Download
| Alert*
oval:org.secpod.oval:def:2101188
Cross-site request forgery (CSRF) vulnerability in the admin web interface in GNU Mailman before 2.1.15 allows remote attackers to hijack the authentication of administrators. oval:org.secpod.oval:def:89043828 This update for mailman fixes the following security vulnerabilities: - Fixed a XSS vulnerability and information leak in user options CGI, which could be used to execute arbitrary scripts in the user"s browser via specially encoded URLs - Fixed a directory traversal vulnerability in MTA transports ... oval:org.secpod.oval:def:89003471 This update for mailman fixes the following issues: Security issue fixed: - CVE-2016-6893: Fixed a Cross-site request forgery vulnerability in the admin web interface . Following bug was fixed: - Allow CSRF check to pass in mailman web frontend if the list name contains a quot;+quot; oval:org.secpod.oval:def:89003352 This update for mailman fixes the following issues: - Fixed a XSS vulnerability and information leak in user options CGI, which could be used to execute arbitrary scripts in the user"s browser via specially encoded URLs - Fixed a directory traversal vulnerability in MTA transports when using the re ... oval:org.secpod.oval:def:89002028 This update for mailman to version 2.1.15 fixes the following issues: - CVE-2016-6893: Prevent cross-site request forgery vulnerability in the user options page that allowed remote attackers to hijack the authentication of arbitrary users for requests that modify an option . - Various other hardeni ... oval:org.secpod.oval:def:506617 Mailman is a program used to help manage e-mail discussion lists. Security Fix: * mailman: CSRF token bypass allows to perform CSRF attacks and account takeover * mailman: CSRF token bypass allows to perform CSRF attacks and admin takeover * mailman: CSRF protection missing in the user options pag ... oval:org.secpod.oval:def:1600862 Cross-site scripting vulnerability in web UIA cross-site scripting flaw was found in mailman. An attacker, able to trick the user into visiting a specific URL, can execute arbitrary web scripts on the user's side and force the victim to perform unintended actions. CSRF protection missing in t ... oval:org.secpod.oval:def:602615 It was discovered that there was a CSRF vulnerability in mailman, a web-based mailing list manager, which could allow an attacker to obtain a user"s password. oval:org.secpod.oval:def:37869 mailman: Powerful, web-based mailing list manager Several security issues were fixed in Mailman. oval:org.secpod.oval:def:1505339 [3:2.1.15-30.2] - Fix for CVE-2021-44227 - Resolves: #2026866 [3:2.1.15-30.1] - Fix for CVE-2016-6893 - Fix for CVE-2021-42097 - Resolves: #2024884, #2020688 oval:org.secpod.oval:def:51658 mailman: Powerful, web-based mailing list manager Several security issues were fixed in Mailman. oval:org.secpod.oval:def:703334 mailman: Powerful, web-based mailing list manager Several security issues were fixed in Mailman. oval:org.secpod.oval:def:205921 Mailman is a program used to help manage e-mail discussion lists. Security Fix: * mailman: CSRF token bypass allows to perform CSRF attacks and account takeover * mailman: CSRF token bypass allows to perform CSRF attacks and admin takeover * mailman: CSRF protection missing in the user options pag ... oval:org.secpod.oval:def:1700795 Cross-site request forgery vulnerability in the user options page in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the authentication of arbitrary users for requests that modify an option, as demonstrated by gaining access to the credentials of a victim's account. A Cross-Site R ... oval:org.secpod.oval:def:114144 Mailman is software to help manage email discussion lists, much like Majordomo and Smartmail. Unlike most similar products, Mailman gives each mailing list a webpage, and allows users to subscribe, unsubscribe, etc. over the Web. Even the list manager can administer his or her list entirely from the ... |