CVE-2011-0049 Scanner
Detects 'Directory Traversal' vulnerability in Majordomo 2 affects v. before 20110131.
Short Info
Level
Medium
Type
Single Scan
Can be used by
Asset Owner
Estimated Time
15 sec
Scan only one
Url
Parent Category
CVE-2011-0049 Scanner Detail
Majordomo 2 is a software widely used for managing electronic mailing lists. With Majordomo 2, a user can create, configure and administer email lists, allowing users to send messages to each other without having to send individual emails. This software is typically used in organizations that require communication among members, such as companies, academic institutions, and communities.
The CVE-2011-0049 vulnerability is a directory traversal flaw in the Majordomo 2 software. It occurs in the _list_file_get function in lib/Majordomo.pm. This vulnerability allows a remote attacker to gain access to files that they should not have access to, by using ".." sequences in the help command. This vulnerability can be exploited through a crafted email or through the web interface, more specifically through the cgi-bin/mj_wwwusr.
This vulnerability can lead to serious consequences if it is exploited. It could allow an attacker to read sensitive information stored on the system, such as passwords, confidential emails, and other personal information. Furthermore, an attacker could use the information obtained through this vulnerability to carry out more complex attacks, such as social engineering or spear-phishing.
Thanks to the advanced features of the securityforeveryone.com platform, those interested in learning about vulnerabilities in their digital assets can do so easily and quickly. The platform offers a comprehensive suite of tools, such as vulnerability scanning, penetration testing, and network monitoring, to help companies and individuals identify and fix security flaws in their systems. By using this platform, users can stay ahead of potential attackers and protect their digital assets effectively.
REFERENCES
- http://securityreason.com/securityalert/8061
- http://www.exploit-db.com/exploits/16103
- http://www.kb.cert.org/vuls/id/363726
- http://www.securityfocus.com/archive/1/516150/100/0/threaded
- http://www.securityfocus.com/bid/46127
- http://www.securitytracker.com/id?1025024
- http://www.vupen.com/english/advisories/2011/0288
- https://bug628064.bugzilla.mozilla.org/attachment.cgi?id=506481
- https://bugzilla.mozilla.org/show_bug.cgi?id=628064
- https://exchange.xforce.ibmcloud.com/vulnerabilities/65113
- https://sitewat.ch/en/Advisory/View/1
control security posture