Lucene search
+L

PT-2020-16527 · Renaud Bastide Christophe Wolfhugel +1 · Sympa +1

🗓️ 07 Oct 2020 00:00:00Reported by Positive TechnologiesType 
ptsecurity
 ptsecurity
🔗 dbugs.ptsecurity.com👁 1 Views

Local root escalation in Sympa through 6.2.57b.2 by altering sympa.conf and parsing with setuid.

Related
Refs
ReporterTitlePublishedViews
Family
FreeBSD
sympa -- Unauthorised full access via SOAP API due to illegal cookie
24 Nov 202000:00
freebsd
FreeBSD
sympa -- Denial of service caused by malformed CSRF token
24 Feb 202000:00
freebsd
BDU FSTEC
The vulnerability of the Sympa mailing list manager, related to a bug in the resource consumption monitoring mechanism, allows a violator to trigger a service failure.
30 Mar 202100:00
bdu_fstec
BDU FSTEC
The vulnerability of the authenticateAndRun function in the Sympa mailing list manager, related to the lack of authentication mechanisms, allows attackers to access confidential data.
30 Mar 202100:00
bdu_fstec
BDU FSTEC
The vulnerability of Sympa mailing list managers, related to the lack of a mechanism for managing privileges, allows attackers to gain access to confidential data, compromise its integrity, and cause service failures.
30 Mar 202100:00
bdu_fstec
BDU FSTEC
The vulnerability of the debian/sympa.postinst component of the Sympa mailing list manager allows a perpetrator to compromise the integrity of data by improperly assigning permissions for critical resources.
30 Mar 202100:00
bdu_fstec
BDU FSTEC
The vulnerability of Sympa mailing list managers, related to the use of open redirection, allows attackers to compromise the confidentiality and integrity of the protected information.
27 Apr 202100:00
bdu_fstec
Huntr
Cross-site Scripting (XSS) - Reflected in keystonejs/keystone
30 Dec 202116:29
huntr
Circl
CVE-2020-10936
27 May 202022:55
circl
Circl
CVE-2020-26880
7 Oct 202022:29
circl
Rows per page

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

16 Nov 2022 00:00Current
5.7Medium risk
Vulners AI Score5.7
CVSS 3.17.8
CVSS 27.2
CVSS 36.1
EPSS0.03982
1