exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 2 of 2 RSS Feed

CVE-2016-6893

Status Candidate

Overview

Cross-site request forgery (CSRF) vulnerability in the user options page in GNU Mailman 2.1.x before 2.1.23 allows remote attackers to hijack the authentication of arbitrary users for requests that modify an option, as demonstrated by gaining access to the credentials of a victim's account.

Related Files

Red Hat Security Advisory 2021-4913-04
Posted Dec 3, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-4913-04 - Mailman is a program used to help manage e-mail discussion lists. Issues addressed include bypass and cross site request forgery vulnerabilities.

tags | advisory, vulnerability, csrf
systems | linux, redhat
advisories | CVE-2016-6893, CVE-2021-42097, CVE-2021-44227
SHA-256 | c0b2367bca6b9519cbf4eef54ab3a7cc8eece40d1140a7de1f14b7331fe671bd
Ubuntu Security Notice USN-3118-1
Posted Nov 1, 2016
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3118-1 - It was discovered that the Mailman administrative web interface did not protect against cross-site request forgery attacks. If an authenticated user were tricked into visiting a malicious website while logged into Mailman, a remote attacker could perform administrative actions. This issue only affected Ubuntu 12.04 LTS. Nishant Agarwala discovered that the Mailman user options page did not protect against cross-site request forgery attacks. If an authenticated user were tricked into visiting a malicious website while logged into Mailman, a remote attacker could modify user options. Various other issues were also addressed.

tags | advisory, remote, web, csrf
systems | linux, ubuntu
advisories | CVE-2016-6893, CVE-2016-7123
SHA-256 | 86d40e7046763552f68f7f4ae496da340a76291e0d1557f6f720fe8ac4909166
Page 1 of 1
Back1Next

File Archive:

July 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    52 Files
  • 2
    Jul 2nd
    0 Files
  • 3
    Jul 3rd
    0 Files
  • 4
    Jul 4th
    0 Files
  • 5
    Jul 5th
    0 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close