Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

11 – 20 of 29 results


CVE-2009-3584

Low priority
Vulnerable

SQL-Ledger 2.8.24 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.

1 affected packages

sql-ledger

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
sql-ledger Not in release Not in release Not in release Not in release Vulnerable
Show less packages

CVE-2009-3583

Medium priority
Vulnerable

Directory traversal vulnerability in the Preferences menu item in SQL-Ledger 2.8.24 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the countrycode field.

1 affected packages

sql-ledger

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
sql-ledger Not in release Not in release Not in release Not in release Vulnerable
Show less packages

CVE-2009-3582

Medium priority
Vulnerable

Multiple SQL injection vulnerabilities in the delete subroutine in SQL-Ledger 2.8.24 allow remote authenticated users to execute arbitrary SQL commands via the (1) id and possibly (2) db parameters in a Delete action to the output...

1 affected packages

sql-ledger

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
sql-ledger Not in release Not in release Not in release Not in release Vulnerable
Show less packages

CVE-2009-3581

Low priority
Vulnerable

Multiple cross-site scripting (XSS) vulnerabilities in SQL-Ledger 2.8.24 allow remote authenticated users to inject arbitrary web script or HTML via (1) the DCN Description field in the Accounts Receivables menu item for...

1 affected packages

sql-ledger

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
sql-ledger Not in release Not in release Not in release Not in release Vulnerable
Show less packages

CVE-2009-3580

Medium priority
Vulnerable

Cross-site request forgery (CSRF) vulnerability in am.pl in SQL-Ledger 2.8.24 allows remote attackers to hijack the authentication of arbitrary users for requests that change a password via the login, new_password,...

1 affected packages

sql-ledger

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
sql-ledger Not in release Not in release Not in release Not in release Vulnerable
Show less packages

CVE-2008-4078

Medium priority
Ignored

SQL injection vulnerability in the AR/AP transaction report in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

1 affected packages

sql-ledger

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
sql-ledger
Show less packages

CVE-2008-4077

Medium priority
Ignored

The CGI scripts in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allow remote attackers to cause a denial of service (resource exhaustion) via an HTTP POST request with a large Content-Length.

1 affected packages

sql-ledger

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
sql-ledger
Show less packages

CVE-2007-5156

Medium priority

Some fixes available 2 of 3

Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and...

1 affected packages

knowledgeroot

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
knowledgeroot
Show less packages

CVE-2007-3215

Unknown priority

Some fixes available 25 of 38

PHPMailer 1.7, when configured to use sendmail, allows remote attackers to execute arbitrary shell commands via shell metacharacters in the SendmailSend function in class.phpmailer.php.

8 affected packages

flyspray, glpi, ipplan, knowledgeroot, libphp-phpmailer...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
flyspray
glpi
ipplan
knowledgeroot
libphp-phpmailer
moodle
owl-dms
wordpress
Show all 8 packages Show less packages

CVE-2007-3163

Unknown priority

Some fixes available 2 of 3

Incomplete blacklist vulnerability in the filemanager in Frederico Caldeira Knabben FCKeditor 2.4.2 allows remote attackers to upload arbitrary .php files via an alternate data stream syntax, as demonstrated by...

1 affected packages

knowledgeroot

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
knowledgeroot
Show less packages