPSS: 2%CPEs: 7EXPL: 0CVE-2005-0202
https://notcve.org/view.php?id=CVE-2005-0202
09 Feb 2005 — Directory traversal vulnerability in the true_path function in private.py for Mailman 2.1.5 and earlier allows remote attackers to read arbitrary files via ".../....///" sequences, which are not properly cleansed by regular expressions that are intended to remove "../" and "./" sequences. • http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html •
CVSS: 6.1EPSS: 1%CPEs: 25EXPL: 0CVE-2004-1177
https://notcve.org/view.php?id=CVE-2004-1177
10 Jan 2005 — Cross-site scripting (XSS) vulnerability in the driver script in mailman before 2.1.5 allows remote attackers to inject arbitrary web script or HTML via a URL, which is not properly escaped in the resulting error page. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=287555 •
CVSS: 9.8EPSS: 0%CPEs: 25EXPL: 0CVE-2004-1143
https://notcve.org/view.php?id=CVE-2004-1143
31 Dec 2004 — The password generation in mailman before 2.1.5 generates only 5 million unique passwords, which makes it easier for remote attackers to guess passwords via a brute force attack. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286796 •
CVSS: 7.5EPSS: 2%CPEs: 6EXPL: 0CVE-2004-0412
https://notcve.org/view.php?id=CVE-2004-0412
03 Jun 2004 — Mailman before 2.1.5 allows remote attackers to obtain user passwords via a crafted email request to the Mailman server. Mailman anteriores a 2.1.5 permiten a atacantes remotos obtener contraseñas de usuario mediante peticiones de correo electronico especialmente elaboradas. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000842 •