Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2009-4896

Multiple directory traversal vulnerabilities in the mlmmj-php-admin web interface for Mailing List Managing Made Joyful (mlmmj) 1.2.15 through 1.2.17 allow remote authenticated users to overwrite, create, or delete arbitrary files, or determine the existence of arbitrary directories, via a .. (dot dot) in a list name in a (1) edit or (2) save action.

Related bugs and status

CVE-2009-4896 (Candidate) is related to these bugs:

Bug #607100: Sync mlmmj 1.2.17-1.1 (universe) from Debian unstable (main)

Summary				In	Importance	Status
	607100	Sync mlmmj 1.2.17-1.1 (universe) from Debian unstable (main)		mlmmj (Ubuntu)	Wishlist	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://secunia.com/adv...
MISC: http://www.debian.org/...
MISC: http://www.openwall.co...
MISC: http://www.openwall.co...
MISC: http://www.openwall.co...
MISC: http://www.openwall.co...
MISC: http://www.openwall.co...
MISC: http://www.openwall.co...
MISC: http://bugs.gentoo.org...
MISC: http://mlmmj.org/node/84
MISC: https://bugzilla.redha...