Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Mailman
(Gnu)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 44 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2004-12-31 | CVE-2004-1143 | The password generation in mailman before 2.1.5 generates only 5 million unique passwords, which makes it easier for remote attackers to guess passwords via a brute force attack. | Mailman | N/A | ||
| 2004-08-18 | CVE-2004-0412 | Mailman before 2.1.5 allows remote attackers to obtain user passwords via a crafted email request to the Mailman server. | Mailman | N/A | ||
| 2004-06-01 | CVE-2004-0182 | Mailman before 2.0.13 allows remote attackers to cause a denial of service (crash) via an email message with an empty subject field. | Mailman | N/A | ||
| 2004-02-17 | CVE-2003-0992 | Cross-site scripting (XSS) vulnerability in the create CGI script for Mailman before 2.1.3 allows remote attackers to steal cookies of other users. | Mailman | N/A | ||
| 2004-03-03 | CVE-2003-0991 | Unknown vulnerability in the mail command handler in Mailman before 2.0.14 allows remote attackers to cause a denial of service (crash) via malformed e-mail commands. | Mailman, Propack | N/A | ||
| 2004-02-17 | CVE-2003-0965 | Cross-site scripting (XSS) vulnerability in the admin CGI script for Mailman before 2.1.4 allows remote attackers to steal session cookies and conduct unauthorized activities. | Mailman | N/A | ||
| 2003-02-07 | CVE-2003-0038 | Cross-site scripting (XSS) vulnerability in options.py for Mailman 2.1 allows remote attackers to inject script or HTML into web pages via the (1) email or (2) language parameters. | Mailman | N/A | ||
| 2002-09-05 | CVE-2002-0855 | Cross-site scripting vulnerability in Mailman before 2.0.12 allows remote attackers to execute script as other users via a subscriber's list subscription options in the (1) adminpw or (2) info parameters to the ml-name feature. | Mailman | N/A | ||
| 2002-06-18 | CVE-2002-0389 | Pipermail in Mailman stores private mail messages with predictable filenames in a world-executable directory, which allows local users to read private mailing list archives. | Mailman | N/A | ||
| 2002-06-18 | CVE-2002-0388 | Cross-site scripting vulnerabilities in Mailman before 2.0.11 allow remote attackers to execute script via (1) the admin login page, or (2) the Pipermail index summaries. | Mailman | N/A |