Vulnerabilities

CVE-2005-4142

by Fred · 10/12/2005

The web interface for subscribing new users in Lyris ListManager 5.0 through 8.8b, in combination with a line wrap feature, allows remote attackers to execute arbitrary list administration commands via LFCR (%0A%0D) sequences in the pw parameter. NOTE: it is not clear whether this is a variant of a CRLF injection vulnerability.

Date published : 2005-12-10

http://www.securityfocus.com/bid/15786

http://www.securityfocus.com/archive/1/419077/100/0/threaded

Similar

Tags: Cybersecurity Alert