VYPR

Majordomo

by Great Circle Associates

CVEs (7)

  • CVE-2011-0049Feb 4, 2011
    risk 0.11cvss epss 0.95

    Directory traversal vulnerability in the _list_file_get function in lib/Majordomo.pm in Majordomo 2 before 20110131 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the help command, as demonstrated using (1) a crafted email and (2) cgi-bin/mj_wwwusr…

  • CVE-2011-0063Mar 15, 2011
    risk 0.10cvss epss 0.85

    The _list_file_get function in lib/Majordomo.pm in Majordomo 2 20110203 and earlier allows remote attackers to conduct directory traversal attacks and read arbitrary files via a ./.../ sequence in the "extra" parameter to the help command, which causes the regular expression to…

  • CVE-1999-0207Jun 9, 1994
    risk 0.04cvss epss 0.09

    Remote attacker can execute commands through Majordomo using the Reply-To field and a "lists" command.

  • CVE-2000-0035Dec 28, 1999
    risk 0.03cvss epss 0.01

    resend command in Majordomo allows local users to gain privileges via shell metacharacters.

  • CVE-2000-0037Dec 28, 1999
    risk 0.03cvss epss 0.01

    Majordomo wrapper allows local users to gain privileges by specifying an alternate configuration file.

  • CVE-2003-1367Dec 31, 2003
    risk 0.00cvss epss 0.02

    The which_access variable for Majordomo 2.0 through 1.94.4, and possibly earlier versions, is set to "open" by default, which allows remote attackers to identify the email addresses of members of mailing lists via a "which" command.

  • CVE-1999-1220Aug 24, 1997
    risk 0.00cvss epss 0.02

    Majordomo 1.94.3 and earlier allows remote attackers to execute arbitrary commands when the advertise or noadvertise directive is used in a configuration file, via shell metacharacters in the Reply-To header.