Published: 22/01/2015 Updated: 19/11/2015

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

The newsletter posting area in the web interface in Sympa 6.0.x prior to 6.0.10 and 6.1.x prior to 6.1.24 allows remote malicious users to read arbitrary files via unspecified vectors.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sympa sympa 6.0.3
sympa sympa 6.0.5
sympa sympa 6.1.7
sympa sympa 6.1.5
sympa sympa 6.1.0
sympa sympa 6.1.11
sympa sympa 6.1.13
sympa sympa 6.1.18
sympa sympa 6.1.20
sympa sympa 6.0.4
sympa sympa 6.0.6
sympa sympa 6.1.8
sympa sympa 6.1.6
sympa sympa 6.1.10
sympa sympa 6.1.12
sympa sympa 6.1.19
sympa sympa 6.1.21
sympa sympa 6.0.0
sympa sympa 6.0.1
sympa sympa 6.0.2
sympa sympa 6.1.4
sympa sympa 6.1.3
sympa sympa 6.1.2
sympa sympa 6.1.1
sympa sympa 6.1.22
sympa sympa 6.1.23
sympa sympa 6.0.7
sympa sympa 6.0.8
sympa sympa 6.0.9
sympa sympa 6.1.9
sympa sympa 6.1.14
sympa sympa 6.1.15
sympa sympa 6.1.16
sympa sympa 6.1.17

A vulnerability has been discovered in the web interface of sympa, a mailing list manager An attacker could take advantage of this flaw in the newsletter posting area, which allows sending to a list, or to oneself, any file located on the server filesystem and readable by the sympa user For the stable distribution (wheezy), this problem has been ...

CWE-200 http://secunia.com/advisories/62442 http://secunia.com/advisories/62387 http://www.debian.org/security/2015/dsa-3134 https://www.sympa.org/security_advisories http://www.openwall.com/lists/oss-security/2015/01/20/4 http://www.securityfocus.com/bid/72277 http://advisories.mageia.org/MGASA-2015-0085.html http://www.mandriva.com/security/advisories?name=MDVSA-2015:051 https://nvd.nist.gov https://www.debian.org/security/./dsa-3134

CVE-2015-1306

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect