|Improper Input Validation|
|Permissions, Privileges, and Access Controls|
|Vulnerability||Severity Score||Release Date||Summary|
|CVE-2008-1648||5.0||April 2, 2008||
Sympa before 5.4 allows remote attackers to cause a denial of service (daemon crash) via an e-mail message with a malformed value of the Content-Type header and unspecified other headers. NOTE: some of these details are obtained from third party information.
|CVE-2012-2352||7.5||May 31, 2012||
The archive management (arc_manage) page in wwsympa/wwsympa.fcgi.in in Sympa before 6.1.11 does not check permissions, which allows remote attackers to list, read, and delete arbitrary list archives via vectors related to the (1) do_arc_manage, (2) do_arc_download, or (3) do_arc_delete functions.