Lucene search
HistoryOct 03, 2022 - 4:22 p.m.
CVE-2005-0157
cve-2005-0157
smartlist
confirm add-on
email addresses
security vulnerability
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
6.5 Medium
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
58.4%
The confirm add-on in SmartList 3.15 and earlier allows attackers to subscribe arbitrary e-mail addresses by using a valid cookie that specifies an address other than the address for which the cookie was assigned.
Affected configurations
Node
smartlistsmartlistRange≤3.15
| CPE | Name | Operator | Version |
|---|---|---|---|
| smartlist:smartlist | smartlist | le | 3.15 |
References
Related
nvd
nvd
CVE-2005-0157
2005-05-03 04:00:00
openvas
openvas
Debian Security Advisory DSA 720-1 (smartlist)
2008-01-17 00:00:00
Debian: Security Advisory (DSA-720-1)
2008-01-17 00:00:00
debian
debian
ubuntucve
ubuntucve
CVE-2005-0157
2005-05-03 00:00:00
nessus
nessus
Debian DSA-720-1 : smartlist - wrong input processing
2005-05-04 00:00:00
debiancve
debiancve
CVE-2005-0157
2022-10-03 16:22:52
cvelist
cvelist
CVE-2005-0157
2022-10-03 16:22:52
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
6.5 Medium
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
58.4%
Related for CVE-2005-0157