Page 3 of 13 results (0.002 seconds)

CVSS: 5.0EPSS: 3%CPEs: 129EXPL: 1

Sympa before 5.4 allows remote attackers to cause a denial of service (daemon crash) via an e-mail message with a malformed value of the Content-Type header and unspecified other headers. NOTE: some of these details are obtained from third party information. Sympa antes de 5.4 permite a atacantes remotos provocar una denegación de servicio (caída de demonio) a través de un email con un valor mal formado de la cabecera Content-Type y otras cabeceras no especificadas. NOTA: algunos de estos detalles se han obtenido de información de terceros. • http://secunia.com/advisories/29575 http://secunia.com/advisories/30910 http://sourcesup.cru.fr/tracker/?func=detail&group_id=23&aid=3702&atid=167 http://www.debian.org/security/2008/dsa-1600 http://www.mandriva.com/security/advisories?name=MDVSA-2008:133 http://www.securityfocus.com/bid/28539 http://www.sympa.org/distribution/latest-stable/NEWS http://www.vupen.com/english/advisories/2008/1080/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41561 • CWE-20: Improper Input Validation •

CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0

Buffer overflow in queue.c in a support script for sympa 3.3.3, when running setuid, allows local users to execute arbitrary code. • http://secunia.com/advisories/14217 http://secunia.com/advisories/14224 http://securitytracker.com/id?1013163 http://www.debian.org/security/2005/dsa-677 •

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 2

Cross-site scripting (XSS) vulnerability in the create list option in Sympa 4.1.x and earlier allows remote authenticated users to inject arbitrary web script or HTML via the description field. • https://www.exploit-db.com/exploits/24389 http://marc.info/?l=bugtraq&m=109312475207604&w=2 http://secunia.com/advisories/12339 http://www.securityfocus.com/bid/10992 https://exchange.xforce.ibmcloud.com/vulnerabilities/17057 •