[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

DSA-4285-1 sympa -- sympa

ID: oval:org.secpod.oval:def:603505Date: (C)2018-09-10   (M)2021-06-06
Class: PATCHFamily: unix




Michael Kaczmarczik discovered a vulnerability in the web interface template editing function of Sympa, a mailing list manager. Owner and listmasters could use this flaw to create or modify arbitrary files in the server with privileges of sympa user or owner view list config files even if edit_list.conf prohibits it.

Platform:
Debian 9.x
Product:
sympa
Reference:
DSA-4285-1
CVE-2018-1000550
CVE    1
CVE-2018-1000550
CPE    180
cpe:/a:sympa:sympa:6.0b.2
cpe:/a:sympa:sympa:6.0b.3
cpe:/a:sympa:sympa:6.0b.4
cpe:/a:sympa:sympa:1.3.4
...

© SecPod Technologies