Some versions of Lyris ListManager are affected by multiple vulnerabilities:
Administrative command injection via the "pw" parameter when subscribing a new
user to a mailing list (CVE-2005-4142).
SQL injection in the URL to read attachments (CVE-2005-4143).
SQL injection in the "ORDER BY" column name in most pages (CVE-2005-4144).
Weak MSDE 'sa' account password (CVE-2005-4145).
Information disclosure by requesting the /status URL of TCLHTTPd
TML file source code disclosure by appending %00 to the URL (CVE-2005-4147).
Error message information disclosure when requesting a non-existent page
Error message information disclosure when an error occurs in a TML script
It is known that some of these vulnerabilities affect ListManager 5.0
through 8.9b (included). Although some of them were fixed before 8.9b,
8.9c is likely the first version to fix them all. Lyris was
reluctant to respond to these security issues and to provide fix