NASLDB: Lyris ListManager Subscription Form Administrative Command Injection
General
ID: 20806
Name: Lyris ListManager Subscription Form Administrative Command Injection
Summary: Checks for administrative command injection vulnerability in ListManager
Credits: Tenable Network Security, Inc.
Classification
Risk: –
CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS Temporal Vector: CVSS2#E:H/RL:U/RC:ND
Port: 80
Family: CGI abuses
Type: Remote
Description
The remote host appears to be running ListManager, a web-based
commercial mailing list management application from Lyris.
According to its banner, the version of ListManager installed on the
remote host does not sufficiently sanitize input to the ‘pw’ parameter
when processing new subscription requests via the web. Using a
specially crafted request, an unauthenticated attacker may be able to
leverage this flaw to inject administrative commands into the affected
application.
Exploiting
Exploit Available: True
Exploitability Ease: No exploit is required
Sources
CVE: CVE-2005-4142
OSVDB: –
Bugtraq: –
scipID: –
Timeline
Vulnerability Disclosure: 2005/12/09
Patch Release: –
Plugin Release: 2006/01/25
Plugin
Version: 1.13
Filename: listmanager_895.nasl
Filesize: 2778 bytes
MD5 Hash: b758609ee78fed9e30db90416cf737d4
Identification: –
Require Keys: –
Dependencies: "http_version.nasl"
Copyright: This script is Copyright© 2006-2011 Tenable Network Security, Inc.
- Letzte Plugins
- USN-1611-1 : thunderbird vulnerabilities
- USN-1610-1 : linux vulnerability
- USN-1609-1 : linux-ti-omap4 vulnerability
- SuSE 10 Security Update : PostgreSQL
- RHSA-2012-1364: bind97
- RHSA-2012-1363: bind
- RHSA-2012-1362: thunderbird
- RHSA-2012-1361: xulrunner
- Mandriva Linux Security Advisory : graphicsmagick
- FreeBSD : phpMyAdmin — Multiple XSS due to unescaped HTML output in Trigger, Procedure and Event pages and Fetching the version information from a non-SSL site is vulnerable to a MITM attack