{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-01-15T00:00:00", "descriptions": [{"lang": "en", "value": "The newsletter posting area in the web interface in Sympa 6.0.x before 6.0.10 and 6.1.x before 6.1.24 allows remote attackers to read arbitrary files via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2015-03-19T15:57:00", "orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "shortName": "debian"}, "references": [{"name": "MDVSA-2015:051", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:051"}, {"name": "[oss-security] 20150120 Possible CVE request: sympa: vulnerability in the web interface", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2015/01/20/4"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.sympa.org/security_advisories"}, {"name": "62387", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/62387"}, {"name": "72277", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/72277"}, {"name": "62442", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/62442"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://advisories.mageia.org/MGASA-2015-0085.html"}, {"name": "DSA-3134", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2015/dsa-3134"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@debian.org", "ID": "CVE-2015-1306", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The newsletter posting area in the web interface in Sympa 6.0.x before 6.0.10 and 6.1.x before 6.1.24 allows remote attackers to read arbitrary files via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "MDVSA-2015:051", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:051"}, {"name": "[oss-security] 20150120 Possible CVE request: sympa: vulnerability in the web interface", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2015/01/20/4"}, {"name": "https://www.sympa.org/security_advisories", "refsource": "CONFIRM", "url": "https://www.sympa.org/security_advisories"}, {"name": "62387", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/62387"}, {"name": "72277", "refsource": "BID", "url": "http://www.securityfocus.com/bid/72277"}, {"name": "62442", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/62442"}, {"name": "http://advisories.mageia.org/MGASA-2015-0085.html", "refsource": "CONFIRM", "url": "http://advisories.mageia.org/MGASA-2015-0085.html"}, {"name": "DSA-3134", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2015/dsa-3134"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T04:40:18.640Z"}, "title": "CVE Program Container", "references": [{"name": "MDVSA-2015:051", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:051"}, {"name": "[oss-security] 20150120 Possible CVE request: sympa: vulnerability in the web interface", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2015/01/20/4"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.sympa.org/security_advisories"}, {"name": "62387", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/62387"}, {"name": "72277", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/72277"}, {"name": "62442", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/62442"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://advisories.mageia.org/MGASA-2015-0085.html"}, {"name": "DSA-3134", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2015/dsa-3134"}]}]}, "cveMetadata": {"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5", "assignerShortName": "debian", "cveId": "CVE-2015-1306", "datePublished": "2015-01-22T15:00:00", "dateReserved": "2015-01-22T00:00:00", "dateUpdated": "2024-08-06T04:40:18.640Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sympa:sympa:6.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "FB4BF564-2AE0-4DCE-B331-873E8480C965", "vulnerable": true}, {"criteria": "cpe:2.3:a:sympa:sympa:6.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "D2BB62E4-8207-4344-87CE-FB916E7ECA90", "vulnerable": true}, {"criteria": "cpe:2.3:a:sympa:sympa:6.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "304DCEDD-661D-400A-94AB-B0DB20843327", "vulnerable": true}, {"criteria": "cpe:2.3:a:sympa:sympa:6.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "05707525-5CD4-49DA-B137-D6F3F793BB40", "vulnerable": true}, {"criteria": "cpe:2.3:a:sympa:sympa:6.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "FB1AF942-E11C-4FF2-863E-E1C47D76D485", "vulnerable": true}, {"criteria": "cpe:2.3:a:sympa:sympa:6.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "01016580-A947-4DE4-9033-4697CE9AF12A", "vulnerable": true}, {"criteria": "cpe:2.3:a:sympa:sympa:6.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "B5F00F31-CA66-43E8-8FE8-3DE0AC483C6B", "vulnerable": true}, {"criteria": "cpe:2.3:a:sympa:sympa:6.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "551375FB-45DB-4CC1-BDFC-E95F2795B6E7", "vulnerable": true}, {"criteria": "cpe:2.3:a:sympa:sympa:6.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "73C4A58F-D1D0-4F90-9A67-DB72B10347F7", "vulnerable": true}, {"criteria": "cpe:2.3:a:sympa:sympa:6.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "7F5FF29A-5032-4AB4-B5BF-750B384A3253", "vulnerable": true}, {"criteria": "cpe:2.3:a:sympa:sympa:6.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "A9A7F6F1-04A0-43CA-98F8-48F5511DFA89", "vulnerable": true}, {"criteria": "cpe:2.3:a:sympa:sympa:6.