4 matches found
Debian Security Advisory DSA 720-1 (smartlist)
The remote host is missing an update to smartlist announced via advisory DSA 720-1. OpenVAS Vulnerability Test $Id: deb7201.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 720-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...
Debian DSA-720-1 : smartlist - wrong input processing
Jeroen van Wolffelaar noticed that the confirm add-on of SmartList, the listmanager used on lists.debian.org, which is used on that host as well, could be tricked to subscribe arbitrary addresses to the lists. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package...
[SECURITY] [DSA 720-1] New smartlist packages fix unauthorised un/subscription
-------------------------------------------------------------------------- Debian Security Advisory DSA 720-1 [email protected] http://www.debian.org/security/ Martin Schulze May 3rd, 2005 http://www.debian.org/security/faq -...
CVE-2005-0157
CVE-2005-0157 affects SmartList’s confirm add-on (3.15 and earlier). The issue allows an attacker to subscribe arbitrary e-mail addresses by exploiting a valid cookie that encodes a different address than the one tied to the cookie. Public advisories (Debian DSA-720-1) note this as a remote input...