CVE-2015-1306

Published: Jan 22, 2015Modified: May 6, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

The newsletter posting area in the web interface in Sympa 6.0.x before 6.0.10 and 6.1.x before 6.1.24 allows remote attackers to read arbitrary files via unspecified vectors.

Affected (34)

Products: Sympa: Sympa

1 product

Configuration A

34 vulnerable

Vulnerable Software	Affected Versions
Sympa Sympa	Version 6.0.0
Sympa Sympa	Version 6.0.1
Sympa Sympa	Version 6.0.2
Sympa Sympa	Version 6.0.3
Sympa Sympa	Version 6.0.4
Sympa Sympa	Version 6.0.5
Sympa Sympa	Version 6.0.6
Sympa Sympa	Version 6.0.7
Sympa Sympa	Version 6.0.8
Sympa Sympa	Version 6.0.9
Sympa Sympa	Version 6.1.0
Sympa Sympa	Version 6.1.10
Sympa Sympa	Version 6.1.11
Sympa Sympa	Version 6.1.12
Sympa Sympa	Version 6.1.13
Sympa Sympa	Version 6.1.14
Sympa Sympa	Version 6.1.15
Sympa Sympa	Version 6.1.16
Sympa Sympa	Version 6.1.17
Sympa Sympa	Version 6.1.18
Sympa Sympa	Version 6.1.19
Sympa Sympa	Version 6.1.1
Sympa Sympa	Version 6.1.20
Sympa Sympa	Version 6.1.21
Sympa Sympa	Version 6.1.22
Sympa Sympa	Version 6.1.23
Sympa Sympa	Version 6.1.2
Sympa Sympa	Version 6.1.3
Sympa Sympa	Version 6.1.4
Sympa Sympa	Version 6.1.5
Sympa Sympa	Version 6.1.6
Sympa Sympa	Version 6.1.7
Sympa Sympa	Version 6.1.8
Sympa Sympa	Version 6.1.9

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (16)

http://advisories.mageia.org/MGASA-2015-0085.html

Source: security@debian.org

http://secunia.com/advisories/62387

Source: security@debian.org

http://secunia.com/advisories/62442

Source: security@debian.org

http://www.debian.org/security/2015/dsa-3134

Source: security@debian.org

http://www.mandriva.com/security/advisories?name=MDVSA-2015:051

Source: security@debian.org

http://www.openwall.com/lists/oss-security/2015/01/20/4

Source: security@debian.org

http://www.securityfocus.com/bid/72277

Source: security@debian.org

https://www.sympa.org/security_advisories

Source: security@debian.org

PatchVendor Advisory

http://advisories.mageia.org/MGASA-2015-0085.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/62387

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/62442

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2015/dsa-3134

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDVSA-2015:051

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2015/01/20/4

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/72277

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.sympa.org/security_advisories

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.