Lyris ListManager 8.8 through 8.9b allows remote attackers to obtain sensitive information by causing errors in TML scripts, such as via direct requests, which leaks the installation path, SQL queries, or product code in diagnostic messages.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Listmanager | Lyris_technologies_inc | 5.0 (including) | 5.0 (including) |
| Listmanager | Lyris_technologies_inc | 6.0 (including) | 6.0 (including) |
| Listmanager | Lyris_technologies_inc | 7.0 (including) | 7.0 (including) |
| Listmanager | Lyris_technologies_inc | 8.0 (including) | 8.0 (including) |
| Listmanager | Lyris_technologies_inc | 8.8a (including) | 8.8a (including) |
References
- http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0349.html
- http://metasploit.com/research/vulns/lyris_listmanager/
- http://secunia.com/advisories/17943
- http://www.securityfocus.com/archive/1/419077/100/0/threaded
- http://www.vupen.com/english/advisories/2005/2820
- http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0349.html
- http://metasploit.com/research/vulns/lyris_listmanager/
- http://secunia.com/advisories/17943
- http://www.securityfocus.com/archive/1/419077/100/0/threaded
- http://www.vupen.com/english/advisories/2005/2820