Rapid7 Vulnerability & Exploit Database

Lyris ListManager Multiple Security Bypass Vulnerabilities

Back to Search

Lyris ListManager Multiple Security Bypass Vulnerabilities

Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
01/21/2008
Created
07/25/2018
Added
03/21/2008
Modified
02/13/2015

Description

Multiple unspecified vulnerabilities in Lyris ListManager 8.x before 8.95d, 9.2 before 9.2c, and 9.3 before 9.3b allow remote attackers to (1) gain list administrator privileges or (2) access arbitrary mailing lists via unknown vectors related to modification of client-side information; and (3) allow remote authenticated administrators to modify other account data by creating "new accounts that collide with existing accounts."

Solution(s)

  • listmanager-upgrade-8-95-d
  • listmanager-upgrade-9-2-c
  • listmanager-upgrade-9-3-b

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;