Lucene search
Chris MurtaghEDB-ID:28514HistorySep 12, 2006 - 12:00 a.m.
SQL-Ledger 2.6.x/LedgerSMB 1.0 - 'Terminal' Directory Traversal
2006-09-1200:00:00
Chris Murtagh
www.exploit-db.com
27
AI Score
7.4
Confidence
Low
source: https://www.securityfocus.com/bid/19960/info
SQL-Ledger and LedgerSMB are prone to a remote directory-traversal vulnerability.
An attacker can exploit this issue to include arbitrary files located on the vulnerable computer in the context of the webserver process.
The attacker may be able to use the application's built-in text editor to alter a local file and exploit this issue to execute arbitrary code. This may facilitate a compromise of the vulnerable computer.
SQL-Ledger version 2.6.18 and LedgerSMB version 1.0.0 are vulnerable to this issue.
http://www.example.com/path/login.pl?terminal=../cssRelated
debiancve
debiancve
CVE-2006-4731
2006-09-13 00:07:00
cve
cve
CVE-2006-4731
2006-09-13 00:07:00
nvd
nvd
CVE-2006-4731
2006-09-13 00:07:00
cvelist
cvelist
CVE-2006-4731
2006-09-13 00:00:00
nessus
nessus
FreeBSD : sql-ledger -- multiple vulnerabilities (0679deeb-8eaf-11db-abc9-0003476f14d3)
2006-12-30 00:00:00
Debian DSA-1239-1 : sql-ledger - several vulnerabilities
2006-12-18 00:00:00
openvas
openvas
FreeBSD Ports: sql-ledger
2008-09-04 00:00:00
Debian: Security Advisory (DSA-1239-1)
2008-01-17 00:00:00
FreeBSD Ports: sql-ledger
2008-09-04 00:00:00
debian
debian
[SECURITY] [DSA 1239-1] New sql-ledger packages fix arbitrary code execution
2006-12-17 15:21:18
osv
osv
sql-ledger
2006-12-17 00:00:00
freebsd
freebsd
sql-ledger -- multiple vulnerabilities
2006-12-17 00:00:00