---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Lyris ListManager Multiple Vulnerabilities SECUNIA ADVISORY ID: SA36823 VERIFY ADVISORY: http://secunia.com/advisories/36823/ DESCRIPTION: Some weaknesses and some vulnerabilities have been reported in Lyris ListManager, which can be exploited by malicious people to disclose system information and conduct cross-site scripting or cross-site request forgery attacks. 1) The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. initiate a file upload to another site when a logged-in administrator visits a malicious web page. 2) Input passed to various parameters in various scripts (e.g. the "page" parameter in read/attach_file.tml, read/attachment_too_large.tml, and read/confirm_file_attach.tml, to the "emailaddr" parameter in read/login/ndex.tml and read/login/sent_password.tml, the "list" parameter in subscribe/subscribe, and the "max" parameter in utilities/db/showsql) is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. 3) Certain error messages include system information (e.g. the path to the web root directory or ListManager and SQL server versions). 4) Different messages are returned depending on whether a password recovery attempt is performed with a valid or invalid username. This can be exploited to identify valid usernames via multiple password recovery attempts. SOLUTION: Filter malicious characters and character sequences using a proxy. Do not visit other web sites while being logged-in to ListManager. PROVIDED AND/OR DISCOVERED BY: Richard Brain and Adrian Pastor, ProCheckUp Ltd ORIGINAL ADVISORY: http://www.procheckup.com/vulnerability_manager/documents/document_1254179990_572/New_Listmanager_paper_v2.pdf ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------