Vendor
Sympa
Products
1
CVEs
5
Across products
327
Status
Private
Products
1- 327 CVEs
Recent CVEs
5| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2004-1735 | 0.03 | — | 0.04 | Aug 21, 2004 | Cross-site scripting (XSS) vulnerability in the create list option in Sympa 4.1.x and earlier allows remote authenticated users to inject arbitrary web script or HTML via the description field. | ||
| CVE-2015-1306 | 0.00 | — | 0.01 | Jan 22, 2015 | The newsletter posting area in the web interface in Sympa 6.0.x before 6.0.10 and 6.1.x before 6.1.24 allows remote attackers to read arbitrary files via unspecified vectors. | ||
| CVE-2012-2352 | 0.00 | — | 0.01 | May 31, 2012 | The archive management (arc_manage) page in wwsympa/wwsympa.fcgi.in in Sympa before 6.1.11 does not check permissions, which allows remote attackers to list, read, and delete arbitrary list archives via vectors related to the (1) do_arc_manage, (2) do_arc_download, or (3) do_arc_delete functions. | ||
| CVE-2008-4476 | 0.00 | — | 0.00 | Oct 7, 2008 | sympa.pl in sympa 5.3.4 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/sympa_aliases.$$ temporary file. NOTE: wwsympa.fcgi was also reported, but the issue occurred in a dead function, so it is not a vulnerability. | ||
| CVE-2008-1648 | 0.00 | — | 0.02 | Apr 2, 2008 | Sympa before 5.4 allows remote attackers to cause a denial of service (daemon crash) via an e-mail message with a malformed value of the Content-Type header and unspecified other headers. NOTE: some of these details are obtained from third party information. |