SmartList ListManager Arbitrary List Addition Vulnerability
BID:13474
Info
SmartList ListManager Arbitrary List Addition Vulnerability
| Bugtraq ID: | 13474 |
| Class: | Access Validation Error |
| CVE: |
CVE-2005-0157 |
| Remote: | Yes |
| Local: | No |
| Published: | May 03 2005 12:00AM |
| Updated: | Jul 12 2009 02:06PM |
| Credit: | Jeroen van Wolffelaar is credited with the discovery of this vulnerability. |
| Vulnerable: |
Smartlist Smartlist 3.15 |
| Not Vulnerable: | |
Discussion
SmartList ListManager Arbitrary List Addition Vulnerability
Smartlist could allow arbitrary email addresses to be added to a mailing list. This issue is due to a vulnerability in the confirm add-on function of Smartlist. The function can be tricked, thus permitting the addition of arbitrary addresses to the list.
Smartlist could allow arbitrary email addresses to be added to a mailing list. This issue is due to a vulnerability in the confirm add-on function of Smartlist. The function can be tricked, thus permitting the addition of arbitrary addresses to the list.
Exploit / POC
SmartList ListManager Arbitrary List Addition Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
SmartList ListManager Arbitrary List Addition Vulnerability
Solution:
Debian Linux has released advisory DSA 720-1 to address this issue. Please see the referenced advisory for details on obtaining and applying updates.
Solution:
Debian Linux has released advisory DSA 720-1 to address this issue. Please see the referenced advisory for details on obtaining and applying updates.
References
SmartList ListManager Arbitrary List Addition Vulnerability
References:
References:
- Smartlist Homepage (Smartlist)