Page 6 of 43 results (0.008 seconds)

CVSS: 5.0EPSS: 12%CPEs: 27EXPL: 0

The attachment scrubber (Scrubber.py) in Mailman 2.1.5 and earlier, when using Python's library email module 2.5, allows remote attackers to cause a denial of service (mailing list delivery failure) via a multipart MIME message with a single part that has two blank lines between the first boundary and the end boundary. • ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=358892 http://secunia.com/advisories/19522 http://secunia.com/advisories/19545 http://secunia.com/advisories/19571 http://secunia.com/advisories/20624 http://secunia.com/advisories/20782 http://securitytracker.com/id?1015851 http://www.debian.org/security/2006/dsa-1027 http://www.mandriva.com/security/advisories?name=MDKSA-2006:061 http://www.novell.c •

CVSS: 7.8EPSS: 81%CPEs: 3EXPL: 0

Mailman 2.1.4 through 2.1.6 allows remote attackers to cause a denial of service via a message that causes the server to "fail with an Overflow on bad date data in a processed message," a different vulnerability than CVE-2005-3573. Mailman 2.1.4 a 2.1.6 permite a atacantes remotos causar una denegación de servicio mediante un mensaje que causa que el servidor "falle con un desbordamiento en datos de fecha incorrectos en un mensaje procesado", una vulnerabilidad diferente de CVE-2005-3572. • ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U http://secunia.com/advisories/18449 http://secunia.com/advisories/18456 http://secunia.com/advisories/18612 http://secunia.com/advisories/19167 http://secunia.com/advisories/19196 http://secunia.com/advisories/19532 http://www.debian.org/security/2006/dsa-955 http://www.osvdb.org/21723 http://www.redhat.com/support/errata/RHSA-2006-0204.html http://www.securityfocus.com/bid/16248 http://www.tru •

CVSS: 5.0EPSS: 89%CPEs: 24EXPL: 0

Scrubber.py in Mailman 2.1.5-8 does not properly handle UTF8 character encodings in filenames of e-mail attachments, which allows remote attackers to cause a denial of service (application crash). • ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=327732 http://lists.suse.com/archive/suse-security-announce/2006-Jan/0003.html http://mail.python.org/pipermail/mailman-users/2005-September/046523.html http://secunia.com/advisories/17511 http://secunia.com/advisories/17874 http://secunia.com/advisories/18456 http://secunia.com/advisories/18503 http://secunia.com/advisories/18612 http://secunia.com/advisories/ •

CVSS: 5.0EPSS: 0%CPEs: 7EXPL: 0

Directory traversal vulnerability in the true_path function in private.py for Mailman 2.1.5 and earlier allows remote attackers to read arbitrary files via ".../....///" sequences, which are not properly cleansed by regular expressions that are intended to remove "../" and "./" sequences. • http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031562.html http://marc.info/?l=bugtraq&m=110805795122386&w=2 http://secunia.com/advisories/14211 http://securitytracker.com/id?1013145 http://www.debian.org/security/2005/dsa-674 http://www.gentoo.org/security/en/glsa/glsa-200502-11.xml http://www.mandriva.com/security/advisories?name=MDKSA-2005:037 http://www.novell.com/linux/security&# •

CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0

The 55_options_traceback.dpatch patch for mailman 2.1.5 in Ubuntu 4.10 displays a different error message depending on whether the e-mail address is subscribed to a private list, which allows remote attackers to determine the list membership for a given e-mail address. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=285839 http://marc.info/?l=bugtraq&m=110549296126351&w=2 http://qa.debian.org/bts-security.html •