Download
| Alert*
oval:org.secpod.oval:def:2000087
sympa version 6.2.16 and later contains a CWE-601: URL Redirection to Untrusted Site vulnerability in The "referer" parameter of the wwsympa.fcgi login action. that can result in Open redirection and reflected XSS via data URIs. This attack appear to be exploitable via Victim"s browser must follow ... oval:org.secpod.oval:def:118290 Sympa is scalable and highly customizable mailing list manager. It can cope with big lists and comes with a complete Web interface. It is internationalized, and supports the us, fr, de, es, it, fi, and chinese locales. A scripting language allows you to extend the behavior of commands. Sympa can b ... oval:org.secpod.oval:def:603505 Michael Kaczmarczik discovered a vulnerability in the web interface template editing function of Sympa, a mailing list manager. Owner and listmasters could use this flaw to create or modify arbitrary files in the server with privileges of sympa user or owner view list config files even if edit_list. ... oval:org.secpod.oval:def:53409 Michael Kaczmarczik discovered a vulnerability in the web interface template editing function of Sympa, a mailing list manager. Owner and listmasters could use this flaw to create or modify arbitrary files in the server with privileges of sympa user or owner view list config files even if edit_list. ... oval:org.secpod.oval:def:601921 A vulnerability has been discovered in the web interface of sympa, a mailing list manager. An attacker could take advantage of this flaw in the newsletter posting area, which allows sending to a list, or to oneself, any file located on the server filesystem and readable by the sympa user. oval:org.secpod.oval:def:117908 sympa is installed oval:org.secpod.oval:def:600810 Several vulnerabilities have been discovered in Sympa, a mailing list manager, that allow to skip the scenario-based authorization mechanisms. This vulnerability allows to display the archives management page, and download and delete the list archives by unauthorized users. oval:org.secpod.oval:def:601492 sympa is installed oval:org.secpod.oval:def:69838 Several vulnerabilities were discovered in Sympa, a mailing list manager, which could result in local privilege escalation, denial of service or unauthorized access via the SOAP API. Additionally to mitigate CVE-2020-26880 the sympa_newaliases-wrapper is no longer installed setuid root by default. A ... |