what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 18 of 18 RSS Feed


LISTSERV 17 Cross Site Scripting
Posted Jan 17, 2023
Authored by Shaunt D

LISTSERV version 17 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2022-39195
SHA-256 | a9a8b415b7acc7283581ad2d0efab8879f10d354798b0bb5cf0f33f5654b7d78

Related Files

LISTSERV 17 Insecure Direct Object Reference
Posted Jan 17, 2023
Authored by Shaunt D

LISTSERV version 17 suffers from an insecure direct object reference vulnerability that allows illicit access to a target's profile.

tags | exploit
advisories | CVE-2022-40319
SHA-256 | fda705ac830fcca4fc1f376d75aa1e3955eb5160b19d9ca52f8cbef57dfa5255
Pentaho Business Analytics / Pentaho Business Server 9.1 User Enumeration
Posted Nov 5, 2021
Authored by Altion Malka, Alberto Favero

Pentaho implements a series of web services using the SOAP protocol to allow scripting interaction with the backend server. HAWSEC identified that the services userRoleListService and ServiceAction exposed through the /pentaho/webservices/userRoleListService and /pentaho/ServiceAction?action=SecurityDetails endpoints are not enforcing sufficient access controls. Specifically, an authenticated user can list all application usernames present in the Jackrabbit Repository.

tags | exploit, web, protocol
advisories | CVE-2021-31600
SHA-256 | df24858a662120cb07ae1d884fbbf73c40dde32c2c707e40ade959b4c867fc35
LISTSERV Maestro 9.0-8 Remote Code Execution
Posted Oct 20, 2020
Authored by b0yd | Site securifera.com

An unauthenticated remote code execution vulnerability was found in the LISTSERV Maestro software, versions 9.0-8 and below. This vulnerability stems from a known issue in struts, CVE-2010-1870, that allows for code execution via OGNL Injection. This vulnerability has been confirmed to be exploitable in both the Windows and Linux version of the software and has existed in the LISTSERV Maestro software since at least version 8.1-5. As a result, a specially crafted HTTP request can be constructed that executes code in the context of the web application. Exploitation of this vulnerability does not require authentication and can lead to root level privilege on any system running the LISTServ Maestro services.

tags | advisory, remote, web, root, code execution
systems | linux, windows
advisories | CVE-2010-1870
SHA-256 | 47ea69c299460db10d186131b9f1c65c7396d9a132d29b4816b4093286ef4a74
LSoft ListServ Cross Site Scripting
Posted Aug 25, 2019
Authored by MTK

LSoft ListServ versions prior to 16.5-2018a suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2019-15501
SHA-256 | b64795ee09045d6cf6851bf5e65d77a5abad45e20a9dfb110a05e64a44db6f7e
Secunia Security Advisory 50098
Posted Aug 21, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Foreground Security has discovered a vulnerability in LISTSERV, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
SHA-256 | b1ac53bd934e18c7a2ef4c44ae6b3a2d9bc6ad0909ad23d219b9284764c7fa80
Lsoft ListServ 16 Cross Site Scripting
Posted Aug 17, 2012
Authored by Jose Carlos de Arriba

Lsoft ListServ version 16 suffers from a cross site scripting vulnerability. The issue is fixed in WA revision r4276.

tags | exploit, xss
SHA-256 | ffe1f02e0f063983d7edcebebc145edd536e5798c84727d1e438b00cb820d5c1
Secunia Security Advisory 40529
Posted Jul 9, 2010
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ram Sripracha has discovered a vulnerability in LISTSERV, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss
SHA-256 | d732dc238f46dc4b89b3cf398e9f33ee15fd1859db595f43faecff2267f763c2
Secunia Security Advisory 19106
Posted Mar 8, 2006
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Peter Winter-Smith of NGSSoftware has reported some vulnerabilities in LISTSERV, which can be exploited by malicious people to compromise a vulnerable system.

tags | advisory, vulnerability
SHA-256 | 4ab682af3d3e3ae0d9fa1621c81d1ebec3a751522ada9dd91efa4ba5b4a23cc3
Posted Mar 6, 2006
Authored by Peter Winter-Smith | Site ngssoftware.com

Peter Winter-Smith of NGSSoftware has discovered a number of vulnerabilities in L-Soft's LISTSERV list management system. The worst of these carries a critical risk rating.

tags | advisory, vulnerability
SHA-256 | 8fa935e14ccd0ecf29d1f5d3d0a445c092c5f2850e266c78c1b8e99b698370f7
Secunia Security Advisory 15498
Posted May 29, 2005
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Peter Winter-Smith of NGSSoftware has reported multiple vulnerabilities in LISTSERV, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.

tags | advisory, denial of service, vulnerability
SHA-256 | 45b53046fc84f37f22a045e178595b61cac882aed815dc9e38fb93433c0072fa
Posted Aug 26, 2002

"The Beginner's Guide to the Internet" is a full-color, computer-based tutorial about the Internet. It is complete, covering email, ftp, telnet, gopher, Archie, Veronica, WAIS, WWW, USENET newsgroups, BITNET listservs, IRC and more. It is the only computer- based tutorial that gives you step-by-step instructions on how to do almost anything on the Internet. Perfect for Internet novices!

tags | bbs
SHA-256 | 2641c0757c4176a76fbdd1f7c7179929414078a9134a345246879eac23b69934
Posted Aug 3, 2000
Site xforce.iss.net

ISS Security Alert Summary August 1, 2000 - 37 new vulnerabilities were reported last month. This document has links to more information and full advisories on each. Includes: analogx-proxy-ftp-crash, analogx-proxy-pop3-crash, analogx-proxy-socks4-crash, roxen-null-char-url, wftpd-stat-info, bair-security-removal, roxen-admin-pw-readable, wftpd-stat-dos, wftpd-rest-dos, wftpd-mlst-dos, outlook-express-mail-browser-link, winamp-playlist-parser-bo, outlook-date-overflow, tomcat-error-path-reveal, tomcat-snoop-info, website-webfind-bo, alibaba-cgi-script-directory-listing, alibaba-get-dos, website-httpd32-bo, alibaba-script-file-overwrite, zeroport-weak-encryption, linux-usermode-dos, blackboard-courseinfo-dbase-modification, lsoft-listserv-querystring-bo, linux-nfsutils-remote-root, iis-absent-directory-dos, blackboard-courseinfo-plaintext, cvsweb-shell-access, webactive-long-get-dos, worldclient-dir-traverse, http-cgi-bigbrother-bbhostsvc, apache-source-asp-file-write, netware-port40193-dos, netscape-admin-server-password-disclosure, cisco-pix-firewall-tcp, mssql-manager-password, and minivend-viewpage-sample.

tags | remote, web, overflow, shell, cgi, root, tcp, vulnerability, asp
systems | cisco, linux
SHA-256 | 608bac3811e7784a7d30e0063ead0d9b6ab115e59950211ddd511b3ca2d93e8d
Posted Jul 26, 2000
Authored by Covert Labs | Site nai.com

Network Associates COVERT Labs Security Advisory - The L-Soft LISTSERV web archive (wa,wa.exe) component contains an unchecked buffer allowing remote execution of arbitrary code with the privileges of the LISTSERV daemon. Vulnerable systems include L-Soft LISTSERV Web Archives 1.8d (confirmed) and 1.8c (inferred) for Windows 9x, Windows NT 3.5x, Windows NT 4.0, Windows 2000, UNIX (all vendors), and OpenVMS VAX.

tags | remote, web, arbitrary
systems | windows, unix, vax
SHA-256 | a3eaef27c0c60ab4d4d042110fa7fbaa9e62953241047c765cb69fd3ca8bafd8
Posted Jul 25, 2000
Authored by Benjamin Thomas | Site linuxsecurity.com

Linux Security Week July 24 - In this issue: Deploying Portsentry, How Buffer Overflow attacks work, Maximizing Apache Server Security, Secure Directory Services for E-Business, IPSec update, RedHat PAM updates available, NFS-utils rpc.statd remote vulnerability, Mandrake usermode vulnerability, LISTSERV web archive remote overflow, Stalker CommuniGate Pro read any file vulnerability, and SuSE Nkitb (ftp) vulnerability.

tags | remote, web, overflow
systems | linux, redhat, suse, mandrake
SHA-256 | 1c45fd9d5af9418bd4bddfa5bf221ac7287916786a10a0e4fb8921ca55a31796
Posted Jun 1, 2000

ISS Security Alert Summary June 1, 2000 - 78 new vulnerabilities have been reported in this quarter. This document has links to more information and full advisories on each. Includes: linux-cdrecord-execute, xlock-bo-read-passwd, bsd-syscall-cpu-dos, win-browser-hostannouncement, nai-webshield-config-mod, nai-webshield-bo, mdbms-bo, mailsite-get-overflow, hp-jetadmin-malformed-url-dos, hp-jetadmin-directory-traversal, deerfield-mdaemon-dos, cayman-dsl-dos, carello-file-duplication, netscape-ssl-certificate, cobalt-cgiwrap-bypass, gnome-gdm-bo, linux-fdmount-bo, qualcomm-qpopper-euidl, cart32-price-change, gauntlet-cyberdaemon-bo, ip-fragment-reassembly-dos, domino-doc-modify, domino-web-apps-access, axent-netprowler-ipfrag-dos, lotus-domino-esmtp-bo, linux-masquerading-dos, netice-icecap-alert-execute, netice-icecap-default, beos-tcp-frag-dos, ie-frame-domain-verification, ie-malformed-component-attribute, kerberos-krb-rd-req-bo, kerberos-krb425-conv-principal-bo, kerberos-ksu-bo, kscd-shell-env-variable, cproxy-http-dos, emurl-account-access, eudora-long-attachment-filename, ie-active-movie-control, antisniff-dns-overflow, delphi-ics-dot-attack, netscape-invalid-ssl-sessions, sol-netpr-bo, ie-cookie-disclosure, iis-malformed-information-extension, iis-url-extension-data-dos, netscape-import-certificate-symlink, ssh-zedz-consultants, coldfusion-cfcache-dos, http-cgi-formmail-environment, libmytinfo-bo, netopia-snmp-comm-strings, gnapster-view-files, netstructure-root-compromise, netstructure-wizard-mode, allaire-clustercats-url-redirect, aolim-file-path, iis-shtml-reveal-path, http-cgi-dbman-db, http-cgi-dnews-bo, ultraboard-cgi-dos, aladdin-etoken-pin-reset, http-cgi-dmailweb-bo, interscan-viruswall-bo, quake3-auto-download, ultraboard-printabletopic-fileread, cart32-expdate, cisco-online-help, hp-shutdown-privileges, http-cgi-listserv-wa-bo, aaabase-execute-dot-files, aaabase-file-deletion, macos-appleshare-invalid-range, win-netbios-source-null, linux-knfsd-dos, macos-filemaker-anonymous-email, and macos-filemaker-email. ISS X-Force homepage here.

tags | web, overflow, shell, cgi, root, tcp, vulnerability
systems | cisco, linux, bsd, beos
SHA-256 | 4db0d03fb6271c35418d4d58ecec415169ad7a59e0467e9f65044a7c79068f6e
Posted May 17, 2000
Authored by David Litchfield | Site cerberus-infosec.co.uk

Cerberus Information Security Advisory (CISADV000503) - The Cerberus Security Team has found a remotely exploitable buffer overrun in Lsoft's (www.lsoft.com) Listserv Web Archive component (wa/wa.exe v1.8d - this is the most recent version.

tags | exploit, web, overflow
SHA-256 | 17136805bc3f264e963bf55df3a44d6c7550f0c96ca7a5a74efedb9e27ff8deb
Posted May 11, 2000
Authored by winsd | Site win2000mag.com

Windows Security Update May 10 - In this issue: Aladdin eToken Allows Physical Access to Data, DMailWeb Buffer Overflow, DNewsWeb Buffer Overflow, Listserv Web Archives Buffer Overflow, News: New Virus Loves You, News: Microsoft Publishes Details of Kerberos Authorization Data, Software Prevents Receipt of Love Bug, Online Scanning Service Cleans Systems, Tip: Limit Buffer Size on IIS, and Writing Secure Code: Writing a Secure POP3 Server.

tags | web, overflow, virus, magazine
systems | windows
SHA-256 | 1a28e581ba2bcb95f16cb5e74bc2baa0c5068e20bbdc3e630f88a1426f13892b
Posted Aug 17, 1999

Lyris Listserver contains a vulnerability that allows access at any of the three levels of admin that Lyris allows.

tags | exploit
SHA-256 | d0896b1b976b2a5a4f10060f9123c830222e2ea2996c86d5e7a1a48283958d73
Page 1 of 1

File Archive:

March 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    13 Files
  • 3
    Mar 3rd
    15 Files
  • 4
    Mar 4th
    0 Files
  • 5
    Mar 5th
    0 Files
  • 6
    Mar 6th
    16 Files
  • 7
    Mar 7th
    31 Files
  • 8
    Mar 8th
    16 Files
  • 9
    Mar 9th
    13 Files
  • 10
    Mar 10th
    9 Files
  • 11
    Mar 11th
    0 Files
  • 12
    Mar 12th
    0 Files
  • 13
    Mar 13th
    10 Files
  • 14
    Mar 14th
    6 Files
  • 15
    Mar 15th
    17 Files
  • 16
    Mar 16th
    22 Files
  • 17
    Mar 17th
    13 Files
  • 18
    Mar 18th
    0 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    16 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By