Rapid7 Vulnerability & Exploit Database

Lyris ListManager Multiple Vulnerabilities

Back to Search

Lyris ListManager Multiple Vulnerabilities

Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
12/08/2005
Created
07/25/2018
Added
03/21/2008
Modified
02/13/2015

Description

Some versions of Lyris ListManager are affected by multiple vulnerabilities:

  • Administrative command injection via the "pw" parameter when subscribing a new user to a mailing list (CVE-2005-4142).
  • SQL injection in the URL to read attachments (CVE-2005-4143).
  • SQL injection in the "ORDER BY" column name in most pages (CVE-2005-4144).
  • Weak MSDE 'sa' account password (CVE-2005-4145).
  • Information disclosure by requesting the /status URL of TCLHTTPd (CVE-2005-4146).
  • TML file source code disclosure by appending %00 to the URL (CVE-2005-4147).
  • Error message information disclosure when requesting a non-existent page (CVE-2005-4148).
  • Error message information disclosure when an error occurs in a TML script (CVE-2005-4149).

It is known that some of these vulnerabilities affect ListManager 5.0 through 8.9b (included). Although some of them were fixed before 8.9b, 8.9c is likely the first version to fix them all. Lyris was reluctant to respond to these security issues and to provide fix information.

Solution(s)

  • listmanager-upgrade-8-9-c

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;