Lsoft

lsoft

10 CVEs • 1 product

Products (1)

Click to collapse

Toggle

CVEs (10)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-27641 1Lsoft 1Listserv Nov 21, 2024 Mar 5, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 The REPORT (after z but before a) parameter in wa.exe in L-Soft LISTSERV 16.5 before 17 allows an attacker to conduct XSS attacks via a crafted URL.
CVE-2022-40319 1Lsoft 1Listserv Apr 4, 2025 Jan 17, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 The LISTSERV 17 web interface allows remote attackers to conduct Insecure Direct Object References (IDOR) attacks via a modified email address in a wa.exe URL. The impact is unauthorized modification of a victim's LISTSE...Show more The LISTSERV 17 web interface allows remote attackers to conduct Insecure Direct Object References (IDOR) attacks via a modified email address in a wa.exe URL. The impact is unauthorized modification of a victim's LISTSERV account.Show less
CVE-2022-39195 1Lsoft 1Listserv Apr 4, 2025 Jan 17, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 A cross-site scripting (XSS) vulnerability in the LISTSERV 17 web interface allows remote attackers to inject arbitrary JavaScript or HTML via the c parameter.
CVE-2019-15501 1Lsoft 1Listserv Nov 21, 2024 Aug 26, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Reflected cross site scripting (XSS) in L-Soft LISTSERV before 16.5-2018a exists via the /scripts/wa.exe OK parameter.
CVE-2010-2723 1Lsoft 1Listserv Apr 29, 2026 Jul 13, 2010 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in LISTSERV 15 and 16 allows remote attackers to inject arbitrary web script or HTML via the T parameter. NOTE: the provenance of this information is unknown; the details are obt...Show more Cross-site scripting (XSS) vulnerability in LISTSERV 15 and 16 allows remote attackers to inject arbitrary web script or HTML via the T parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.Show less
CVE-2006-1044 1Lsoft 1Listserv Apr 16, 2026 Mar 7, 2006 N/A· v4 N/A· v3 7.5 HIGH· v2 Multiple buffer overflows in LISTSERV 14.3 and 14.4, including LISTSERV Lite and HPO, with the web archive interface enabled, allow remote attackers to execute arbitrary code via unknown attack vectors related to the WA...Show more Multiple buffer overflows in LISTSERV 14.3 and 14.4, including LISTSERV Lite and HPO, with the web archive interface enabled, allow remote attackers to execute arbitrary code via unknown attack vectors related to the WA CGI. NOTE: technical details will be released after the grace period has ended on 20060603.Show less
CVE-2005-1773 1Lsoft 1Listserv Apr 16, 2026 May 31, 2005 N/A· v4 N/A· v3 7.5 HIGH· v2 Multiple unknown vulnerabilities in L-Soft LISTSERV 14.3, 1.8e, and 1.8d allow remote attackers to execute arbitrary code or cause a denial of service. NOTE: this candidate may be SPLIT in the future when more precise t...Show more Multiple unknown vulnerabilities in L-Soft LISTSERV 14.3, 1.8e, and 1.8d allow remote attackers to execute arbitrary code or cause a denial of service. NOTE: this candidate may be SPLIT in the future when more precise technical details become available.Show less
CVE-2000-0632 1Lsoft 1Listserv Apr 16, 2026 Jul 17, 2000 N/A· v4 N/A· v3 7.5 HIGH· v2 Buffer overflow in the web archive component of L-Soft Listserv 1.8d and earlier allows remote attackers to execute arbitrary commands via a long query string.
CVE-2000-0425 1Lsoft 1Listserv Apr 16, 2026 May 3, 2000 N/A· v4 N/A· v3 10.0 HIGH· v2 Buffer overflow in the Web Archives component of L-Soft LISTSERV 1.8 allows remote attackers to execute arbitrary commands.
CVE-1999-0252 1Lsoft 1Listserv Apr 16, 2026 Jan 1, 1997 N/A· v4 N/A· v3 7.5 HIGH· v2 Buffer overflow in listserv allows arbitrary command execution.