Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sympa sympa vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2018-1000550
The Sympa Community Sympa version prior to version 6.2.32 contains a Directory Traversal vulnerability in wwsympa.fcgi template editing function that can result in Possibility to create or modify files on the server filesystem. This attack appear to be exploitable via HTTP GET/PO...
Sympa Sympa
Debian Debian Linux 8.0
7.5
CVSSv2
CVE-2012-2352
The archive management (arc_manage) page in wwsympa/wwsympa.fcgi.in in Sympa prior to 6.1.11 does not check permissions, which allows remote malicious users to list, read, and delete arbitrary list archives via vectors related to the (1) do_arc_manage, (2) do_arc_download, or (3)...
Sympa Sympa 3.2.2a
Sympa Sympa 6.0.6
Sympa Sympa 3.3b.4
Sympa Sympa 3.3.3
Sympa Sympa 2.7b.2
Sympa Sympa 1.2.0
Sympa Sympa 2.2b
Sympa Sympa 2.2.3b
Sympa Sympa 2.2.5
Sympa Sympa 0.005
Sympa Sympa 0.007
Sympa Sympa 2.2.2b
Sympa Sympa 5.3
Sympa Sympa 2.3.2
Sympa Sympa 3.1
Sympa Sympa 3.0a
Sympa Sympa 5.0b
Sympa Sympa 4.2b.3
Sympa Sympa 1.4.0
Sympa Sympa 5.0a
Sympa Sympa 2.5.1
Sympa Sympa 5.3a.10
7.2
CVSSv2
CVE-2020-26880
Sympa up to and including 6.2.57b.2 allows a local privilege escalation from the sympa user account to full root access by modifying the sympa.conf configuration file (which is owned by sympa) and parsing it through the setuid sympa_newaliases-wrapper executable.
Sympa Sympa 6.2.57
Sympa Sympa
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Debian Debian Linux 9.0
7.2
CVSSv2
CVE-2020-10936
Sympa prior to 6.2.56 allows privilege escalation.
Sympa Sympa
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 14.04
6.9
CVSSv2
CVE-2008-4476
sympa.pl in sympa 5.3.4 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/sympa_aliases.$$ temporary file. NOTE: wwsympa.fcgi was also reported, but the issue occurred in a dead function, so it is not a vulnerability.
Sympa Sympa 5.3.4
5.8
CVSSv2
CVE-2018-1000671
sympa version 6.2.16 and later contains a CWE-601: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in The "referer" parameter of the wwsympa.fcgi login action. that can result in Open redirection and reflected XSS via data URIs. This attack a...
Sympa Sympa
Debian Debian Linux 8.0
5
CVSSv2
CVE-2020-9369
Sympa 6.2.38 up to and including 6.2.52 allows remote malicious users to cause a denial of service (disk consumption from temporary files, and a flood of notifications to listmasters) via a series of requests with malformed parameters.
Sympa Sympa
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Debian Debian Linux 10.0
5
CVSSv2
CVE-2015-1306
The newsletter posting area in the web interface in Sympa 6.0.x prior to 6.0.10 and 6.1.x prior to 6.1.24 allows remote malicious users to read arbitrary files via unspecified vectors.
Sympa Sympa 6.0.6
Sympa Sympa 6.1.21
Sympa Sympa 6.1.22
Sympa Sympa 6.0.4
Sympa Sympa 6.0.0
Sympa Sympa 6.1.10
Sympa Sympa 6.1.23
Sympa Sympa 6.1.17
Sympa Sympa 6.0.7
Sympa Sympa 6.1.0
Sympa Sympa 6.1.11
Sympa Sympa 6.0.5
Sympa Sympa 6.1.20
Sympa Sympa 6.1.12
Sympa Sympa 6.1.16
Sympa Sympa 6.1.13
Sympa Sympa 6.1.5
Sympa Sympa 6.1.1
Sympa Sympa 6.1.6
Sympa Sympa 6.1.8
Sympa Sympa 6.1.2
Sympa Sympa 6.1.18
5
CVSSv2
CVE-2008-1648
Sympa prior to 5.4 allows remote malicious users to cause a denial of service (daemon crash) via an e-mail message with a malformed value of the Content-Type header and unspecified other headers. NOTE: some of these details are obtained from third party information.
Sympa Sympa 3.2.2a
Sympa Sympa 3.3b.4
Sympa Sympa 3.3.3
Sympa Sympa 2.7b.2
Sympa Sympa 1.2.0
Sympa Sympa 2.2b
Sympa Sympa 2.2.3b
Sympa Sympa 2.2.5
Sympa Sympa 0.005
Sympa Sympa 0.007
Sympa Sympa 2.2.2b
Sympa Sympa 5.3
Sympa Sympa 2.3.2
Sympa Sympa 3.1
Sympa Sympa 3.0a
Sympa Sympa 5.0b
Sympa Sympa 4.2b.3
Sympa Sympa 1.4.0
Sympa Sympa 5.0a
Sympa Sympa 2.5.1
Sympa Sympa 5.3a.10
Sympa Sympa 4.0.b3
4.6
CVSSv2
CVE-2005-0073
Buffer overflow in queue.c in a support script for sympa 3.3.3, when running setuid, allows local users to execute arbitrary code.
Debian Sympa 3.3.3
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
logic flaw
CVE-2024-23692
CVE-2024-26229
CVE-2024-35255
CVE-2024-5835
CVE-2024-5837
XML external entity
dos
CVE-2024-5813
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »