Vulnerabilities > CVE-2003-0162 - Unspecified vulnerability in Ecartis 1.0.0Snapshot20021013
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Ecartis 1.0.0 (formerly listar) before snapshot 20030227 allows remote attackers to reset passwords of other users and gain privileges by modifying hidden form fields in the HTML page.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-271.NASL description A problem has been discovered in ecartis, a mailing list manager, formerly known as listar. This vulnerability enables an attacker to reset the password of any user defined on the list server, including the list admins. last seen 2020-06-01 modified 2020-06-02 plugin id 15108 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15108 title Debian DSA-271-1 : ecartis - unauthorized password change NASL family CGI abuses NASL id ECARTIS_HIDDEN_USERNAME.NASL description The remote host is running the Ecartis Mailing List Manager web interface (lsg2.cgi). According to its version number, there is a vulnerability that allows an authenticated user to change anyone last seen 2020-06-01 modified 2020-06-02 plugin id 11505 published 2003-03-30 reporter This script is Copyright (C) 2003-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/11505 title Ecartis HTML Field Manipulation Arbitrary User Password Reset