|
 |
| Sat, Jul 26th | home | browse | articles | contact | chat | submit | faq | newsletter | about | stats | scoop | 07:38 UTC |
|
|
login « register « recover password « |
|
|
|
Mailman is a program used to help manage email discussion lists. A flaw was found in Mailman. A remote attacker could spoof messages in the error log, and possibly trick the administrator into visiting malicious URLs via a carriage return/line feed sequence in the URI. Fixed packages are available from updates.redhat.com. Links: updates.redhat.com [Comments are disabled]
Several security related problems have been discovered in mailman, the web-based GNU mailing list manager. Moritz Naumann discovered several cross-site scripting problems that could allow remote attackers to inject arbitrary web script or HTML. Moritz Naumann discovered that a remote attacker can inject arbitrary strings into the logfile. Fixed packages are available from security.debian.org. Links: security.debian.org [Comments are disabled]
Mailman is a program used to help manage email discussion lists. A flaw was found in the way Mailman handled MIME multipart messages. An attacker could send a carefully crafted MIME multipart email message to a mailing list run by Mailman which caused that particular mailing list to stop working. Several cross-site scripting (XSS) issues were found in Mailman. An attacker could exploit these issues to perform cross-site scripting attacks against the Mailman administrator. Fixed packages are available from security.debian.org. Links: security.debian.org [Comments are disabled]
Mailman is software to help manage email discussion lists. A flaw was found in the way Mailman handles MIME multipart messages. An attacker could send a carefully crafted MIME multipart email message to a mailing list run by Mailman which would cause that particular mailing list to stop working. Fixed packages are available from updates.redhat.com. Links: updates.redhat.com [Comments are disabled]
A potential denial of service problem has been discovered in mailman, the web-based GNU mailing list manager. The (failing) parsing of messages with malformed mime multiparts sometimes caused the whole mailing list to become inoperative. Fixed packages are available from security.debian.org. Links: security.debian.org [Comments are disabled]
Mailman is software to help manage email discussion lists. A flaw in handling of UTF8 character encodings was found in Mailman. An attacker could send a carefully crafted email message to a mailing list run by Mailman which would cause that particular mailing list to stop working. A flaw in date handling was found in Mailman version 2.1.4 through 2.1.6. An attacker could send a carefully crafted email message to a mailing list run by Mailman which would cause the Mailman server to crash. Fixed packages are available from updates.redhat.com. Links: updates.redhat.com [Comments are disabled]
Two denial of service bugs were found in the mailman list server. In one, attachment filenames containing UTF8 strings were not properly parsed, which could cause the server to crash. In another, a message containing a bad date string could cause a server crash. Fixed packages are available from security.debian.org. Links: security.debian.org [Comments are disabled]
Mailman manages electronic mail discussion and e-newsletter lists. A cross-site scripting (XSS) flaw in the driver script of mailman prior to version 2.1.5 could allow remote attackers to execute scripts as other web users. Fixed packages are available from updates.redhat.com. Links: updates.redhat.com [Comments are disabled]
Mailman is a flexible mailing list management tool. It provides mail controlled subscription front ends and also includes CGI scripts to handle subscription, moderation and archive retrieval and other options. Due to incomplete input validation the "private" CGI script which handles archive retrieval could be used to read any file on the system, including the configuration database of the mailman lists which include passwords in plain text. A remote attacker just needs a valid account on one mailing list managed by this mailman instance. Fixed packages are available from ftp.suse.com. Links: ftp.suse.com [Comments are disabled]
The mailman package is software to help manage email discussion lists. A flaw in the true_path function of Mailman was discovered. A remote attacker who is a member of a private mailman list could use a carefully crafted URL and gain access to arbitrary files on the server. Fixed packages are available from updates.redhat.com. Links: updates.redhat.com [Comments are disabled]
Two security related problems have been discovered in mailman, web-based GNU mailing list manager. Florian Weimer discovered a cross-site scripting vulnerability in mailman's automatically generated error messages. An attacker could craft an URL containing JavaScript (or other content embedded into HTML) which triggered a mailman error page that would include the malicious code verbatim. Several listmasters have noticed unauthorised access to archives of private lists and the list configuration itself, including the users passwords. Administrators are advised to check the webserver logfiles for requests that contain "/...../" and the path to the archives or cofiguration. This does only seem to affect installations running on web servers that do not strip slashes, such as Apache 1.3. Fixed packages are available from security.debian.org. Links: security.debian.org [Comments are disabled]
Mailman is a mailing list manager. Dirk Mueller discovered a cross-site scripting bug in the admin interface in versions of Mailman 2.1 before 2.1.4. A cross-site scripting bug in the 'create' CGI script affects versions of Mailman 2.1 before 2.1.3. Updated packages are available from updates.redhat.com. Links: updates.redhat.com [Comments are disabled]
Several vulnerabilities have been fixed in the mailman package. A potential cross-site scripting via certain CGI parameters (not known to be exploitable in this version) and a cross-site scripting in the administrative interface have been fixed. Also, a certain malformed email commands could cause the mailman process to crash. Fixed packages are available from security.debian.org. Links: security.debian.org [Comments are disabled]
Mailman versions prior to 2.0.12 contain a cross-site scripting vulnerability in the processing of invalid requests to edit a subscriber's list subscription options. Fixed packages are available from updates.redhat.com. Links: updates.redhat.com [Comments are disabled]
A cross-site scripting vulnerability was discovered in mailman, a software to manage electronic mailing lists. When a properly crafted URL is accessed with Internet Explorer (other browsers don't seem to be affected), the resulting webpage is rendered similar to the real one, but the javascript component is executed as well, which could be used by an attacker to get access to sensitive information. Fixed packages can be obtained from security.debian.org. Links: security.debian.org [Comments are disabled]
Updated mailman packages are now available for Red Hat Linux 7.2 and 7.3. These updates resolve a cross-site scripting vulnerability present in versions of Mailman prior to 2.0.11. [Comments are disabled]
A server running Mailmain versions prior to 2.0.8 will send certain user-modifiable data to clients without escaping embedded tags. This data may contain scripts which will then be executed by an unwary client, possibly transmitting private information to a third party. Fixed packages are available from updates.redhat.com. Links: updates.redhat.com [Comments are disabled]
Barry A. Warsaw reported several cross-site scripting security holes in Mailman, due to non-existent escaping of CGI variables. Fixed packages are available from security.debian.org. Links: security.debian.org [Comments are disabled]
|
|
