Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sympa sympa vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2021-46900
Sympa prior to 6.2.62 relies on a cookie parameter for certain security objectives, but does not ensure that this parameter exists and has an unpredictable value. Specifically, the cookie parameter is both a salt for stored passwords and an XSS protection mechanism.
Sympa Sympa
3.7
CVSSv3
CVE-2020-29668
Sympa prior to 6.2.59b.2 allows remote malicious users to obtain full SOAP API access by sending any arbitrary string (except one from an expired cookie) as the cookie value to authenticateAndRun.
Sympa Sympa 6.2.59
Sympa Sympa
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Debian Debian Linux 9.0
Debian Debian Linux 10.0
4.3
CVSSv3
CVE-2020-26932
debian/sympa.postinst for the Debian Sympa package prior to 6.2.40~dfsg-7 uses mode 4755 for sympa_newaliases-wrapper, whereas the intended permissions are mode 4750 (for access by the sympa group)
Sympa Sympa
Debian Debian Linux 10.0
7.8
CVSSv3
CVE-2020-26880
Sympa up to and including 6.2.57b.2 allows a local privilege escalation from the sympa user account to full root access by modifying the sympa.conf configuration file (which is owned by sympa) and parsing it through the setuid sympa_newaliases-wrapper executable.
Sympa Sympa 6.2.57
Sympa Sympa
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Debian Debian Linux 9.0
7.8
CVSSv3
CVE-2020-10936
Sympa prior to 6.2.56 allows privilege escalation.
Sympa Sympa
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 14.04
7.5
CVSSv3
CVE-2020-9369
Sympa 6.2.38 up to and including 6.2.52 allows remote malicious users to cause a denial of service (disk consumption from temporary files, and a flood of notifications to listmasters) via a series of requests with malformed parameters.
Sympa Sympa
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Debian Debian Linux 10.0
6.1
CVSSv3
CVE-2018-1000671
sympa version 6.2.16 and later contains a CWE-601: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in The "referer" parameter of the wwsympa.fcgi login action. that can result in Open redirection and reflected XSS via data URIs. This attack a...
Sympa Sympa
Debian Debian Linux 8.0
9.8
CVSSv3
CVE-2018-1000550
The Sympa Community Sympa version prior to version 6.2.32 contains a Directory Traversal vulnerability in wwsympa.fcgi template editing function that can result in Possibility to create or modify files on the server filesystem. This attack appear to be exploitable via HTTP GET/PO...
Sympa Sympa
Debian Debian Linux 8.0
NA
CVE-2015-1306
The newsletter posting area in the web interface in Sympa 6.0.x prior to 6.0.10 and 6.1.x prior to 6.1.24 allows remote malicious users to read arbitrary files via unspecified vectors.
Sympa Sympa 6.0.3
Sympa Sympa 6.0.5
Sympa Sympa 6.1.7
Sympa Sympa 6.1.5
Sympa Sympa 6.1.0
Sympa Sympa 6.1.11
Sympa Sympa 6.1.13
Sympa Sympa 6.1.18
Sympa Sympa 6.1.20
Sympa Sympa 6.0.4
Sympa Sympa 6.0.6
Sympa Sympa 6.1.8
Sympa Sympa 6.1.6
Sympa Sympa 6.1.10
Sympa Sympa 6.1.12
Sympa Sympa 6.1.19
Sympa Sympa 6.1.21
Sympa Sympa 6.0.0
Sympa Sympa 6.0.1
Sympa Sympa 6.0.2
Sympa Sympa 6.1.4
Sympa Sympa 6.1.3
NA
CVE-2012-2352
The archive management (arc_manage) page in wwsympa/wwsympa.fcgi.in in Sympa prior to 6.1.11 does not check permissions, which allows remote malicious users to list, read, and delete arbitrary list archives via vectors related to the (1) do_arc_manage, (2) do_arc_download, or (3)...
Sympa Sympa 6.1.6
Sympa Sympa 6.1.5
Sympa Sympa 6.0.4
Sympa Sympa 6.1b.4
Sympa Sympa 6.0
Sympa Sympa 6.0b.4
Sympa Sympa 5.4
Sympa Sympa 5.4b.1
Sympa Sympa 5.3b.1
Sympa Sympa 5.3a.10
Sympa Sympa 5.1
Sympa Sympa 5.0
Sympa Sympa 4.1
Sympa Sympa 4.0.b3
Sympa Sympa 4.0.b2
Sympa Sympa 4.0.a4
Sympa Sympa 4.0.a3
Sympa Sympa 3.3.6b.2
Sympa Sympa 3.3.6b.1
Sympa Sympa 3.3.4b.3
Sympa Sympa 3.3.3
Sympa Sympa 3.2
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
man-in-the-middle
CVE-2024-34558
CVE-2024-32674
CVE-2024-34351
XPath injection
CVE-2023-45866
CVE-2024-25528
CVE-2024-25517
path traversal
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »