LISTSERV version 17 suffers from a cross site scripting vulnerability.
a9a8b415b7acc7283581ad2d0efab8879f10d354798b0bb5cf0f33f5654b7d78LISTSERV version 17 suffers from an insecure direct object reference vulnerability that allows illicit access to a target's profile.
fda705ac830fcca4fc1f376d75aa1e3955eb5160b19d9ca52f8cbef57dfa5255Pentaho implements a series of web services using the SOAP protocol to allow scripting interaction with the backend server. HAWSEC identified that the services userRoleListService and ServiceAction exposed through the /pentaho/webservices/userRoleListService and /pentaho/ServiceAction?action=SecurityDetails endpoints are not enforcing sufficient access controls. Specifically, an authenticated user can list all application usernames present in the Jackrabbit Repository.
df24858a662120cb07ae1d884fbbf73c40dde32c2c707e40ade959b4c867fc35An unauthenticated remote code execution vulnerability was found in the LISTSERV Maestro software, versions 9.0-8 and below. This vulnerability stems from a known issue in struts, CVE-2010-1870, that allows for code execution via OGNL Injection. This vulnerability has been confirmed to be exploitable in both the Windows and Linux version of the software and has existed in the LISTSERV Maestro software since at least version 8.1-5. As a result, a specially crafted HTTP request can be constructed that executes code in the context of the web application. Exploitation of this vulnerability does not require authentication and can lead to root level privilege on any system running the LISTServ Maestro services.
47ea69c299460db10d186131b9f1c65c7396d9a132d29b4816b4093286ef4a74LSoft ListServ versions prior to 16.5-2018a suffer from a cross site scripting vulnerability.
b64795ee09045d6cf6851bf5e65d77a5abad45e20a9dfb110a05e64a44db6f7eSecunia Security Advisory - Foreground Security has discovered a vulnerability in LISTSERV, which can be exploited by malicious people to conduct cross-site scripting attacks.
b1ac53bd934e18c7a2ef4c44ae6b3a2d9bc6ad0909ad23d219b9284764c7fa80Lsoft ListServ version 16 suffers from a cross site scripting vulnerability. The issue is fixed in WA revision r4276.
ffe1f02e0f063983d7edcebebc145edd536e5798c84727d1e438b00cb820d5c1Secunia Security Advisory - Ram Sripracha has discovered a vulnerability in LISTSERV, which can be exploited by malicious people to conduct cross-site scripting attacks.
d732dc238f46dc4b89b3cf398e9f33ee15fd1859db595f43faecff2267f763c2Secunia Security Advisory - Peter Winter-Smith of NGSSoftware has reported some vulnerabilities in LISTSERV, which can be exploited by malicious people to compromise a vulnerable system.
4ab682af3d3e3ae0d9fa1621c81d1ebec3a751522ada9dd91efa4ba5b4a23cc3Peter Winter-Smith of NGSSoftware has discovered a number of vulnerabilities in L-Soft's LISTSERV list management system. The worst of these carries a critical risk rating.
8fa935e14ccd0ecf29d1f5d3d0a445c092c5f2850e266c78c1b8e99b698370f7Secunia Security Advisory - Peter Winter-Smith of NGSSoftware has reported multiple vulnerabilities in LISTSERV, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.
45b53046fc84f37f22a045e178595b61cac882aed815dc9e38fb93433c0072fa"The Beginner's Guide to the Internet" is a full-color, computer-based tutorial about the Internet. It is complete, covering email, ftp, telnet, gopher, Archie, Veronica, WAIS, WWW, USENET newsgroups, BITNET listservs, IRC and more. It is the only computer- based tutorial that gives you step-by-step instructions on how to do almost anything on the Internet. Perfect for Internet novices!
2641c0757c4176a76fbdd1f7c7179929414078a9134a345246879eac23b69934ISS Security Alert Summary August 1, 2000 - 37 new vulnerabilities were reported last month. This document has links to more information and full advisories on each. Includes: analogx-proxy-ftp-crash, analogx-proxy-pop3-crash, analogx-proxy-socks4-crash, roxen-null-char-url, wftpd-stat-info, bair-security-removal, roxen-admin-pw-readable, wftpd-stat-dos, wftpd-rest-dos, wftpd-mlst-dos, outlook-express-mail-browser-link, winamp-playlist-parser-bo, outlook-date-overflow, tomcat-error-path-reveal, tomcat-snoop-info, website-webfind-bo, alibaba-cgi-script-directory-listing, alibaba-get-dos, website-httpd32-bo, alibaba-script-file-overwrite, zeroport-weak-encryption, linux-usermode-dos, blackboard-courseinfo-dbase-modification, lsoft-listserv-querystring-bo, linux-nfsutils-remote-root, iis-absent-directory-dos, blackboard-courseinfo-plaintext, cvsweb-shell-access, webactive-long-get-dos, worldclient-dir-traverse, http-cgi-bigbrother-bbhostsvc, apache-source-asp-file-write, netware-port40193-dos, netscape-admin-server-password-disclosure, cisco-pix-firewall-tcp, mssql-manager-password, and minivend-viewpage-sample.
