Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sympa sympa vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2018-1000550
The Sympa Community Sympa version prior to version 6.2.32 contains a Directory Traversal vulnerability in wwsympa.fcgi template editing function that can result in Possibility to create or modify files on the server filesystem. This attack appear to be exploitable via HTTP GET/PO...
Sympa Sympa
Debian Debian Linux 8.0
668
VMScore
CVE-2012-2352
The archive management (arc_manage) page in wwsympa/wwsympa.fcgi.in in Sympa prior to 6.1.11 does not check permissions, which allows remote malicious users to list, read, and delete arbitrary list archives via vectors related to the (1) do_arc_manage, (2) do_arc_download, or (3)...
Sympa Sympa 6.1.6
Sympa Sympa 6.1.5
Sympa Sympa 6.0.4
Sympa Sympa 6.1b.4
Sympa Sympa 6.0
Sympa Sympa 6.0b.4
Sympa Sympa 5.4
Sympa Sympa 5.4b.1
Sympa Sympa 5.3b.1
Sympa Sympa 5.3a.10
Sympa Sympa 5.1
Sympa Sympa 5.0
Sympa Sympa 4.1
Sympa Sympa 4.0.b3
Sympa Sympa 4.0.b2
Sympa Sympa 4.0.a4
Sympa Sympa 4.0.a3
Sympa Sympa 3.3.6b.2
Sympa Sympa 3.3.6b.1
Sympa Sympa 3.3.4b.3
Sympa Sympa 3.3.3
Sympa Sympa 3.2
641
VMScore
CVE-2020-26880
Sympa up to and including 6.2.57b.2 allows a local privilege escalation from the sympa user account to full root access by modifying the sympa.conf configuration file (which is owned by sympa) and parsing it through the setuid sympa_newaliases-wrapper executable.
Sympa Sympa 6.2.57
Sympa Sympa
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Debian Debian Linux 9.0
641
VMScore
CVE-2020-10936
Sympa prior to 6.2.56 allows privilege escalation.
Sympa Sympa
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Canonical Ubuntu Linux 14.04
614
VMScore
CVE-2008-4476
sympa.pl in sympa 5.3.4 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/sympa_aliases.$$ temporary file. NOTE: wwsympa.fcgi was also reported, but the issue occurred in a dead function, so it is not a vulnerability.
Sympa Sympa 5.3.4
516
VMScore
CVE-2018-1000671
sympa version 6.2.16 and later contains a CWE-601: URL Redirection to Untrusted Site ('Open Redirect') vulnerability in The "referer" parameter of the wwsympa.fcgi login action. that can result in Open redirection and reflected XSS via data URIs. This attack a...
Sympa Sympa
Debian Debian Linux 8.0
445
VMScore
CVE-2020-9369
Sympa 6.2.38 up to and including 6.2.52 allows remote malicious users to cause a denial of service (disk consumption from temporary files, and a flood of notifications to listmasters) via a series of requests with malformed parameters.
Sympa Sympa
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Debian Debian Linux 10.0
445
VMScore
CVE-2015-1306
The newsletter posting area in the web interface in Sympa 6.0.x prior to 6.0.10 and 6.1.x prior to 6.1.24 allows remote malicious users to read arbitrary files via unspecified vectors.
Sympa Sympa 6.0.3
Sympa Sympa 6.0.5
Sympa Sympa 6.1.7
Sympa Sympa 6.1.5
Sympa Sympa 6.1.0
Sympa Sympa 6.1.11
Sympa Sympa 6.1.13
Sympa Sympa 6.1.18
Sympa Sympa 6.1.20
Sympa Sympa 6.0.4
Sympa Sympa 6.0.6
Sympa Sympa 6.1.8
Sympa Sympa 6.1.6
Sympa Sympa 6.1.10
Sympa Sympa 6.1.12
Sympa Sympa 6.1.19
Sympa Sympa 6.1.21
Sympa Sympa 6.0.0
Sympa Sympa 6.0.1
Sympa Sympa 6.0.2
Sympa Sympa 6.1.4
Sympa Sympa 6.1.3
445
VMScore
CVE-2008-1648
Sympa prior to 5.4 allows remote malicious users to cause a denial of service (daemon crash) via an e-mail message with a malformed value of the Content-Type header and unspecified other headers. NOTE: some of these details are obtained from third party information.
Sympa Sympa 0.007
Sympa Sympa 0.008
Sympa Sympa 1.3.1
Sympa Sympa 1.3.1-2
Sympa Sympa 1.4.2-1
Sympa Sympa 1.5
Sympa Sympa 2.2.7
Sympa Sympa 2.2b
Sympa Sympa 2.3.0
Sympa Sympa 2.5
Sympa Sympa 2.5.1
Sympa Sympa 2.7.1
Sympa Sympa 2.7.2
Sympa Sympa 3.0a.1
Sympa Sympa 3.0b.4
Sympa Sympa 3.1b.13
Sympa Sympa 3.1b.7
Sympa Sympa 3.3.1
Sympa Sympa 3.3.3
Sympa Sympa 3.3.5
Sympa Sympa 3.3.6b.2
Sympa Sympa 3.3b.4
435
VMScore
CVE-2004-1735
Cross-site scripting (XSS) vulnerability in the create list option in Sympa 4.1.x and previous versions allows remote authenticated users to inject arbitrary web script or HTML via the description field.
Sympa Sympa 4.1
Sympa Sympa 4.1.1
Sympa Sympa 4.1.2
Sympa Sympa 4.0
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »