{"api_version":"1","generated_at":"2026-07-03T23:45:02+00:00","cve":"CVE-2006-1044","urls":{"html":"https://cve.report/CVE-2006-1044","api":"https://cve.report/api/cve/CVE-2006-1044.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2006-1044","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2006-1044"},"summary":{"title":"CVE-2006-1044","description":"Multiple buffer overflows in LISTSERV 14.3 and 14.4, including LISTSERV Lite and HPO, with the web archive interface enabled, allow remote attackers to execute arbitrary code via unknown attack vectors related to the WA CGI.  NOTE: technical details will be released after the grace period has ended on 20060603.","state":"PUBLISHED","assigner":"mitre","published_at":"2006-03-07 11:02:00","updated_at":"2025-04-03 01:03:51"},"problem_types":["NVD-CWE-Other","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"7.5","severity":"","vector":"AV:N/AC:L/Au:N/C:P/I:P/A:P","data":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"}}],"references":[{"url":"http://securitytracker.com/id?1015722","name":"http://securitytracker.com/id?1015722","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"],"title":"SecurityTracker.com Archives - LISTSERV Web Archive Interface Unspecified Bugs Let Remote Users Execute Arbitrary Code","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/16951","name":"http://www.securityfocus.com/bid/16951","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"L-Soft Listserv 14.3 and 14.4 Multiple Unspecified Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.securityfocus.com/archive/1/426770/100/0/threaded","name":"http://www.securityfocus.com/archive/1/426770/100/0/threaded","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.lsoft.com/manuals/1.8e/relnotes/LISTSERV14.5-Release-Notes.html#wasecurityalert","name":"http://www.lsoft.com/manuals/1.8e/relnotes/LISTSERV14.5-Release-Notes.html#wasecurityalert","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.ngssoftware.com/advisories/listserv_3.txt","name":"http://www.ngssoftware.com/advisories/listserv_3.txt","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Advisories - Research - Next Generation Security Software","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://www.vupen.com/english/advisories/2006/0824","name":"http://www.vupen.com/english/advisories/2006/0824","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Webmail : Solution de messagerie professionnelle - OVHcloud- OVH","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.kb.cert.org/vuls/id/841132","name":"http://www.kb.cert.org/vuls/id/841132","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["US Government Resource"],"title":"US-CERT Vulnerability Note VU#841132","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/19106","name":"http://secunia.com/advisories/19106","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"LISTSERV WA CGI Script Buffer Overflow Vulnerabilities - Secunia Advisories - Vulnerability Intelligence - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/25168","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/25168","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2006-1044","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2006-1044","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2006","cve_id":"1044","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"lsoft","cpe5":"listserv","cpe6":"14.3","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"1044","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"lsoft","cpe5":"listserv","cpe6":"14.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2006","cve_id":"1044","cve":"CVE-2006-1044","epss":"0.251300000","percentile":"0.961890000","score_date":"2026-04-16","updated_at":"2026-04-17 00:09:25"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T16:56:14.706Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"listserv-wa-cgi-bo(25168)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/25168"},{"name":"VU#841132","tags":["third-party-advisory","x_refsource_CERT-VN","x_transferred"],"url":"http://www.kb.cert.org/vuls/id/841132"},{"name":"20060304 Critical Risk Vulnerability in L-Soft Listserv","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://www.securityfocus.com/archive/1/426770/100/0/threaded"},{"name":"19106","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/19106"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://www.ngssoftware.com/advisories/listserv_3.txt"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://www.lsoft.com/manuals/1.8e/relnotes/LISTSERV14.5-Release-Notes.html#wasecurityalert"},{"name":"1015722","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://securitytracker.com/id?1015722"},{"name":"ADV-2006-0824","tags":["vdb-entry","x_refsource_VUPEN","x_transferred"],"url":"http://www.vupen.com/english/advisories/2006/0824"},{"name":"16951","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/16951"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2006-03-04T00:00:00.000Z","descriptions":[{"lang":"en","value":"Multiple buffer overflows in LISTSERV 14.3 and 14.4, including LISTSERV Lite and HPO, with the web archive interface enabled, allow remote attackers to execute arbitrary code via unknown attack vectors related to the WA CGI.  