Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-4144

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-4144
Last Modified 07 Mar 2011 09:27:45
Published 10 Dec 2005 06:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-4144

Summary

Lyris ListManager 5.0 through 8.9a allows remote attackers to add "ORDER BY" columns to SQL queries via unusual whitespace characters in the orderby parameter, such as (1) newlines and (2) 0xFF (ASCII 255) characters, which are interpreted as whitespace.

Vulnerable Systems

Application

  • Lyris List Manager 5.0

  • Lyris List Manager 6.0

  • Lyris List Manager 7.0

  • Lyris List Manager 8.0

  • Lyris List Manager 8.8a


References

BID - 15787

OSVDB - 21549

SECUNIA - 17943

VUPEN - ADV-2005-2820

MISC - http://metasploit.com/research/vulns/lyris_listmanager/

FULLDISC - 20051208 PGP Wipe Free Space, Lyris ListManager Flaws, Windows Timestamps, Sam Juicer

BUGTRAQ - 20051209 PGP Wipe Free Space, Lyris ListManager Flaws, Windows Timestamps, Sam Juicer


Last Updated: 27 May 2016 10:41:12