Search CVE reports
11 – 20 of 29 results
CVE-2009-3584
Low prioritySQL-Ledger 2.8.24 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
1 affected packages
sql-ledger
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
sql-ledger | Not in release | Not in release | Not in release | Not in release | Vulnerable |
CVE-2009-3583
Medium priorityDirectory traversal vulnerability in the Preferences menu item in SQL-Ledger 2.8.24 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the countrycode field.
1 affected packages
sql-ledger
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
sql-ledger | Not in release | Not in release | Not in release | Not in release | Vulnerable |
CVE-2009-3582
Medium priorityMultiple SQL injection vulnerabilities in the delete subroutine in SQL-Ledger 2.8.24 allow remote authenticated users to execute arbitrary SQL commands via the (1) id and possibly (2) db parameters in a Delete action to the output...
1 affected packages
sql-ledger
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
sql-ledger | Not in release | Not in release | Not in release | Not in release | Vulnerable |
CVE-2009-3581
Low priorityMultiple cross-site scripting (XSS) vulnerabilities in SQL-Ledger 2.8.24 allow remote authenticated users to inject arbitrary web script or HTML via (1) the DCN Description field in the Accounts Receivables menu item for...
1 affected packages
sql-ledger
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
sql-ledger | Not in release | Not in release | Not in release | Not in release | Vulnerable |
CVE-2009-3580
Medium priorityCross-site request forgery (CSRF) vulnerability in am.pl in SQL-Ledger 2.8.24 allows remote attackers to hijack the authentication of arbitrary users for requests that change a password via the login, new_password,...
1 affected packages
sql-ledger
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
sql-ledger | Not in release | Not in release | Not in release | Not in release | Vulnerable |
CVE-2008-4078
Medium prioritySQL injection vulnerability in the AR/AP transaction report in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
1 affected packages
sql-ledger
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
sql-ledger | — | — | — | — | — |
CVE-2008-4077
Medium priorityThe CGI scripts in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allow remote attackers to cause a denial of service (resource exhaustion) via an HTTP POST request with a large Content-Length.
1 affected packages
sql-ledger
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
sql-ledger | — | — | — | — | — |
CVE-2007-5156
Medium prioritySome fixes available 2 of 3
Incomplete blacklist vulnerability in editor/filemanager/upload/php/upload.php in FCKeditor, as used in SiteX CMS 0.7.3.beta, La-Nai CMS, Syntax CMS, Cardinal Cms, and probably other products, allows remote attackers to upload and...
1 affected packages
knowledgeroot
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
knowledgeroot | — | — | — | — | — |
CVE-2007-3215
Unknown prioritySome fixes available 25 of 38
PHPMailer 1.7, when configured to use sendmail, allows remote attackers to execute arbitrary shell commands via shell metacharacters in the SendmailSend function in class.phpmailer.php.
8 affected packages
flyspray, glpi, ipplan, knowledgeroot, libphp-phpmailer...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
flyspray | — | — | — | — | — |
glpi | — | — | — | — | — |
ipplan | — | — | — | — | — |
knowledgeroot | — | — | — | — | — |
libphp-phpmailer | — | — | — | — | — |
moodle | — | — | — | — | — |
owl-dms | — | — | — | — | — |
wordpress | — | — | — | — | — |
CVE-2007-3163
Unknown prioritySome fixes available 2 of 3
Incomplete blacklist vulnerability in the filemanager in Frederico Caldeira Knabben FCKeditor 2.4.2 allows remote attackers to upload arbitrary .php files via an alternate data stream syntax, as demonstrated by...
1 affected packages
knowledgeroot
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
knowledgeroot | — | — | — | — | — |