|
|
Family: CGI abuses --> Category: infos
ListManager < 8.9b Multiple Vulnerabilities Vulnerability Scan
Vulnerability Scan Summary
Checks for multiple vulnerabilities in ListManager < 8.9b
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server is vulnerable to multiple flaws.
Description :
The remote host appears to be running ListManager, a web-based
commercial mailing list management application from Lyris.
The version of ListManager installed on the remote host is affected by
a number of input validation flaws. An unauthenticated attacker may
be able to exploit these issues to launch SQL injection attacks
against the backend database, view the source of any 'tml' script
available to the application, bypass authentication, or obtain
information about the server configuration.
See also :
http://metasploit.com/research/vulns/lyris_listmanager/
http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0349.html
Solution :
Upgrade to ListManager 8.9b or later.
Threat Level:
High / CVSS Base Score : 7.0
(AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|
