Search CVE reports
21 – 29 of 29 results
CVE-2007-1923
Medium priority(1) LedgerSMB and (2) DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direct requests. The LedgerSMB...
1 affected packages
sql-ledger
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
sql-ledger | Not in release | Not in release | Not in release | Not in release | Vulnerable |
CVE-2007-1541
Unknown priorityDirectory traversal vulnerability in am.pl in SQL-Ledger 2.6.27 only checks for the presence of a NULL (%00) character to protect against directory traversal attacks, which allows remote attackers to run arbitrary executables and...
1 affected packages
sql-ledger
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
sql-ledger | — | — | — | — | — |
CVE-2007-1540
Unknown priorityDirectory traversal vulnerability in am.pl in (1) SQL-Ledger 2.6.27 and earlier, and (2) LedgerSMB before 1.2.0, allows remote attackers to run arbitrary executables and bypass authentication via a .. (dot dot) sequence and...
1 affected packages
sql-ledger
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
sql-ledger | — | — | — | — | — |
CVE-2007-1437
Unknown priorityUnspecified vulnerability in LedgerSMB before 1.1.5 and SQL-Ledger before 2.6.25 allows remote attackers to overwrite files and possibly bypass authentication, and remote authenticated users to execute unauthorized code, by...
1 affected packages
sql-ledger
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
sql-ledger | — | — | — | — | — |
CVE-2007-1436
Unknown priorityUnspecified vulnerability in admin.pl in SQL-Ledger before 2.6.26 and LedgerSMB before 1.1.9 allows remote attackers to bypass authentication via unknown vectors that prevents a password check from occurring.
1 affected packages
sql-ledger
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
sql-ledger | — | — | — | — | — |
CVE-2007-1329
Medium priorityDirectory traversal vulnerability in SQL-Ledger, and LedgerSMB before 1.1.5, allows remote attackers to read and overwrite arbitrary files, and execute arbitrary code, via . (dot) characters adjacent to (1) users and (2)...
1 affected packages
sql-ledger
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
sql-ledger | — | Not in release | Not in release | Not in release | Ignored |
CVE-2007-0667
Medium priorityThe redirect function in Form.pm for (1) LedgerSMB before 1.1.5 and (2) SQL-Ledger allows remote authenticated users to execute arbitrary code via redirects, related to callbacks, a different issue than CVE-2006-5872.
1 affected packages
sql-ledger
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
sql-ledger | — | Not in release | Not in release | Not in release | Ignored |
CVE-2006-4798
Unknown prioritySQL-Ledger before 2.4.4 stores a password in a query string, which might allow context-dependent attackers to obtain the password via a Referer field or browser history.
1 affected packages
sql-ledger
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
sql-ledger | — | — | — | — | — |
CVE-2006-4244
Unknown prioritySome fixes available 7 of 8
SQL-Ledger 2.4.4 through 2.6.17 authenticates users by verifying that the value of the sql-ledger-[username] cookie matches the value of the sessionid parameter, which allows remote attackers to gain access as any logged-in user...
1 affected packages
sql-ledger
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
sql-ledger | — | — | — | — | — |