CVE-2005-4153
https://notcve.org/view.php?id=CVE-2005-4153
Mailman 2.1.4 through 2.1.6 allows remote attackers to cause a denial of service via a message that causes the server to "fail with an Overflow on bad date data in a processed message," a different vulnerability than CVE-2005-3573. Mailman 2.1.4 a 2.1.6 permite a atacantes remotos causar una denegación de servicio mediante un mensaje que causa que el servidor "falle con un desbordamiento en datos de fecha incorrectos en un mensaje procesado", una vulnerabilidad diferente de CVE-2005-3572. • ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U http://secunia.com/advisories/18449 http://secunia.com/advisories/18456 http://secunia.com/advisories/18612 http://secunia.com/advisories/19167 http://secunia.com/advisories/19196 http://secunia.com/advisories/19532 http://www.debian.org/security/2006/dsa-955 http://www.osvdb.org/21723 http://www.redhat.com/support/errata/RHSA-2006-0204.html http://www.securityfocus.com/bid/16248 http://www.tru •
CVE-2005-3573
https://notcve.org/view.php?id=CVE-2005-3573
Scrubber.py in Mailman 2.1.5-8 does not properly handle UTF8 character encodings in filenames of e-mail attachments, which allows remote attackers to cause a denial of service (application crash). • ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=327732 http://lists.suse.com/archive/suse-security-announce/2006-Jan/0003.html http://mail.python.org/pipermail/mailman-users/2005-September/046523.html http://secunia.com/advisories/17511 http://secunia.com/advisories/17874 http://secunia.com/advisories/18456 http://secunia.com/advisories/18503 http://secunia.com/advisories/18612 http://secunia.com/advisories/ •
CVE-2005-0202
https://notcve.org/view.php?id=CVE-2005-0202
Directory traversal vulnerability in the true_path function in private.py for Mailman 2.1.5 and earlier allows remote attackers to read arbitrary files via ".../....///" sequences, which are not properly cleansed by regular expressions that are intended to remove "../" and "./" sequences. • http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031562.html http://marc.info/?l=bugtraq&m=110805795122386&w=2 http://secunia.com/advisories/14211 http://securitytracker.com/id?1013145 http://www.debian.org/security/2005/dsa-674 http://www.gentoo.org/security/en/glsa/glsa-200502-11.xml http://www.mandriva.com/security/advisories?name=MDKSA-2005:037 http://www.novell.com/linux/security •
CVE-2005-0080
https://notcve.org/view.php?id=CVE-2005-0080
The 55_options_traceback.dpatch patch for mailman 2.1.5 in Ubuntu 4.10 displays a different error message depending on whether the e-mail address is subscribed to a private list, which allows remote attackers to determine the list membership for a given e-mail address. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=285839 http://marc.info/?l=bugtraq&m=110549296126351&w=2 http://qa.debian.org/bts-security.html •
CVE-2004-1177
https://notcve.org/view.php?id=CVE-2004-1177
Cross-site scripting (XSS) vulnerability in the driver script in mailman before 2.1.5 allows remote attackers to inject arbitrary web script or HTML via a URL, which is not properly escaped in the resulting error page. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=287555 http://marc.info/?l=bugtraq&m=110549296126351&w=2 http://secunia.com/advisories/13603 http://www.debian.org/security/2005/dsa-674 http://www.mandriva.com/security/advisories?name=MDKSA-2005:015 http://www.novell.com/linux/security/advisories/2005_07_mailman.html http://www.redhat.com/support/errata/RHSA-2005-235.html https://exchange.xforce.ibmcloud.com/vulnerabilities/18854 https://oval.cisecurity.org/repository/search/ •