Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
lyris technologies inc listmanager 7.0 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2005-4145
The MSDE version of Lyris ListManager 5.0 up to and including 8.9b configures the sa account in the database to use a password with a small search space ("lyris" and up to 5 digits, possibly from the process ID), which allows remote malicious users to gain access via a ...
Lyris Technologies Inc Listmanager 5.0
Lyris Technologies Inc Listmanager 8.0
Lyris Technologies Inc Listmanager 8.8a
Lyris Technologies Inc Listmanager 6.0
Lyris Technologies Inc Listmanager 7.0
1 EDB exploit
NA
CVE-2005-4146
Lyris ListManager prior to 8.9b allows remote malicious users to obtain sensitive information via a request to the TCLHTTPd status module, which provides sensitive server configuration information.
Lyris Technologies Inc Listmanager 5.0
Lyris Technologies Inc Listmanager 8.0
Lyris Technologies Inc Listmanager 8.8a
Lyris Technologies Inc Listmanager 6.0
Lyris Technologies Inc Listmanager 7.0
NA
CVE-2005-4147
The TCLHTTPd service in Lyris ListManager prior to 8.9b allows remote malicious users to obtain source code for arbitrary .tml (TCL) files via (1) a request with a trailing null byte (%00), which might also require (2) an authentication bypass step that involves a username with a...
Lyris Technologies Inc Listmanager 5.0
Lyris Technologies Inc Listmanager 8.0
Lyris Technologies Inc Listmanager 8.8a
Lyris Technologies Inc Listmanager 6.0
Lyris Technologies Inc Listmanager 7.0
NA
CVE-2005-4149
Lyris ListManager 8.8 up to and including 8.9b allows remote malicious users to obtain sensitive information by causing errors in TML scripts, such as via direct requests, which leaks the installation path, SQL queries, or product code in diagnostic messages.
Lyris Technologies Inc Listmanager 5.0
Lyris Technologies Inc Listmanager 8.0
Lyris Technologies Inc Listmanager 8.8a
Lyris Technologies Inc Listmanager 6.0
Lyris Technologies Inc Listmanager 7.0
NA
CVE-2005-4148
Lyris ListManager 8.5, and possibly other versions prior to 8.8, includes sensitive information in the env hidden variable, which allows remote malicious users to obtain information such as the installation path by requesting a non-existent page and reading the env variable from ...
Lyris Technologies Inc Listmanager 5.0
Lyris Technologies Inc Listmanager 8.0
Lyris Technologies Inc Listmanager 8.8a
Lyris Technologies Inc Listmanager 6.0
Lyris Technologies Inc Listmanager 7.0
NA
CVE-2005-4142
The web interface for subscribing new users in Lyris ListManager 5.0 up to and including 8.8b, in combination with a line wrap feature, allows remote malicious users to execute arbitrary list administration commands via LFCR (%0A%0D) sequences in the pw parameter. NOTE: it is not...
Lyris Technologies Inc Listmanager 5.0
Lyris Technologies Inc Listmanager 8.0
Lyris Technologies Inc Listmanager 8.8a
Lyris Technologies Inc Listmanager 6.0
Lyris Technologies Inc Listmanager 7.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started