Endymion » Mailman Webmail : Security Vulnerabilities, CVEs,
The default permissions for Endymion MailMan allow local users to read email or modify files.
Max CVSS
3.6
EPSS Score
0.04%
Published
1999-12-02
Updated
2008-09-09
MailMan Webmail 3.0.25 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the alternate_template parameter.
Max CVSS
10.0
EPSS Score
8.24%
Published
2001-02-16
Updated
2017-10-10
Directory traversal vulnerability in Endymion MailMan before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) and a null character in the ALTERNATE_TEMPLATES parameter for various mmstdo*.cgi programs.
Max CVSS
5.0
EPSS Score
1.44%
Published
2002-08-12
Updated
2008-09-05
3 vulnerabilities found