205 matches found
CVE-2008-4078
SQL injection vulnerability in the AR/AP transaction report in 1 LedgerSMB LSMB before 1.2.15 and 2 SQL-Ledger 2.8.17 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...
CVE-2008-4077
The CGI scripts in 1 LedgerSMB LSMB before 1.2.15 and 2 SQL-Ledger 2.8.17 and earlier allow remote attackers to cause a denial of service resource exhaustion via an HTTP POST request with a large Content-Length...
DEBIAN-CVE-2008-4078
SQL injection vulnerability in the AR/AP transaction report in 1 LedgerSMB LSMB before 1.2.15 and 2 SQL-Ledger 2.8.17 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...
CVE-2008-4078
SQL injection vulnerability in the AR/AP transaction report in 1 LedgerSMB LSMB before 1.2.15 and 2 SQL-Ledger 2.8.17 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...
Sql injection
SQL injection vulnerability in the AR/AP transaction report in 1 LedgerSMB LSMB before 1.2.15 and 2 SQL-Ledger 2.8.17 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...
Code injection
The CGI scripts in 1 LedgerSMB LSMB before 1.2.15 and 2 SQL-Ledger 2.8.17 and earlier allow remote attackers to cause a denial of service resource exhaustion via an HTTP POST request with a large Content-Length...
CVE-2008-4078
SQL injection in the AR/AP transaction report affects LedgerSMB < 1.2.15 and SQL-Ledger
CVE-2008-4078
SQL injection vulnerability in the AR/AP transaction report in 1 LedgerSMB LSMB before 1.2.15 and 2 SQL-Ledger 2.8.17 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...
CVE-2008-4078
SQL injection vulnerability in the AR/AP transaction report in 1 LedgerSMB LSMB before 1.2.15 and 2 SQL-Ledger 2.8.17 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...
CVE-2008-4077
The CGI scripts in 1 LedgerSMB LSMB before 1.2.15 and 2 SQL-Ledger 2.8.17 and earlier allow remote attackers to cause a denial of service resource exhaustion via an HTTP POST request with a large Content-Length...
CVE-2008-4077
The CGI scripts in 1 LedgerSMB LSMB before 1.2.15 and 2 SQL-Ledger 2.8.17 and earlier allow remote attackers to cause a denial of service resource exhaustion via an HTTP POST request with a large Content-Length...
CVE-2008-4077
LedgerSMB pre-1.2.15 and SQL-Ledger 2.8.17 and earlier are affected by CVE-2008-4077. The issue arises in the CGI scripts, where an HTTP POST with a large Content-Length can cause resource exhaustion (DoS). The vulnerability is exploited remotely via crafted requests to the CGI endpoints. Remedia...
PT-2008-5381 · Ledgersmb +2 · Ledgersmb +2
Name of the Vulnerable Software and Affected Versions: LedgerSMB versions prior to 1.2.15 SQL-Ledger versions prior to 2.8.18 Description: The issue allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. This is a SQL injection vulnerability in the AR/AP...
PT-2008-5380 · Ledgersmb +2 · Ledgersmb +2
Name of the Vulnerable Software and Affected Versions: LedgerSMB versions prior to 1.2.15 SQL-Ledger versions 2.8.17 and earlier Description: The issue allows remote attackers to cause a denial of service, specifically resource exhaustion, via an HTTP POST request with a large Content-Length. Thi...
LedgerSMB 1.2.15之前版本存在多个漏洞
BUGTRAQ ID: 31109 CNCAN ID:CNCAN-2008091102 LedgerSMB是一款开源的ERP系统。 LedgerSMB存在多个输入验证问题,远程攻击者可以利用漏洞消耗大量资源,破坏应用程序或访问修改数据。 1,CGI脚本从$ENVCONTENTLENGTH中读取查询字符串,允许POST大量数据而导致拒绝服务攻击,此漏洞无需验证。 2,AR/AP事务报告存在SQL注入,在生成报告时对参数缺少充分过滤,可导致任意SQL注入到查询中。 LedgerSMB LedgerSMB 1.2.8 LedgerSMB LedgerSMB 1.2.7 LedgerSMB...
Multiple Vulnerabilities: LedgerSMB < 1.2.15
Multiple vulnerabilities: LedgerSMB Synopsis: Two vulnerabilities announced in LedgerSMB for versions prior to 1.2.15 Status: Corrected in version 1.2.15 and later vendor fix available. Impact: Resource exhaustion on server, arbitrary SQL command execution. Other software affected: SQL-Ledger, al...
DEBIAN-CVE-2007-5372
Multiple SQL injection vulnerabilities in a LedgerSMB 1.0.0 through 1.2.7 and b DWS Systems SQL-Ledger 2.x allow remote attackers to execute arbitrary SQL commands via 1 the invoice quantity field or 2 the sort field...
CVE-2007-5372
Multiple SQL injection vulnerabilities in a LedgerSMB 1.0.0 through 1.2.7 and b DWS Systems SQL-Ledger 2.x allow remote attackers to execute arbitrary SQL commands via 1 the invoice quantity field or 2 the sort field...
Sql injection
Multiple SQL injection vulnerabilities in a LedgerSMB 1.0.0 through 1.2.7 and b DWS Systems SQL-Ledger 2.x allow remote attackers to execute arbitrary SQL commands via 1 the invoice quantity field or 2 the sort field...
CVE-2007-5372
Multiple SQL injection vulnerabilities in a LedgerSMB 1.0.0 through 1.2.7 and b DWS Systems SQL-Ledger 2.x allow remote attackers to execute arbitrary SQL commands via 1 the invoice quantity field or 2 the sort field...