cbcvebase.

Lsoft Listserv vulnerabilities

9 known vulnerabilities affecting lsoft/listserv.

Total CVEs
9
CISA KEV
0
Public exploits
5
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH4MEDIUM4

Vulnerabilities

Page 1 of 1
CVE-2022-40319P3HIGHCVSS 7.5PoCv17.02023-01-17
CVE-2022-40319 [HIGH] CWE-639 CVE-2022-40319: The LISTSERV 17 web interface allows remote attackers to conduct Insecure Direct Object References ( The LISTSERV 17 web interface allows remote attackers to conduct Insecure Direct Object References (IDOR) attacks via a modified email address in a wa.exe URL. The impact is unauthorized modification of a victim's LISTSERV account.
nvd
CVE-2019-15501P3MEDIUMCVSS 6.1PoCfixed in 16.5-2018a2019-08-26
CVE-2019-15501 [MEDIUM] CWE-79 CVE-2019-15501: Reflected cross site scripting (XSS) in L-Soft LISTSERV before 16.5-2018a exists via the /scripts/wa Reflected cross site scripting (XSS) in L-Soft LISTSERV before 16.5-2018a exists via the /scripts/wa.exe OK parameter.
nvd
CVE-2022-39195P3MEDIUMCVSS 6.1PoCv17.02023-01-17
CVE-2022-39195 [MEDIUM] CWE-79 CVE-2022-39195: A cross-site scripting (XSS) vulnerability in the LISTSERV 17 web interface allows remote attackers A cross-site scripting (XSS) vulnerability in the LISTSERV 17 web interface allows remote attackers to inject arbitrary JavaScript or HTML via the c parameter.
nvd
CVE-2000-0425P3CRITICALCVSS 10.0PoCv1.82000-05-03
CVE-2000-0425 [CRITICAL] CVE-2000-0425: Buffer overflow in the Web Archives component of L-Soft LISTSERV 1.8 allows remote attackers to exec Buffer overflow in the Web Archives component of L-Soft LISTSERV 1.8 allows remote attackers to execute arbitrary commands.
nvd
CVE-2023-27641P3MEDIUMCVSS 6.1PoCfixed in 17.02023-03-05
CVE-2023-27641 [MEDIUM] CWE-79 CVE-2023-27641: The REPORT (after z but before a) parameter in wa.exe in L-Soft LISTSERV 16.5 before 17 allows an at The REPORT (after z but before a) parameter in wa.exe in L-Soft LISTSERV 16.5 before 17 allows an attacker to conduct XSS attacks via a crafted URL.
nvd
CVE-2006-1044P3HIGHCVSS 7.5v14.3v14.42006-03-07
CVE-2006-1044 [HIGH] CVE-2006-1044: Multiple buffer overflows in LISTSERV 14.3 and 14.4, including LISTSERV Lite and HPO, with the web a Multiple buffer overflows in LISTSERV 14.3 and 14.4, including LISTSERV Lite and HPO, with the web archive interface enabled, allow remote attackers to execute arbitrary code via unknown attack vectors related to the WA CGI. NOTE: technical details will be released after the grace period has ended on 20060603.
nvd
CVE-2005-1773P4HIGHCVSS 7.5v1.8dv1.8e+1 more2005-05-31
CVE-2005-1773 [HIGH] CVE-2005-1773: Multiple unknown vulnerabilities in L-Soft LISTSERV 14.3, 1.8e, and 1.8d allow remote attackers to e Multiple unknown vulnerabilities in L-Soft LISTSERV 14.3, 1.8e, and 1.8d allow remote attackers to execute arbitrary code or cause a denial of service. NOTE: this candidate may be SPLIT in the future when more precise technical details become available.
nvd
CVE-2000-0632P4HIGHCVSS 7.5v1.8cv1.8d2000-07-17
CVE-2000-0632 [HIGH] CVE-2000-0632: Buffer overflow in the web archive component of L-Soft Listserv 1.8d and earlier allows remote attac Buffer overflow in the web archive component of L-Soft Listserv 1.8d and earlier allows remote attackers to execute arbitrary commands via a long query string.
nvd
CVE-2010-2723P4MEDIUMCVSS 4.3v15.0v16.02010-07-13
CVE-2010-2723 [MEDIUM] CWE-79 CVE-2010-2723: Cross-site scripting (XSS) vulnerability in LISTSERV 15 and 16 allows remote attackers to inject arb Cross-site scripting (XSS) vulnerability in LISTSERV 15 and 16 allows remote attackers to inject arbitrary web script or HTML via the T parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
nvd
Lsoft Listserv vulnerabilities | cvebase