10 matches found
CVE-2019-15501
CVE-2019-15501 is a reflected cross-site scripting vulnerability in L-Soft LISTSERV prior to version 16.5-2018a. The flaw is triggered via the /scripts/wa.exe OK parameter, allowing an attacker to execute arbitrary JavaScript in the victim’s browser when the page is loaded. The CVE entry notes a ...
CVE-2022-39195
CVE-2022-39195 concerns LISTSERV 17 web interface vulnerability: a cross-site scripting (XSS) flaw allows remote attackers to inject arbitrary JavaScript/HTML via the c parameter. Exploitation could execute scripts in a user’s browser, potentially enabling cookie-based credential access or other ...
CVE-2023-27641
The CVE-2023-27641 vulnerability affects L-Soft LISTSERV, specifically wa.exe in LISTSERV 16.5 prior to version 17. The issue is a Cross-Site Scripting (XSS) flaw in the REPORT parameter (after z but before a) that can be triggered by a crafted URL. Impact described in connected sources includes ...
CVE-2022-40319
The CVE-2022-40319 affects LISTSERV 17 web interface and is an Insecure Direct Object Reference (IDOR) vulnerability where remotes can modify a victim’s account by altering the email in the wa.exe URL (e.g., wa.exe?INDEX&X&Y). Root cause is improper access control on user identifiers exposed via ...
CVE-1999-0252
The CVE-1999-0252 entry concerns a buffer overflow in Listserv that allows arbitrary command execution. Connected sources corroborate: Red Hat and CVE ecosystems reference a buffer overflow in Listserv enabling arbitrary command execution. EUVD-1999-0252 adds a malware note, but no explicit vendo...
CVE-2006-1044
CVE-2006-1044 affects LISTSERV 14.3/14.4 (including LISTSERV Lite and HPO) with the WA CGI web interface enabled. The CERT/NVD reports describe multiple buffer overflow vulnerabilities in the WA CGI component that could allow a remote attacker to execute arbitrary code on the affected system. The...
CVE-2000-0425
The CVE-2000-0425 describes a buffer overflow in the Web Archives component of L-Soft LISTSERV 1.8, enabling remote attackers to execute arbitrary commands. Affected product: LISTSERV 1.8 (Web Archives component). Root cause: a buffer overflow likely due to improper input handling in the Web Arch...
CVE-2010-2723
CVE-2010-2723 describes a Cross-site scripting (XSS) vulnerability in LISTSERV 15 and 16 that allows remote attackers to inject arbitrary web script or HTML via the T parameter. Affected software is LISTSERV 15 and LISTSERV 16; the underlying issue is an input handling flaw enabling script inject...
CVE-2005-1773
CVE-2005-1773 concerns multiple unknown vulnerabilities in L-Soft LISTSERV versions 14.3, 1.8e, and 1.8d. The remote vulnerability vector targets the Listserv web interface CGI, enabling remote attackers to execute arbitrary code or cause a denial of service. The provided connected documents conf...
CVE-2000-0632
The CVE-2000-0632 entry concerns a buffer overflow in the web archive component of L-Soft Listserv 1.8d and earlier. The vulnerability allows remote attackers to execute arbitrary commands via a long query string. Public sources (NVD/CVE records and CVE List) consistently describe this as a remot...