Vulnerabilities > Lsoft
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-05 | CVE-2023-27641 | Cross-site Scripting vulnerability in Lsoft Listserv The REPORT (after z but before a) parameter in wa.exe in L-Soft LISTSERV 16.5 before 17 allows an attacker to conduct XSS attacks via a crafted URL. | 6.1 |
| 2023-01-17 | CVE-2022-39195 | Cross-site Scripting vulnerability in Lsoft Listserv 17.0 A cross-site scripting (XSS) vulnerability in the LISTSERV 17 web interface allows remote attackers to inject arbitrary JavaScript or HTML via the c parameter. | 6.1 |
| 2023-01-17 | CVE-2022-40319 | Authorization Bypass Through User-Controlled Key vulnerability in Lsoft Listserv 17.0 The LISTSERV 17 web interface allows remote attackers to conduct Insecure Direct Object References (IDOR) attacks via a modified email address in a wa.exe URL. | 7.5 |
| 2019-08-26 | CVE-2019-15501 | Cross-site Scripting vulnerability in Lsoft Listserv Reflected cross site scripting (XSS) in L-Soft LISTSERV before 16.5-2018a exists via the /scripts/wa.exe OK parameter. | 4.3 |
| 2010-07-13 | CVE-2010-2723 | Cross-Site Scripting vulnerability in Lsoft Listserv 15.0/16.0 Cross-site scripting (XSS) vulnerability in LISTSERV 15 and 16 allows remote attackers to inject arbitrary web script or HTML via the T parameter. | 4.3 |
| 2006-03-07 | CVE-2006-1044 | Multiple Unspecified vulnerability in Lsoft Listserv 14.3/14.4 Multiple buffer overflows in LISTSERV 14.3 and 14.4, including LISTSERV Lite and HPO, with the web archive interface enabled, allow remote attackers to execute arbitrary code via unknown attack vectors related to the WA CGI. | 7.5 |
| 2005-05-31 | CVE-2005-1773 | Multiple Unspecified vulnerability in L-Soft Listserv 1.8D/1.8E/14.3 Multiple unknown vulnerabilities in L-Soft LISTSERV 14.3, 1.8e, and 1.8d allow remote attackers to execute arbitrary code or cause a denial of service. | 7.5 |
| 2000-07-17 | CVE-2000-0632 | Unspecified vulnerability in Lsoft Listserv 1.8C/1.8D Buffer overflow in the web archive component of L-Soft Listserv 1.8d and earlier allows remote attackers to execute arbitrary commands via a long query string. | 7.5 |
| 2000-05-03 | CVE-2000-0425 | Unspecified vulnerability in Lsoft Listserv 1.8 Buffer overflow in the Web Archives component of L-Soft LISTSERV 1.8 allows remote attackers to execute arbitrary commands. | 10.0 |
| 1997-01-01 | CVE-1999-0252 | Unspecified vulnerability in Lsoft Listserv Buffer overflow in listserv allows arbitrary command execution. | 7.5 |