Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

21 – 29 of 29 results


CVE-2007-1923

Medium priority
Vulnerable

(1) LedgerSMB and (2) DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direct requests. The LedgerSMB...

1 affected packages

sql-ledger

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
sql-ledger Not in release Not in release Not in release Not in release Vulnerable
Show less packages

CVE-2007-1541

Unknown priority
Ignored

Directory traversal vulnerability in am.pl in SQL-Ledger 2.6.27 only checks for the presence of a NULL (%00) character to protect against directory traversal attacks, which allows remote attackers to run arbitrary executables and...

1 affected packages

sql-ledger

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
sql-ledger
Show less packages

CVE-2007-1540

Unknown priority
Ignored

Directory traversal vulnerability in am.pl in (1) SQL-Ledger 2.6.27 and earlier, and (2) LedgerSMB before 1.2.0, allows remote attackers to run arbitrary executables and bypass authentication via a .. (dot dot) sequence and...

1 affected packages

sql-ledger

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
sql-ledger
Show less packages

CVE-2007-1437

Unknown priority
Ignored

Unspecified vulnerability in LedgerSMB before 1.1.5 and SQL-Ledger before 2.6.25 allows remote attackers to overwrite files and possibly bypass authentication, and remote authenticated users to execute unauthorized code, by...

1 affected packages

sql-ledger

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
sql-ledger
Show less packages

CVE-2007-1436

Unknown priority
Ignored

Unspecified vulnerability in admin.pl in SQL-Ledger before 2.6.26 and LedgerSMB before 1.1.9 allows remote attackers to bypass authentication via unknown vectors that prevents a password check from occurring.

1 affected packages

sql-ledger

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
sql-ledger
Show less packages

CVE-2007-1329

Medium priority
Ignored

Directory traversal vulnerability in SQL-Ledger, and LedgerSMB before 1.1.5, allows remote attackers to read and overwrite arbitrary files, and execute arbitrary code, via . (dot) characters adjacent to (1) users and (2)...

1 affected packages

sql-ledger

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
sql-ledger Not in release Not in release Not in release Ignored
Show less packages

CVE-2007-0667

Medium priority
Ignored

The redirect function in Form.pm for (1) LedgerSMB before 1.1.5 and (2) SQL-Ledger allows remote authenticated users to execute arbitrary code via redirects, related to callbacks, a different issue than CVE-2006-5872.

1 affected packages

sql-ledger

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
sql-ledger Not in release Not in release Not in release Ignored
Show less packages

CVE-2006-4798

Unknown priority
Fixed

SQL-Ledger before 2.4.4 stores a password in a query string, which might allow context-dependent attackers to obtain the password via a Referer field or browser history.

1 affected packages

sql-ledger

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
sql-ledger
Show less packages

CVE-2006-4244

Unknown priority

Some fixes available 7 of 8

SQL-Ledger 2.4.4 through 2.6.17 authenticates users by verifying that the value of the sql-ledger-[username] cookie matches the value of the sessionid parameter, which allows remote attackers to gain access as any logged-in user...

1 affected packages

sql-ledger

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
sql-ledger
Show less packages