Add2it Mailman Free 1.73 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the list parameter.Referenceshttp://www.iss.net/security_center/static/8202.phphttp://www.securityfocus.com/bid/4105http://marc.info/?l=bugtraq&m=101371994219708&w=2http://www.add2it.com/scripts/mailman-free-history.shtml
