CVE-2011-0049

NUCLEI

Majordomo <20110131 - Path Traversal

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2011-0049. PoCs published by Michael Brooks, Nikolas Sotiriu, including Metasploit module auxiliary/scanner/http/majordomo2_directory_traversal. A Nuclei detection template is also available.

AI-analyzed exploit summary The exploit demonstrates a directory traversal vulnerability in Majordomo2 via both email and HTTP interfaces, allowing unauthorized access to arbitrary files (e.g., /etc/passwd). The PoC includes a crafted HTTP request and email body to trigger the flaw.

Description

Directory traversal vulnerability in the _list_file_get function in lib/Majordomo.pm in Majordomo 2 before 20110131 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the help command, as demonstrated using (1) a crafted email and (2) cgi-bin/mj_wwwusr in the web interface.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Michael Brooks · textremotemultiple
https://www.exploit-db.com/exploits/16103

The exploit demonstrates a directory traversal vulnerability in Majordomo2 via both email and HTTP interfaces, allowing unauthorized access to arbitrary files (e.g., /etc/passwd). The PoC includes a crafted HTTP request and email body to trigger the flaw.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Majordomo2 (20110121 and prior)
No auth needed
Prerequisites: Access to Majordomo2's HTTP or email interface
devstral-2 · analyzed Feb 18, 2026 Full analysis →
metasploit WORKING POC
by Nikolas Sotiriu · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/majordomo2_directory_traversal.rb

This Metasploit module exploits a directory traversal vulnerability in Majordomo2's _list_file_get() function by sending crafted HTTP requests to retrieve arbitrary files from the server. It attempts to fetch the specified file (default: config.pl) using path traversal sequences and stores the retrieved content as loot.

Classification
Working Poc 100%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Majordomo2
No auth needed
Prerequisites: Access to the Majordomo2 CGI script (typically /cgi-bin/mj_wwwusr)
devstral-2 · analyzed Jun 05, 2026 Full analysis →

Nuclei Templates (1)

Majordomo2 - SMTP/HTTP Directory Traversal
MEDIUMby pikpikcu

References (13)

Core 13
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/46127
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0288
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/363726
Exploit, URL Repurposed x_refsource_misc
https://sitewat.ch/en/Advisory/View/1
Exploit, Patch x_refsource_misc
https://bugzilla.mozilla.org/show_bug.cgi?id=628064
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/43125
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/65113
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1025024
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/516150/100/0/threaded
Exploit, Third Party Advisory exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/16103
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/8061
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/70762

Scores

EPSS 0.9539
EPSS Percentile 99.9%

Details

CWE
CWE-22
Status published
Products (30)
mj2/majordomo_2 20110101
mj2/majordomo_2 20110102
mj2/majordomo_2 20110103
mj2/majordomo_2 20110104
mj2/majordomo_2 20110105
mj2/majordomo_2 20110106
mj2/majordomo_2 20110107
mj2/majordomo_2 20110108
mj2/majordomo_2 20110109
mj2/majordomo_2 20110110
... and 20 more
Published Feb 04, 2011
Tracked Since Feb 18, 2026