Vulnerability Description
Lyris ListManager 8.8 through 8.9b allows remote attackers to obtain sensitive information by causing errors in TML scripts, such as via direct requests, which leaks the installation path, SQL queries, or product code in diagnostic messages.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Lyris Technologies Inc | Listmanager | 5.0 |
References
- http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0349.html
- http://metasploit.com/research/vulns/lyris_listmanager/
- http://secunia.com/advisories/17943Vendor Advisory
- http://www.securityfocus.com/archive/1/419077/100/0/threaded
- http://www.vupen.com/english/advisories/2005/2820
- http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0349.html
- http://metasploit.com/research/vulns/lyris_listmanager/
- http://secunia.com/advisories/17943Vendor Advisory
- http://www.securityfocus.com/archive/1/419077/100/0/threaded
- http://www.vupen.com/english/advisories/2005/2820
FAQ
What is CVE-2005-4149?
CVE-2005-4149 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Lyris ListManager 8.8 through 8.9b allows remote attackers to obtain sensitive information by causing errors in TML scripts, such as via direct requests, which leaks the installation path, SQL queries...
How severe is CVE-2005-4149?
CVE-2005-4149 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-4149?
Check the references section above for vendor advisories and patch information. Affected products include: Lyris Technologies Inc Listmanager.