Description

Mailman 2.0.x before 2.0.6 allows remote attackers to gain access to list administrative pages when there is an empty site or list password, which is not properly handled during the call to the crypt function during authentication.

Remediation

References

CVE-2001-1132

Related Vulnerabilities

Artifactory CVE-2020-7931 Vulnerability (CVE-2020-7931)

Lighttpd Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2018-19052)

Squid Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2016-3947)

Piwigo Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2021-27973)

WordPress Plugin Registration Forms-User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction Cross-Site Scripting (2.0.14)

Severity

High

Classification

CVE-2001-1132

Tags

Missing Update Known Vulnerabilities