Vendor

Endymion

Products

CVEs

Across products

Status

Private

Products

CVE	Risk	CVSS	EPSS	Published	Description
CVE-2001-0021	0.04	—	0.10	Feb 16, 2001	MailMan Webmail 3.0.25 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the alternate_template parameter.
CVE-2002-0417	0.00	—	0.01	Aug 12, 2002	Directory traversal vulnerability in Endymion MailMan before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) and a null character in the ALTERNATE_TEMPLATES parameter for various mmstdo*.cgi programs.
CVE-2002-0418	0.00	—	0.00	Aug 12, 2002	Directory traversal vulnerability in the com.endymion.sake.servlet.mail.MailServlet servlet for Endymion SakeMail 1.0.36 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) and a null character in the param_name parameter.
CVE-1999-0850	0.00	—	0.00	Dec 2, 1999	The default permissions for Endymion MailMan allow local users to read email or modify files.

CVE-2001-0021Feb 16, 2001
risk 0.04cvss —epss 0.10
MailMan Webmail 3.0.25 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the alternate_template parameter.
CVE-2002-0417Aug 12, 2002
risk 0.00cvss —epss 0.01
Directory traversal vulnerability in Endymion MailMan before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) and a null character in the ALTERNATE_TEMPLATES parameter for various mmstdo*.cgi programs.
CVE-2002-0418Aug 12, 2002
risk 0.00cvss —epss 0.00
Directory traversal vulnerability in the com.endymion.sake.servlet.mail.MailServlet servlet for Endymion SakeMail 1.0.36 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) and a null character in the param_name parameter.
CVE-1999-0850Dec 2, 1999
risk 0.00cvss —epss 0.00
The default permissions for Endymion MailMan allow local users to read email or modify files.