ListManager < 8.9b Multiple Vulnerabilities

high Nessus Plugin ID 20294

Synopsis

The remote web server is vulnerable to multiple flaws.

Description

The remote host appears to be running ListManager, a web-based commercial mailing list management application from Lyris.

The version of ListManager installed on the remote host is affected by a number of input validation flaws. An unauthenticated attacker may be able to exploit these issues to launch SQL injection attacks against the backend database, view the source of any 'tml' script available to the application, bypass authentication, or obtain information about the server configuration.

Solution

Upgrade to ListManager 8.9b or later.

See Also

http://www.nessus.org/u?e252a917

https://seclists.org/fulldisclosure/2005/Dec/374

Plugin Details

Severity: High

ID: 20294

File Name: listmanager_89b.nasl

Version: 1.18

Type: remote

Family: CGI abuses

Published: 12/12/2005

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.0

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Exploit Available: true

Exploit Ease: No exploit is required

Vulnerability Publication Date: 12/8/2005

Reference Information

CVE: CVE-2005-4143, CVE-2005-4144, CVE-2005-4146, CVE-2005-4147, CVE-2005-4148

BID: 15787, 15788