| VID |
22388 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The ListManager software, according to its banner, has multiple vulnerabilities which exist in versions prior to 8.9b. Lyris ListManager is a web-based commercial mailing list management software utility written in Perl. Lyris ListManager versions prior to 8.9b are vulnerable to multiple vulnerabilities. A remote, unauthenticated attacker could exploit these flaws to conduct SQL injection attacks, view the source of any 'tml' script available to the application, bypass authentication, or obtain information about the server configuration.
* Note: This check solely relied on the banner of the remote HTTP server to assess this vulnerability, so this might be a false positive.
* References:
http://metasploit.com/research/vulns/lyris_listmanager/
http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0349.html
http://secunia.com/advisories/17943/
* Platforms Affected:
Lyris Technologies, Inc., Lyris ListManager versions prior to 8.9b
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of ListManager (8.9b or later), available from the Lyris ListManager Download Web site at http://lyris.com/us-en/products/listmanager |
| Related URL |
CVE-2005-4143,CVE-2005-4144,CVE-2005-4146,CVE-2005-4147,CVE-2005-4148 (CVE) |
| Related URL |
15787,15788 (SecurityFocus) |
| Related URL |
(ISS) |
|
