Directory traversal vulnerability in the _list_file_get function in lib/Majordomo.pm in Majordomo 2 before 20110131 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the help command, as demonstrated using (1) a crafted email and (2) cgi-bin/mj_wwwusr in the web interface.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2011-02-04T00:00:00
Updated: 2024-08-06T21:43:13.960Z
Reserved: 2010-12-21T00:00:00
Link: CVE-2011-0049
Vulnrichment
No data.
NVD
Status : Modified
Published: 2011-02-04T01:00:07.400
Modified: 2024-02-14T01:17:43.863
Link: CVE-2011-0049
Redhat
No data.