Download
| Alert*
|
oval:org.secpod.oval:def:89043828
This update for mailman fixes the following security vulnerabilities: - Fixed a XSS vulnerability and information leak in user options CGI, which could be used to execute arbitrary scripts in the user"s browser via specially encoded URLs - Fixed a directory traversal vulnerability in MTA transports ... oval:org.secpod.oval:def:89003352 This update for mailman fixes the following issues: - Fixed a XSS vulnerability and information leak in user options CGI, which could be used to execute arbitrary scripts in the user"s browser via specially encoded URLs - Fixed a directory traversal vulnerability in MTA transports when using the re ... oval:org.secpod.oval:def:503615 Mailman is a program used to help manage e-mail discussion lists. Security Fix: * mailman: Cross-site scripting vulnerability allows malicious listowners to inject scripts into listinfo pages * mailman: Mishandled URLs in Utils.py:GetPathPieces allows attackers to display arbitrary text on trusted ... oval:org.secpod.oval:def:63492 mailman: Web-based mailing list manager Several security issues were fixed in Mailman. oval:org.secpod.oval:def:1601162 Cross-site scripting vulnerability in Mailman 2.1.26 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. An issue was discovered in GNU Mailman before 2.1.28. A crafted URL can cause arbitrary text to be displayed on a web page from a tru ... oval:org.secpod.oval:def:114837 Mailman is software to help manage email discussion lists, much like Majordomo and Smartmail. Unlike most similar products, Mailman gives each mailing list a webpage, and allows users to subscribe, unsubscribe, etc. over the Web. Even the list manager can administer his or her list entirely from the ... oval:org.secpod.oval:def:705455 mailman: Web-based mailing list manager Several security issues were fixed in Mailman. oval:org.secpod.oval:def:53370 Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. discovered that mailman, a web-based mailing list manager, is prone to a cross-site scripting flaw allowing a malicious listowner to inject scripts into the listinfo page, due to not validated input in the host_name field. oval:org.secpod.oval:def:1504224 [3:2.1.15-30] - Resolves: #1599692 - Sanitize input on listinfo page [3:2.1.15-29] - Resolves: #1611689 - Trim long text in "no such list" messages [3:2.1.15-28] - Resolves: #1718180 - Try to decode member name first [3:2.1.15-27] - Related : #1545973 - Bump release to override rhel-7.4.z version oval:org.secpod.oval:def:603453 Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. discovered that mailman, a web-based mailing list manager, is prone to a cross-site scripting flaw allowing a malicious listowner to inject scripts into the listinfo page, due to not validated input in the host_name field. oval:org.secpod.oval:def:1700453 A cross-site scripting vulnerability has been discovered in mailman due to the host_name field not being properly validated. A malicious list owner could use this flaw to create a specially crafted list and inject client-side scripts. An issue was discovered in GNU Mailman before 2.1.28. A crafted ... oval:org.secpod.oval:def:205519 Mailman is a program used to help manage e-mail discussion lists. Security Fix: * mailman: Cross-site scripting vulnerability allows malicious listowners to inject scripts into listinfo pages * mailman: Mishandled URLs in Utils.py:GetPathPieces allows attackers to display arbitrary text on trusted ... |
