Lsoft: >> Listserv >> 14.4 Security Vulnerabilities
The REPORT (after z but before a) parameter in wa.exe in L-Soft LISTSERV 16.5 before 17 allows an attacker to conduct XSS attacks via a crafted URL.
CVSS Score
6.1
EPSS Score
0.328
Published
2023-03-05
Reflected cross site scripting (XSS) in L-Soft LISTSERV before 16.5-2018a exists via the /scripts/wa.exe OK parameter.
CVSS Score
6.1
EPSS Score
0.152
Published
2019-08-26
Multiple buffer overflows in LISTSERV 14.3 and 14.4, including LISTSERV Lite and HPO, with the web archive interface enabled, allow remote attackers to execute arbitrary code via unknown attack vectors related to the WA CGI. NOTE: technical details will be released after the grace period has ended on 20060603.
CVSS Score
7.5
EPSS Score
0.251
Published
2006-03-07
Buffer overflow in listserv allows arbitrary command execution.
CVSS Score
7.5
EPSS Score
0.009
Published
1997-01-01