VYPR
Vendor

Listar

Products
1
CVEs
8
Across products
8
Status
Private

Products

1

Recent CVEs

8
  • CVE-2025-12577MedDec 6, 2025
    risk 0.28cvss 4.3epss 0.00

    The Listar – Directory Listing & Classifieds WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the '/wp-json/listar/v1/place/save' REST API endpoint in all versions up to, and including, 3.0.0. This…

  • CVE-2025-12574MedDec 6, 2025
    risk 0.28cvss 4.3epss 0.00

    The Listar – Directory Listing & Classifieds WordPress Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the '/wp-json/listar/v1/place/delete' REST API endpoint in all versions up to, and including, 3.0.0. This makes it…

  • CVE-2002-0468Aug 12, 2002
    risk 0.03cvss epss 0.01

    Buffer overflows in Ecartis (formerly Listar) 1.0.0 in snapshot 20020427 and earlier allow local users to gain privileges via (1) a long command line argument, which is not properly handled in core.c, or possibly via bad uses of sprintf() in (2) moderate.c, (3) lcgi.c, (4)…

  • CVE-2021-41065Dec 14, 2021
    risk 0.00cvss epss 0.01

    An issue was discovered in Listary through 6. An attacker can create a \\.\pipe\Listary.listaryService named pipe and wait for a privileged user to open a session on the Listary installed host. Listary will automatically access the named pipe and the attacker will be able to…

  • CVE-2021-41066Dec 14, 2021
    risk 0.00cvss epss 0.01

    An issue was discovered in Listary through 6. When Listary is configured as admin, Listary will not ask for permissions again if a user tries to access files on the system from Listary itself (it will bypass UAC protection; there is no privilege validation of the current user…

  • CVE-2021-41067Dec 14, 2021
    risk 0.00cvss epss 0.01

    An issue was discovered in Listary through 6. Improper implementation of the update process leads to the download of software updates with a /check-update HTTP-based connection. This can be exploited with MITM techniques. Together with the lack of package validation, it can lead…

  • CVE-2002-0469Aug 12, 2002
    risk 0.00cvss epss 0.00

    Ecartis (formerly Listar) 1.0.0 in snapshot 20020125 and earlier does not properly drop privileges when Ecartis is installed setuid-root, "lock-to-user" is not set, and ecartis is called by certain MTA's, which could allow local users to gain privileges.

  • CVE-2002-0467Aug 12, 2002
    risk 0.00cvss epss 0.06

    Buffer overflows in Ecartis (formerly Listar) 1.0.0 before snapshot 20020125 allows remote attackers to execute arbitrary code via (1) address_match() of mystring.c or (2) other functions in tolist.c.