Lucene search
K
Lyris Technologies IncListmanager

6 matches found

CVE
CVE
added 2005/12/10 11:0 a.m.59 views

CVE-2005-4149

CVE-2005-4149 affects Lyris ListManager 8.8–8.9b, where remote attackers can trigger errors in TML scripts to leak sensitive data in diagnostic messages (installation path, SQL queries, product code). Impact is information disclosure via error messages exposed by normal requests to nonexistent pa...

5CVSS6.9AI score0.01388EPSS
CVE
CVE
added 2005/12/10 11:0 a.m.56 views

CVE-2005-4148

CVE-2005-4148 affects Lyris ListManager 8.5 and possibly earlier than 8.8. The flaw is an information disclosure where sensitive data is exposed via an env hidden variable; a remote attacker can cause the server to return a non-existent page and read the env variable from the error page, revealin...

5CVSS6.2AI score0.0178EPSS
CVE
CVE
added 2005/12/10 11:0 a.m.54 views

CVE-2005-4147

The TCLHTTPd component of Lyris ListManager (pre-8.9b) is vulnerable: remote attackers can obtain source code for arbitrary .tml TCL files via a request containing a trailing null byte (%00), with a possible authentication bypass involving a username ending in “@”. Affected product/version: ListM...

6.5CVSS7.3AI score0.01918EPSS
CVE
CVE
added 2005/12/10 11:0 a.m.53 views

CVE-2005-4145

Lyris ListManager MSDE (MSDE-backed ListManager 5.0–8.9b) exposes a weak sa password: “lyris” followed by up to five digits (likely the installer’s process ID). This enables remote brute-force access to the SA account in the SQL Server backend, allowing database administrator access. Public sourc...

6.5CVSS7.1AI score0.43919EPSS
CVE
CVE
added 2005/12/10 11:0 a.m.52 views

CVE-2005-4142

CVE-2005-4142 affects Lyris ListManager 5.0–8.8b. The vulnerability lies in the web-based subscription form where the pw parameter can be crafted to inject arbitrary list-administration commands via LFCR sequences, exploiting insufficient input sanitization. This can allow an unauthenticated atta...

7.5CVSS7.9AI score0.03014EPSS
CVE
CVE
added 2005/12/10 11:0 a.m.49 views

CVE-2005-4146

CVE-2005-4146 affects Lyris ListManager prior to version 8.9b. The vulnerability resides in the TCLHTTPd status module, which can be queried remotely to disclose sensitive server configuration information. The issue enables an unauthenticated, remote attacker to obtain partial confidentiality imp...

5CVSS6.2AI score0.01578EPSS