Majordomo 2 contains a directory traversal vulnerability in the _list_file_get()function, which may allow a remote, unauthenticated attacker to obtain sensitive information.
Majordomo 2 contains a directory traversal vulnerability in the _list_file_get()function (lib/Majordomo.pm) caused by an input validation error when handling files. An attacker can exploit this vulnerability via directory traversal specifiers sent in a specially crafted request to any of the application's interfaces (e.g. email or web).
Additional information regarding this vulnerability can be found in this Sitewatch Advisory.
A remote unauthenticated attacker could obtain sensitive information.
The vulnerability is reported in snapshots prior to 20110204.
This vulnerability was reported by Michael Brooks.
This document was written by Michael Orlando.
|Date First Published:||2011-02-04|
|Date Last Updated:||2011-03-28 12:27 UTC|