CVSS: 9.8EPSS: 72%CPEs: 1EXPL: 1CVE-2023-50917 – MajorDoMo Command Injection
https://notcve.org/view.php?id=CVE-2023-50917
MajorDoMo (aka Major Domestic Module) before 0662e5e allows command execution via thumb.php shell metacharacters. NOTE: this is unrelated to the Majordomo mailing-list manager. MajorDoMo (también conocido como Major Domestic Module) anterior a 0662e5e permite la ejecución de comandos a través de metacaracteres del shell thumb.php. NOTA: esto no está relacionado con el administrador de listas de correo de Majordomo. MajorDoMo versions prior to 0662e5e suffer from an unauthenticated remote code execution vulnerability. • https://github.com/Chocapikk/CVE-2023-50917 http://packetstormsecurity.com/files/176273/MajorDoMo-Remote-Code-Execution.html http://packetstormsecurity.com/files/176669/MajorDoMo-Command-Injection.html http://seclists.org/fulldisclosure/2023/Dec/19 https://github.com/sergejey/majordomo/commit/0662e5ebfb133445ff6154b69c61019357092178 https://github.com/sergejey/majordomo/commit/3ec3ffb863ea3c2661ab27d398776c551f4daaac https://chocapikk.com/posts/2023/cve-2023-50917 https://github.com/sergejey/majordomo • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2010-0345
https://notcve.org/view.php?id=CVE-2010-0345
Cross-site scripting (XSS) vulnerability in the Majordomo extension 1.1.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de ejecución de comandos en sitios cruzados en la extensión de TYPO3 "Majordomo" v1.1.3 y anteriores permite a atacantes remotos inyectar HTML o scripts web a través de vectores no especificados. • http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-021 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2003-1367
https://notcve.org/view.php?id=CVE-2003-1367
The which_access variable for Majordomo 2.0 through 1.94.4, and possibly earlier versions, is set to "open" by default, which allows remote attackers to identify the email addresses of members of mailing lists via a "which" command. • http://securityreason.com/securityalert/3235 http://www.securityfocus.com/archive/1/310113 http://www.securityfocus.com/bid/6761 https://exchange.xforce.ibmcloud.com/vulnerabilities/11243 • CWE-16: Configuration •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 1CVE-2000-0035 – Great Circle Associates Majordomo 1.94.4 - Local resend
https://notcve.org/view.php?id=CVE-2000-0035
resend command in Majordomo allows local users to gain privileges via shell metacharacters. • https://www.exploit-db.com/exploits/19698 http://marc.info/?l=bugtraq&m=94780294009285&w=2 http://www.securityfocus.com/bid/902 •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1CVE-1999-1220
https://notcve.org/view.php?id=CVE-1999-1220
Majordomo 1.94.3 and earlier allows remote attackers to execute arbitrary commands when the advertise or noadvertise directive is used in a configuration file, via shell metacharacters in the Reply-To header. • http://www.securityfocus.com/archive/1/7527 https://exchange.xforce.ibmcloud.com/vulnerabilities/502 •