彙總 lsoft 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
歷史漏洞主要涉及 跨站腳本、緩衝區溢位與拒絕服務 等問題,部分漏洞可能導致 工作階段劫持,並影響 生產負載與軟體部署 相關場景。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2023-27641 | The REPORT (after z but before a) parameter in wa.exe in L-Soft LISTSERV 16.5 before 17 allows an attacker to conduct XSS attacks via a crafted URL. | [email protected] | 6.1 | 1.09% | 2023-03-05 | 2026-06-17 |
| CVE-2022-40319 | The LISTSERV 17 web interface allows remote attackers to conduct Insecure Direct Object References (IDOR) attacks via a modified email address in a wa.exe URL. The impact is unauthorized modification of a victim's LISTSERV account. | [email protected] | 7.5 | 7.20% | 2023-01-17 | 2026-06-17 |
| CVE-2022-39195 | A cross-site scripting (XSS) vulnerability in the LISTSERV 17 web interface allows remote attackers to inject arbitrary JavaScript or HTML via the c parameter. | [email protected] | 6.1 | 6.31% | 2023-01-17 | 2026-06-17 |
| CVE-2019-15501 | Reflected cross site scripting (XSS) in L-Soft LISTSERV before 16.5-2018a exists via the /scripts/wa.exe OK parameter. | [email protected] | 6.1 | 8.18% | 2019-08-26 | 2026-06-16 |
| CVE-2010-2723 | Cross-site scripting (XSS) vulnerability in LISTSERV 15 and 16 allows remote attackers to inject arbitrary web script or HTML via the T parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | [email protected] | 4.3 | 0.84% | 2010-07-13 | 2026-06-16 |
| CVE-2006-1044 | Multiple buffer overflows in LISTSERV 14.3 and 14.4, including LISTSERV Lite and HPO, with the web archive interface enabled, allow remote attackers to execute arbitrary code via unknown attack vectors related to the WA CGI. NOTE: technical details will be released after the grace period has ended on 20060603. | [email protected] | 7.5 | 7.49% | 2006-03-07 | 2026-06-16 |
| CVE-2005-1773 | Multiple unknown vulnerabilities in L-Soft LISTSERV 14.3, 1.8e, and 1.8d allow remote attackers to execute arbitrary code or cause a denial of service. NOTE: this candidate may be SPLIT in the future when more precise technical details become available. | [email protected] | 7.5 | 2.69% | 2005-05-31 | 2026-06-16 |
| CVE-2000-0632 | Buffer overflow in the web archive component of L-Soft Listserv 1.8d and earlier allows remote attackers to execute arbitrary commands via a long query string. | [email protected] | 7.5 | 3.57% | 2000-07-17 | 2026-06-16 |
| CVE-2000-0425 | Buffer overflow in the Web Archives component of L-Soft LISTSERV 1.8 allows remote attackers to execute arbitrary commands. | [email protected] | 10.0 | 5.79% | 2000-05-03 | 2026-06-16 |
| CVE-1999-0252 | Buffer overflow in listserv allows arbitrary command execution. | [email protected] | 7.5 | 2.86% | 1997-01-01 | 2026-06-16 |