cbcvebase.
CVE-2011-0063
published 2011-03-15

CVE-2011-0063: The _list_file_get function in lib/Majordomo.pm in Majordomo 2 20110203 and earlier allows remote attackers to conduct directory traversal attacks and read…

PriorityP353medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
85.45%
99.7th percentile
The _list_file_get function in lib/Majordomo.pm in Majordomo 2 20110203 and earlier allows remote attackers to conduct directory traversal attacks and read arbitrary files via a ./.../ sequence in the "extra" parameter to the help command, which causes the regular expression to produce .. (dot dot) sequences. NOTE: this vulnerability is due to an incomplete fix for CVE-2011-0049.

Affected

34 ranges· showing 25
VendorProductVersion rangeFixed in
mj2majordomo_2<= 20110203
mj2majordomo_2
mj2majordomo_2
mj2majordomo_2
mj2majordomo_2
mj2majordomo_2
mj2majordomo_2
mj2majordomo_2
mj2majordomo_2
mj2majordomo_2
mj2majordomo_2
mj2majordomo_2
mj2majordomo_2
mj2majordomo_2
mj2majordomo_2
mj2majordomo_2
mj2majordomo_2
mj2majordomo_2
mj2majordomo_2
mj2majordomo_2
mj2majordomo_2
mj2majordomo_2
mj2majordomo_2
mj2majordomo_2
mj2majordomo_2

Detection & IOCsextracted from sources · hover to see the quote

urlhttp://bugzilla.org/cgi-bin/mj_wwwusr?passw=&list=GLOBAL&user=&func=help&extra=./..././..././..././..././..././..././..././.../etc/passwd
url/cgi-bin/mj_wwwusr?passw=&list=GLOBAL&user=&func=help&extra=/../../../../../../../../etc/passwd
path/cgi-bin/mj_wwwusr
pathlib/Majordomo.pm
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.