cvelistv5 - cve-2006-3636

CVE-2006-3636 (GCVE-0-2006-3636)

Vulnerability from cvelistv5

Published

2006-09-06 00:00

Modified

2024-08-07 18:39

Severity ?

CWE

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.9rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

References

URL

Tags

	http://www.vupen.com/english/advisories/2006/3446	vdb-entry, x_refsource_VUPEN
	http://www.debian.org/security/2006/dsa-1188	vendor-advisory, x_refsource_DEBIAN
	http://mail.python.org/pipermail/mailman-announce/2006-September/000087.html	mailing-list, x_refsource_MLIST
	http://www.securityfocus.com/bid/19831	vdb-entry, x_refsource_BID
	http://secunia.com/advisories/22639	third-party-advisory, x_refsource_SECUNIA
	http://securitytracker.com/id?1016808	vdb-entry, x_refsource_SECTRACK
	http://secunia.com/advisories/21879	third-party-advisory, x_refsource_SECUNIA
	http://www.securityfocus.com/bid/20021	vdb-entry, x_refsource_BID
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10553	vdb-entry, signature, x_refsource_OVAL
	http://www.ubuntu.com/usn/usn-345-1	vendor-advisory, x_refsource_UBUNTU
	http://security.gentoo.org/glsa/glsa-200609-12.xml	vendor-advisory, x_refsource_GENTOO
	http://www.securityfocus.com/archive/1/445992/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://secunia.com/advisories/22227	third-party-advisory, x_refsource_SECUNIA
	http://www.novell.com/linux/security/advisories/2006_25_sr.html	vendor-advisory, x_refsource_SUSE
	http://www.mandriva.com/security/advisories?name=MDKSA-2006:165	vendor-advisory, x_refsource_MANDRIVA
	http://secunia.com/advisories/21792	third-party-advisory, x_refsource_SECUNIA
	http://rhn.redhat.com/errata/RHSA-2006-0600.html	vendor-advisory, x_refsource_REDHAT
	http://sourceforge.net/project/shownotes.php?group_id=103&release_id=444295	x_refsource_CONFIRM
	http://secunia.com/advisories/21732	third-party-advisory, x_refsource_SECUNIA
	http://moritz-naumann.com/adv/0013/mailmanmulti/0013.txt	x_refsource_MISC
	http://secunia.com/advisories/22011	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/22020	third-party-advisory, x_refsource_SECUNIA
	https://exchange.xforce.ibmcloud.com/vulnerabilities/28731	vdb-entry, x_refsource_XF

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T18:39:53.576Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "ADV-2006-3446",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3446"
          },
          {
            "name": "DSA-1188",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2006/dsa-1188"
          },
          {
            "name": "[Mailman-Announce] 20060913 RELEASED: Mailman 2.1.9",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://mail.python.org/pipermail/mailman-announce/2006-September/000087.html"
          },
          {
            "name": "19831",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/19831"
          },
          {
            "name": "22639",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22639"
          },
          {
            "name": "1016808",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1016808"
          },
          {
            "name": "21879",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21879"
          },
          {
            "name": "20021",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/20021"
          },
          {
            "name": "oval:org.mitre.oval:def:10553",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10553"
          },
          {
            "name": "USN-345-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-345-1"
          },
          {
            "name": "GLSA-200609-12",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200609-12.xml"
          },
          {
            "name": "20060913 Mailman 2.1.8 Multiple Security Issues",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/445992/100/0/threaded"
          },
          {
            "name": "22227",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22227"
          },
          {
            "name": "SUSE-SR:2006:025",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2006_25_sr.html"
          },
          {
            "name": "MDKSA-2006:165",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:165"
          },
          {
            "name": "21792",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21792"
          },
          {
            "name": "RHSA-2006:0600",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2006-0600.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sourceforge.net/project/shownotes.php?group_id=103\u0026release_id=444295"
          },
          {
            "name": "21732",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21732"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://moritz-naumann.com/adv/0013/mailmanmulti/0013.txt"
          },
          {
            "name": "22011",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22011"
          },
          {
            "name": "22020",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22020"
          },
          {
            "name": "mailman-unspecified-xss(28731)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28731"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-09-04T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.9rc1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-18T14:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "ADV-2006-3446",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3446"
        },
        {
          "name": "DSA-1188",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2006/dsa-1188"
        },
        {
          "name": "[Mailman-Announce] 20060913 RELEASED: Mailman 2.1.9",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://mail.python.org/pipermail/mailman-announce/2006-September/000087.html"
        },
        {
          "name": "19831",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/19831"
        },
        {
          "name": "22639",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22639"
        },
        {
          "name": "1016808",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1016808"
        },
        {
          "name": "21879",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21879"
        },
        {
          "name": "20021",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/20021"
        },
        {
          "name": "oval:org.mitre.oval:def:10553",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10553"
        },
        {
          "name": "USN-345-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-345-1"
        },
        {
          "name": "GLSA-200609-12",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200609-12.xml"
        },
        {
          "name": "20060913 Mailman 2.1.8 Multiple Security Issues",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/445992/100/0/threaded"
        },
        {
          "name": "22227",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22227"
        },
        {
          "name": "SUSE-SR:2006:025",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2006_25_sr.html"
        },
        {
          "name": "MDKSA-2006:165",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:165"
        },
        {
          "name": "21792",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21792"
        },
        {
          "name": "RHSA-2006:0600",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2006-0600.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sourceforge.net/project/shownotes.php?group_id=103\u0026release_id=444295"
        },
        {
          "name": "21732",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21732"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://moritz-naumann.com/adv/0013/mailmanmulti/0013.txt"
        },
        {
          "name": "22011",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22011"
        },
        {
          "name": "22020",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22020"
        },
        {
          "name": "mailman-unspecified-xss(28731)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28731"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2006-3636",
    "datePublished": "2006-09-06T00:00:00.000Z",
    "dateReserved": "2006-07-17T00:00:00.000Z",
    "dateUpdated": "2024-08-07T18:39:53.576Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2006-AVI-426

Vulnerability from certfr_avis

De multiples vulnérabilités dans Mailman permettent à un utilisateur distant d'injecter du code dans une ou plusieurs pages du site vulnérable ainsi que de modifier les journaux d'événements.

Description

Deux vulnérabilités sont présentes dans Mailman :

La première vulnérabilité est de type Injection de code indirecte (Cross Site Scripting). Elle peut être exploitée par une personne mal intentionnée afin d'injecter du code dans une ou plusieurs pages du site vulnérable.
La seconde vulnérabilité concerne la fonction Utils.py. Elle permet à un utilisateur distant d'injecter des messages arbitraires dans les journaux d'événements.

Solution

La version 2.1.9 de Mailman corrige les vulnérabilités. Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Mailman version 2.1.9rc1 et antérieures.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted