Unrated severityNVD Advisory· Published Mar 15, 2011· Updated Apr 29, 2026

CVE-2011-0063

Description

The _list_file_get function in lib/Majordomo.pm in Majordomo 2 20110203 and earlier allows remote attackers to conduct directory traversal attacks and read arbitrary files via a ./.../ sequence in the "extra" parameter to the help command, which causes the regular expression to produce .. (dot dot) sequences. NOTE: this vulnerability is due to an incomplete fix for CVE-2011-0049.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

sotiriu.de/adv/NSOADV-2011-003.txtnvdExploit
bugzilla.mozilla.org/show_bug.cginvdExploitPatch
secunia.com/advisories/43631nvdVendor Advisory
securityreason.com/securityalert/8133nvd
www.securityfocus.com/archive/1/516923/100/0/threadednvd
exchange.xforce.ibmcloud.com/vulnerabilities/66011nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.072
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000