Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

CVE-2011-0063

CVE information

Published

11 years ago

Last Modified

4 years ago

CVSSv2.0 Severity

Medium

Impact Analysis

Description

The _list_file_get function in lib/Majordomo.pm in Majordomo 2 20110203 and earlier allows remote attackers to conduct directory traversal attacks and read arbitrary files via a ./.../ sequence in the "extra" parameter to the help command, which causes the regular expression to produce .. (dot dot) sequences. NOTE: this vulnerability is due to an incomplete fix for CVE-2011-0049..

CVSSv2.0 Score

Severity
Medium
Base Score
5/10
Exploit Score
10/10
Access Vector
Network
Access Complexity
Low
Authentication Required
None
Impact Score
2.9/10
Confidentiality Impact
Partial
Availability Impact
None
Integrity Impact
None

Products Affected

CPE Affected Vulnerable Excluding Edit
cpe:2.3:a:mj2:majordomo_2:20110128:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:mj2:majordomo_2:20110113:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:mj2:majordomo_2:*:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:mj2:majordomo_2:20110124:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:mj2:majordomo_2:20110108:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:mj2:majordomo_2:20110127:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:mj2:majordomo_2:20110131:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:mj2:majordomo_2:20110125:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:mj2:majordomo_2:20110117:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:mj2:majordomo_2:20110101:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:mj2:majordomo_2:20110116:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:mj2:majordomo_2:20110109:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:mj2:majordomo_2:20110115:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:mj2:majordomo_2:20110201:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:mj2:majordomo_2:20110114:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:mj2:majordomo_2:20110123:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:mj2:majordomo_2:20110112:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:mj2:majordomo_2:20110103:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:mj2:majordomo_2:20110118:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:mj2:majordomo_2:20110121:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:mj2:majordomo_2:20110104:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:mj2:majordomo_2:20110129:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:mj2:majordomo_2:20110111:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:mj2:majordomo_2:20110126:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:mj2:majordomo_2:20110130:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:mj2:majordomo_2:20110102:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:mj2:majordomo_2:20110105:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:mj2:majordomo_2:20110119:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:mj2:majordomo_2:20110122:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:mj2:majordomo_2:20110120:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:mj2:majordomo_2:20110106:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:mj2:majordomo_2:20110202:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:mj2:majordomo_2:20110107:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:mj2:majordomo_2:20110110:*:*:*:*:*:*:*
  Yes
- -