608bac3811e7784a7d30e0063ead0d9b6ab115e59950211ddd511b3ca2d93e8dNetwork Associates COVERT Labs Security Advisory - The L-Soft LISTSERV web archive (wa,wa.exe) component contains an unchecked buffer allowing remote execution of arbitrary code with the privileges of the LISTSERV daemon. Vulnerable systems include L-Soft LISTSERV Web Archives 1.8d (confirmed) and 1.8c (inferred) for Windows 9x, Windows NT 3.5x, Windows NT 4.0, Windows 2000, UNIX (all vendors), and OpenVMS VAX.
a3eaef27c0c60ab4d4d042110fa7fbaa9e62953241047c765cb69fd3ca8bafd8Linux Security Week July 24 - In this issue: Deploying Portsentry, How Buffer Overflow attacks work, Maximizing Apache Server Security, Secure Directory Services for E-Business, IPSec update, RedHat PAM updates available, NFS-utils rpc.statd remote vulnerability, Mandrake usermode vulnerability, LISTSERV web archive remote overflow, Stalker CommuniGate Pro read any file vulnerability, and SuSE Nkitb (ftp) vulnerability.
1c45fd9d5af9418bd4bddfa5bf221ac7287916786a10a0e4fb8921ca55a31796ISS Security Alert Summary June 1, 2000 - 78 new vulnerabilities have been reported in this quarter. This document has links to more information and full advisories on each. Includes: linux-cdrecord-execute, xlock-bo-read-passwd, bsd-syscall-cpu-dos, win-browser-hostannouncement, nai-webshield-config-mod, nai-webshield-bo, mdbms-bo, mailsite-get-overflow, hp-jetadmin-malformed-url-dos, hp-jetadmin-directory-traversal, deerfield-mdaemon-dos, cayman-dsl-dos, carello-file-duplication, netscape-ssl-certificate, cobalt-cgiwrap-bypass, gnome-gdm-bo, linux-fdmount-bo, qualcomm-qpopper-euidl, cart32-price-change, gauntlet-cyberdaemon-bo, ip-fragment-reassembly-dos, domino-doc-modify, domino-web-apps-access, axent-netprowler-ipfrag-dos, lotus-domino-esmtp-bo, linux-masquerading-dos, netice-icecap-alert-execute, netice-icecap-default, beos-tcp-frag-dos, ie-frame-domain-verification, ie-malformed-component-attribute, kerberos-krb-rd-req-bo, kerberos-krb425-conv-principal-bo, kerberos-ksu-bo, kscd-shell-env-variable, cproxy-http-dos, emurl-account-access, eudora-long-attachment-filename, ie-active-movie-control, antisniff-dns-overflow, delphi-ics-dot-attack, netscape-invalid-ssl-sessions, sol-netpr-bo, ie-cookie-disclosure, iis-malformed-information-extension, iis-url-extension-data-dos, netscape-import-certificate-symlink, ssh-zedz-consultants, coldfusion-cfcache-dos, http-cgi-formmail-environment, libmytinfo-bo, netopia-snmp-comm-strings, gnapster-view-files, netstructure-root-compromise, netstructure-wizard-mode, allaire-clustercats-url-redirect, aolim-file-path, iis-shtml-reveal-path, http-cgi-dbman-db, http-cgi-dnews-bo, ultraboard-cgi-dos, aladdin-etoken-pin-reset, http-cgi-dmailweb-bo, interscan-viruswall-bo, quake3-auto-download, ultraboard-printabletopic-fileread, cart32-expdate, cisco-online-help, hp-shutdown-privileges, http-cgi-listserv-wa-bo, aaabase-execute-dot-files, aaabase-file-deletion, macos-appleshare-invalid-range, win-netbios-source-null, linux-knfsd-dos, macos-filemaker-anonymous-email, and macos-filemaker-email. ISS X-Force homepage here.
4db0d03fb6271c35418d4d58ecec415169ad7a59e0467e9f65044a7c79068f6eCerberus Information Security Advisory (CISADV000503) - The Cerberus Security Team has found a remotely exploitable buffer overrun in Lsoft's (www.lsoft.com) Listserv Web Archive component (wa/wa.exe v1.8d - this is the most recent version.
17136805bc3f264e963bf55df3a44d6c7550f0c96ca7a5a74efedb9e27ff8debWindows Security Update May 10 - In this issue: Aladdin eToken Allows Physical Access to Data, DMailWeb Buffer Overflow, DNewsWeb Buffer Overflow, Listserv Web Archives Buffer Overflow, News: New Virus Loves You, News: Microsoft Publishes Details of Kerberos Authorization Data, Software Prevents Receipt of Love Bug, Online Scanning Service Cleans Systems, Tip: Limit Buffer Size on IIS, and Writing Secure Code: Writing a Secure POP3 Server.
1a28e581ba2bcb95f16cb5e74bc2baa0c5068e20bbdc3e630f88a1426f13892bLyris Listserver contains a vulnerability that allows access at any of the three levels of admin that Lyris allows.
d0896b1b976b2a5a4f10060f9123c830222e2ea2996c86d5e7a1a48283958d73
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed