2 matches found
CVE-2005-4142
The web interface for subscribing new users in Lyris ListManager 5.0 through 8.8b, in combination with a line wrap feature, allows remote attackers to execute arbitrary list administration commands via LFCR %0A%0D sequences in the pw parameter. NOTE: it is not clear whether this is a variant of a...
CVE-2005-4142
CVE-2005-4142 affects Lyris ListManager 5.0–8.8b. The vulnerability lies in the web-based subscription form where the pw parameter can be crafted to inject arbitrary list-administration commands via LFCR sequences, exploiting insufficient input sanitization. This can allow an unauthenticated atta...