MidnightBSD

Advisories for endymion

CVE-1999-0850 LOW

The default permissions for Endymion MailMan allow local users to read email or modify files.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
endymion mailman_webmail 3.0.18
CVE-2001-0021 HIGH

MailMan Webmail 3.0.25 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the alternate_template parameter.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
endymion mailman_webmail 3.0.16
endymion mailman_webmail 3.0.1
endymion mailman_webmail 3.0.20
endymion mailman_webmail 3.0.25
endymion mailman_webmail 3.0.14
endymion mailman_webmail 3.0.13
endymion mailman_webmail 3.0.24
endymion mailman_webmail 3.0.23
endymion mailman_webmail 3.0
endymion mailman_webmail 3.0.12
endymion mailman_webmail 3.0.21
endymion mailman_webmail 3.0.11
endymion mailman_webmail 3.0.19
endymion mailman_webmail 3.0.22
endymion mailman_webmail 3.0.18
endymion mailman_webmail 3.0.10
endymion mailman_webmail 3.0.15
CVE-2002-0417 MEDIUM

Directory traversal vulnerability in Endymion MailMan before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) and a null character in the ALTERNATE_TEMPLATES parameter for various mmstdo*.cgi programs.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
endymion mailman_webmail 3.0.16
endymion mailman_webmail 3.0.20
endymion mailman_webmail 3.0.14
endymion mailman_webmail 3.0.13
endymion mailman_webmail 3.0.24
endymion mailman_webmail 3.0.23
endymion mailman_webmail 3.0.12
endymion mailman_webmail 3.0.21
endymion mailman_webmail 3.0.6
endymion mailman_webmail 3.0.33
endymion mailman_webmail 3.0.11
endymion mailman_webmail 3.0.19
endymion mailman_webmail 3.0.22
endymion mailman_webmail 3.0.29
endymion mailman_webmail 3.0.7
endymion mailman_webmail 3.0.10
endymion mailman_webmail 3.0.34
endymion mailman_webmail 3.0.4
endymion mailman_webmail 3.0.15
endymion mailman_webmail 3.0.28
endymion mailman_webmail 3.0.8
endymion mailman_webmail 3.0.30
endymion mailman_webmail 3.0.32
endymion mailman_webmail 3.0.1
endymion mailman_webmail 3.0.35
endymion mailman_webmail 3.0.26
endymion mailman_webmail 3.0
endymion mailman_webmail 3.0.2
endymion mailman_webmail 3.0.18
endymion mailman_webmail 3.0.31
endymion mailman_webmail 3.0.27
CVE-2002-0418 MEDIUM

Directory traversal vulnerability in the com.endymion.sake.servlet.mail.MailServlet servlet for Endymion SakeMail 1.0.36 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) and a null character in the param_name parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
endymion sake_mail 1.0.30
endymion sake_mail 1.0.23
endymion sake_mail 1.0.35
endymion sake_mail 1.0.26
endymion sake_mail 1.0.27
endymion sake_mail 1.0.31
endymion sake_mail 1.0.20
endymion sake_mail 1.0.29
endymion sake_mail 1.0.33
endymion sake_mail 1.0.34
endymion sake_mail 1.0.21
endymion sake_mail 1.0.24
endymion sake_mail 1.0.22
endymion sake_mail 1.0.28
endymion sake_mail 1.0.36