ListManager < 9.3b / 9.2c / 8.95d Multiple Vulnerabilities

High Nessus Network Monitor Plugin ID 4399

Synopsis

The remote web server is affected by multiple vulnerabilities.

Description

The remote host is running ListManager, a web-based commercial mailing list management application from Lyris. According to its banner, the version of ListManager installed on the remote host relies on client-side code to validate unspecified form parameters before processing them. An attacker who is subscribed to a list managed by the affected application can reportedly leverage this issue to elevate his privileges to list administrator or gain access to arbitrary mailing lists. In addition, once administrative access has been granted, another vulnerability in ListManager's administrative interface allows creation of new accounts that collide with existing accounts, which results in overwriting data in the existing accounts.

Solution

Upgrade to version 9.3b / 9.2c / 8.95d or higher.

See Also

http://archives.neohapsis.com/archives/bugtraq/2008-02/0307.html

Plugin Details

Severity: High

ID: 4399

File Name: 4399.prm

Family: CGI

Published: 2008/02/22

Modified: 2016/01/15

Dependencies: 1442

Nessus ID: 31134

Risk Information

Risk Factor: High

CVSSv2

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSSv3

Base Score: 7.3

Temporal Score: 6.8

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS3#E:F/RL:O/RC:C

Reference Information

CVE: CVE-2007-6319

BID: 26792