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "CE3806CA-EFF4-4DC1-827D-D720155231FB", "vulnerable": true}, {"criteria": "cpe:2.3:a:sympa:sympa:6.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "2D74B084-02D3-4410-85BA-9C624A29BFC6", "vulnerable": true}, {"criteria": "cpe:2.3:a:sympa:sympa:6.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "81F89FD3-5FF5-498A-8909-E31D62AB42B8", "vulnerable": true}, {"criteria": "cpe:2.3:a:sympa:sympa:6.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "CB7F80BB-388F-41A7-BCD2-46EA20DC2E6B", "vulnerable": true}, {"criteria": "cpe:2.3:a:sympa:sympa:6.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "F5CB2B7F-325F-489D-98DF-89D2173EF676", "vulnerable": true}, {"criteria": "cpe:2.3:a:sympa:sympa:6.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "4C251761-00A7-4C37-A9DC-E34F4BC40208", "vulnerable": true}, {"criteria": "cpe:2.3:a:sympa:sympa:6.1.7:*:*:*:*:*:*:*", "matchCriteriaId": "76A7EE36-064D-4498-AC81-349CE832C03A", "vulnerable": true}, {"criteria": "cpe:2.3:a:sympa:sympa:6.1.8:*:*:*:*:*:*:*", "matchCriteriaId": "0560EDE9-268B-45F0-A3F0-88781EA52A7A", "vulnerable": true}, {"criteria": "cpe:2.3:a:sympa:sympa:6.1.9:*:*:*:*:*:*:*", "matchCriteriaId": "38AD95A8-6074-43ED-806F-E1512A4ED2D1", "vulnerable": true}, {"criteria": "cpe:2.3:a:sympa:sympa:6.1.10:*:*:*:*:*:*:*", "matchCriteriaId": "DED874B0-E182-455C-BED7-E15751DA4148", "vulnerable": true}, {"criteria": "cpe:2.3:a:sympa:sympa:6.1.11:*:*:*:*:*:*:*", "matchCriteriaId": "5C89CA1F-4352-45C2-B8AE-7C18EB5A4145", "vulnerable": true}, {"criteria": "cpe:2.3:a:sympa:sympa:6.1.12:*:*:*:*:*:*:*", "matchCriteriaId": "8C52EAD2-7F18-4431-AF5B-05BE52D5E2DB", "vulnerable": true}, {"criteria": "cpe:2.3:a:sympa:sympa:6.1.13:*:*:*:*:*:*:*", "matchCriteriaId": "5BB42670-39BD-4AEC-BF49-EBD4AD75404A", "vulnerable": true}, {"criteria": "cpe:2.3:a:sympa:sympa:6.1.14:*:*:*:*:*:*:*", "matchCriteriaId": "FAAFD5F8-2656-4944-A359-8163CBD58181", "vulnerable": true}, {"criteria": "cpe:2.3:a:sympa:sympa:6.1.15:*:*:*:*:*:*:*", "matchCriteriaId": "4E139BC3-D07E-42A2-B2D8-39143F3DFACC", "vulnerable": true}, {"criteria": "cpe:2.3:a:sympa:sympa:6.1.16:*:*:*:*:*:*:*", "matchCriteriaId": "8BCBDA07-5C4E-4584-A2FB-D681CBD4F52F", "vulnerable": true}, {"criteria": "cpe:2.3:a:sympa:sympa:6.1.17:*:*:*:*:*:*:*", "matchCriteriaId": "CA67608D-8D20-4A72-83F8-A28032C3C840", "vulnerable": true}, {"criteria": "cpe:2.3:a:sympa:sympa:6.1.18:*:*:*:*:*:*:*", "matchCriteriaId": "A1EA5703-FF75-497D-8F88-8BD98A48FF81", "vulnerable": true}, {"criteria": "cpe:2.3:a:sympa:sympa:6.1.19:*:*:*:*:*:*:*", "matchCriteriaId": "9F2C2D97-7439-4A3D-B9AE-C6990D78FAB0", "vulnerable": true}, {"criteria": "cpe:2.3:a:sympa:sympa:6.1.20:*:*:*:*:*:*:*", "matchCriteriaId": "20F272D3-3486-41B5-BB33-92C5ABE9B3B9", "vulnerable": true}, {"criteria": "cpe:2.3:a:sympa:sympa:6.1.21:*:*:*:*:*:*:*", "matchCriteriaId": "E7A420CA-4F90-4CCF-BF0A-6AC14041E659", "vulnerable": true}, {"criteria": "cpe:2.3:a:sympa:sympa:6.1.22:*:*:*:*:*:*:*", "matchCriteriaId": "6DF29DFE-7741-4BEA-8BA4-CE07D435E2FB", "vulnerable": true}, {"criteria": "cpe:2.3:a:sympa:sympa:6.1.23:*:*:*:*:*:*:*", "matchCriteriaId": "7D034E88-50F5-469F-BEF2-AC25C43FDDB9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The newsletter posting area in the web interface in Sympa 6.0.x before 6.0.10 and 6.1.x before 6.1.24 allows remote attackers to read arbitrary files via unspecified vectors."}, {"lang": "es", "value": "La \u00e1rea de anuncios (newsletter) en la interfaz web en Sympa 6.0.x anterior a 6.0.10 y 6.1.x anterior a 6.1.24 permite a atacantes remotos leer ficheros arbitrarios a trav\u00e9s de vectores no especifcados."}], "id": "CVE-2015-1306", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-01-22T15:59:00.140", "references": [{"source": "security@debian.org", "url": "http://advisories.mageia.org/MGASA-2015-0085.html"}, {"source": "security@debian.org", "url": "http://secunia.com/advisories/62387"}, {"source": "security@debian.org", "url": "http://secunia.com/advisories/62442"}, {"source": "security@debian.org", "url": "http://www.debian.org/security/2015/dsa-3134"}, {"source": "security@debian.org", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:051"}, {"source": "security@debian.org", "url": "http://www.openwall.com/lists/oss-security/2015/01/20/4"}, {"source": "security@debian.org", "url": "http://www.securityfocus.com/bid/72277"}, {"source": "security@debian.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.sympa.org/security_advisories"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://advisories.mageia.org/MGASA-2015-0085.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/62387"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/62442"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2015/dsa-3134"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:051"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2015/01/20/4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/72277"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.sympa.org/security_advisories"}], "sourceIdentifier": "security@debian.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}