330 matches found
Debian DLA-2499-1 : sympa security update
Sympa, a modern mailing list manager, grants full SOAP API access by sending invalid string as the cookie value, if the SOAP endpoint was enabled. An attacker could manipulate the mailing lists, including subscribing e-mails or getting the list of subscribers. For Debian 9 stretch, this problem h...
Debian: Security Advisory (DLA-2499-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] [DLA 2499-1] sympa security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2499-1 [email protected] https://www.debian.org/lts/security/ December 17, 2020 https://wiki.debian.org/LTS - -------------------------------------------------------------------------...
DLA-2499-1 sympa - security update
Bulletin has no description...
Sympa < 6.2.60 SOAP API Vulnerability
Sympa is prone to an authentication bypass vulnerability in the SOAP API. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is fr...
Authorization Bypass
sympa is vulnerable to authorization bypass. The vulnerability exists as remote attackers can obtain full SOAP API access by sending any arbitrary string except one from an expired cookie as the cookie value to authenticateAndRun...
CVE-2020-29668
Sympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string except one from an expired cookie as the cookie value to authenticateAndRun...
CVE-2020-29668
Sympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string except one from an expired cookie as the cookie value to authenticateAndRun...
DEBIAN-CVE-2020-29668
Sympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string except one from an expired cookie as the cookie value to authenticateAndRun...
UBUNTU-CVE-2020-29668
Sympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string except one from an expired cookie as the cookie value to authenticateAndRun...
Code injection
Sympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string except one from an expired cookie as the cookie value to authenticateAndRun...
CVE-2020-29668
Sympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string except one from an expired cookie as the cookie value to authenticateAndRun...
CVE-2020-29668
CVE-2020-29668 affects Sympa prior to 6.2.59b.2. The issue allows remote attackers to obtain full SOAP API access by sending an arbitrary string (except one from an expired cookie) as the cookie value to the authenticateAndRun endpoint. The public description in the initial document confirms the ...
CVE-2020-29668
Sympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string except one from an expired cookie as the cookie value to authenticateAndRun...
CVE-2020-29668
Sympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitrary string except one from an expired cookie as the cookie value to authenticateAndRun...
Sympa Authorization Issues Vulnerability
Sympa is an open source email management list software from the Sympa community. The software supports email management, authentication and access control. An authorization issue vulnerability exists in Sympa version 6.2.59b and earlier, which can be exploited by an attacker to gain full SOAP API...
Insecure Permissions
sympa does not securely configure file permissions. debian/sympa.postinst uses mode 4755 for sympanewaliases-wrapper while the intended permissions are mode 4750 for access by the sympa group...
Open Redirection
sympa is vulnerable to open redirect. An attacker is able to supply a crafted URL to a victim's browser...
sympa -- Unauthorised full access via SOAP API due to illegal cookie
Sympa community reports: Unauthorised full access via SOAP API due to illegal cookie...
Sympa <= 6.2.59 Privilege Escalation Vulnerability
Sympa is prone to a privilege escalation vulnerability. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you c...