Directory traversal vulnerability in GNU Mailman before 2.1.20, when not using a static alias, allows remote attackers to execute arbitrary files via a .. (dot dot) in a list name.
Max CVSS
7.6
EPSS Score
3.06%
Published
2015-04-13
Updated
2016-12-24
Directory traversal vulnerability in the true_path function in private.py for Mailman 2.1.5 and earlier allows remote attackers to read arbitrary files via ".../....///" sequences, which are not properly cleansed by regular expressions that are intended to remove "../" and "./" sequences.
Max CVSS
5.0
EPSS Score
0.85%
Published
2005-05-02
Updated
2017-10-11
2 vulnerabilities found