
CVE-2002-0855 – GNU Mailman 2.0.x - Admin Login Variant Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2002-0855
14 Aug 2002 — Cross-site scripting vulnerability in Mailman before 2.0.12 allows remote attackers to execute script as other users via a subscriber's list subscription options in the (1) adminpw or (2) info parameters to the ml-name feature. Vulnerabilidad de secuencias de comandos en sitios cruzados en Mailman 2.0.12 permite a atacantes remotos la ejecución de rutinas como otro usuario mediante las opciones de subscripción de la lista de subscriptores. • https://www.exploit-db.com/exploits/21642 •

CVE-2002-0389 – mailman: Local users able to read private mailing list archives
https://notcve.org/view.php?id=CVE-2002-0389
18 Jun 2002 — Pipermail in Mailman stores private mail messages with predictable filenames in a world-executable directory, which allows local users to read private mailing list archives. It was found that mailman stored private email messages in a world-readable directory. A local user could use this flaw to read private mailing list archives. Mailman is a program used to help manage e-mail discussion lists. It was found that mailman did not sanitize the list name before passing it to certain MTAs. • http://marc.info/?l=bugtraq&m=101902003314968&w=2 •

CVE-2002-0388 – GNU Mailman 2.0.x - Admin Login Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2002-0388
31 May 2002 — Cross-site scripting vulnerabilities in Mailman before 2.0.11 allow remote attackers to execute script via (1) the admin login page, or (2) the Pipermail index summaries. • https://www.exploit-db.com/exploits/21480 •

CVE-2001-0884
https://notcve.org/view.php?id=CVE-2001-0884
21 Dec 2001 — Cross-site scripting vulnerability in Mailman email archiver before 2.08 allows attackers to obtain sensitive information or authentication credentials via a malicious link that is accessed by other web users. Vulnerabilidad de secuencias de comandos en sitios cruzados en el archivador de correo electrónico Mailman permite a atacantes ganar información sensible o credenciales de autenticación mediante un enlace malicioso que es accedido por otros usuarios web. • http://www.redhat.com/support/errata/RHSA-2001-168.html •

CVE-2001-1132
https://notcve.org/view.php?id=CVE-2001-1132
05 Sep 2001 — Mailman 2.0.x before 2.0.6 allows remote attackers to gain access to list administrative pages when there is an empty site or list password, which is not properly handled during the call to the crypt function during authentication. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000420 •

CVE-2001-0290
https://notcve.org/view.php?id=CVE-2001-0290
03 May 2001 — Vulnerability in Mailman 2.0.1 and earlier allows list administrators to obtain user passwords. • http://archives.neohapsis.com/archives/bugtraq/2001-03/0031.html •

CVE-2000-0861
https://notcve.org/view.php?id=CVE-2000-0861
14 Nov 2000 — Mailman 1.1 allows list administrators to execute arbitrary commands via shell metacharacters in the %(listname) macro expansion. • http://archives.neohapsis.com/archives/bugtraq/2000-09/0040.html •

CVE-2000-0701
https://notcve.org/view.php?id=CVE-2000-0701
21 Sep 2000 — The wrapper program in mailman 2.0beta3 and 2.0beta4 does not properly cleanse untrusted format strings, which allows local users to gain privileges. • http://archives.neohapsis.com/archives/bugtraq/2000-07/0474.html •