Majordomo 1.94.3 and earlier allows remote attackers to execute arbitrary commands when the advertise or noadvertise directive is used in a configuration file, via shell metacharacters in the Reply-To header.

MajorCool mj_key_cache program allows local users to modify files via a symlink attack.

Remote attacker can execute commands through Majordomo using the Reply-To field and a "lists" command.