NOTE: technical details will be released after the grace period has ended on 20060603."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2018-10-18T14:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"listserv-wa-cgi-bo(25168)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/25168"},{"name":"VU#841132","tags":["third-party-advisory","x_refsource_CERT-VN"],"url":"http://www.kb.cert.org/vuls/id/841132"},{"name":"20060304 Critical Risk Vulnerability in L-Soft Listserv","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://www.securityfocus.com/archive/1/426770/100/0/threaded"},{"name":"19106","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/19106"},{"tags":["x_refsource_MISC"],"url":"http://www.ngssoftware.com/advisories/listserv_3.txt"},{"tags":["x_refsource_CONFIRM"],"url":"http://www.lsoft.com/manuals/1.8e/relnotes/LISTSERV14.5-Release-Notes.html#wasecurityalert"},{"name":"1015722","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://securitytracker.com/id?1015722"},{"name":"ADV-2006-0824","tags":["vdb-entry","x_refsource_VUPEN"],"url":"http://www.vupen.com/english/advisories/2006/0824"},{"name":"16951","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/16951"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2006-1044","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Multiple buffer overflows in LISTSERV 14.3 and 14.4, including LISTSERV Lite and HPO, with the web archive interface enabled, allow remote attackers to execute arbitrary code via unknown attack vectors related to the WA CGI.  NOTE: technical details will be released after the grace period has ended on 20060603."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"listserv-wa-cgi-bo(25168)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/25168"},{"name":"VU#841132","refsource":"CERT-VN","url":"http://www.kb.cert.org/vuls/id/841132"},{"name":"20060304 Critical Risk Vulnerability in L-Soft Listserv","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/426770/100/0/threaded"},{"name":"19106","refsource":"SECUNIA","url":"http://secunia.com/advisories/19106"},{"name":"http://www.ngssoftware.com/advisories/listserv_3.txt","refsource":"MISC","url":"http://www.ngssoftware.com/advisories/listserv_3.txt"},{"name":"http://www.lsoft.com/manuals/1.8e/relnotes/LISTSERV14.5-Release-Notes.html#wasecurityalert","refsource":"CONFIRM","url":"http://www.lsoft.com/manuals/1.8e/relnotes/LISTSERV14.5-Release-Notes.html#wasecurityalert"},{"name":"1015722","refsource":"SECTRACK","url":"http://securitytracker.com/id?1015722"},{"name":"ADV-2006-0824","refsource":"VUPEN","url":"http://www.vupen.com/english/advisories/2006/0824"},{"name":"16951","refsource":"BID","url":"http://www.securityfocus.com/bid/16951"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2006-1044","datePublished":"2006-03-07T11:00:00.000Z","dateReserved":"2006-03-07T00:00:00.000Z","dateUpdated":"2024-08-07T16:56:14.706Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2006-03-07 11:02:00","lastModifiedDate":"2025-04-03 01:03:51","problem_types":["NVD-CWE-Other","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":true,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:lsoft:listserv:14.3:*:*:*:*:*:*:*","matchCriteriaId":"6691A12F-371D-45FA-922D-D026BB2CFFCC"},{"vulnerable":true,"criteria":"cpe:2.3:a:lsoft:listserv:14.4:*:*:*:*:*:*:*","matchCriteriaId":"16931727-BA58-4E3A-9C2B-CF998CE654BD"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2006","CveId":"1044","Ordinal":"1","Title":"CVE-2006-1044","CVE":"CVE-2006-1044","Year":"2006"},"notes":[{"CveYear":"2006","CveId":"1044","Ordinal":"1","NoteData":"Multiple buffer overflows in LISTSERV 14.3 and 14.4, including LISTSERV Lite and HPO, with the web archive interface enabled, allow remote attackers to execute arbitrary code via unknown attack vectors related to the WA CGI.  NOTE: technical details will be released after the grace period has ended on 20060603.","Type":"Description","Title":"CVE-2006-1044"},{"CveYear":"2006","CveId":"1044","Ordinal":"2","NoteData":"2006-03-07","Type":"Other","Title":"Published"},{"CveYear":"2006","CveId":"1044","Ordinal":"3","NoteData":"2018-10-18","Type":"Other","Title":"Modified"}]}}}