Lucene search
+L

205 matches found

OSV
OSV
added 2008/09/15 3:14 p.m.5 views

CVE-2008-4078

SQL injection vulnerability in the AR/AP transaction report in 1 LedgerSMB LSMB before 1.2.15 and 2 SQL-Ledger 2.8.17 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...

8.2AI score
Exploits0References9
OSV
OSV
added 2008/09/15 3:14 p.m.10 views

CVE-2008-4077

The CGI scripts in 1 LedgerSMB LSMB before 1.2.15 and 2 SQL-Ledger 2.8.17 and earlier allow remote attackers to cause a denial of service resource exhaustion via an HTTP POST request with a large Content-Length...

6.9AI score
Exploits0References9
OSV
OSV
added 2008/09/15 3:14 p.m.4 views

DEBIAN-CVE-2008-4078

SQL injection vulnerability in the AR/AP transaction report in 1 LedgerSMB LSMB before 1.2.15 and 2 SQL-Ledger 2.8.17 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...

6.5CVSS8.5AI score0.01624EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2008/09/15 3:14 p.m.16 views

CVE-2008-4078

SQL injection vulnerability in the AR/AP transaction report in 1 LedgerSMB LSMB before 1.2.15 and 2 SQL-Ledger 2.8.17 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...

6.5CVSS6.2AI score0.01624EPSS
Exploits0References1
Prion
Prion
added 2008/09/15 3:14 p.m.12 views

Sql injection

SQL injection vulnerability in the AR/AP transaction report in 1 LedgerSMB LSMB before 1.2.15 and 2 SQL-Ledger 2.8.17 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...

6.5CVSS8.5AI score0.01624EPSS
Exploits0References6Affected Software2
Prion
Prion
added 2008/09/15 3:14 p.m.15 views

Code injection

The CGI scripts in 1 LedgerSMB LSMB before 1.2.15 and 2 SQL-Ledger 2.8.17 and earlier allow remote attackers to cause a denial of service resource exhaustion via an HTTP POST request with a large Content-Length...

7.8CVSS7.2AI score0.02831EPSS
Exploits0References6Affected Software2
CVE
CVE
added 2008/09/15 3:0 p.m.44 views

CVE-2008-4078

SQL injection in the AR/AP transaction report affects LedgerSMB < 1.2.15 and SQL-Ledger

6.5CVSS7.9AI score0.01624EPSS
Exploits0References6Affected Software2
Cvelist
Cvelist
added 2008/09/15 3:0 p.m.17 views

CVE-2008-4078

SQL injection vulnerability in the AR/AP transaction report in 1 LedgerSMB LSMB before 1.2.15 and 2 SQL-Ledger 2.8.17 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...

7.9AI score0.01624EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2008/09/15 3:0 p.m.21 views

CVE-2008-4078

SQL injection vulnerability in the AR/AP transaction report in 1 LedgerSMB LSMB before 1.2.15 and 2 SQL-Ledger 2.8.17 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...

6.5CVSS6.1AI score0.01624EPSS
Exploits0
Cvelist
Cvelist
added 2008/09/15 3:0 p.m.23 views

CVE-2008-4077

The CGI scripts in 1 LedgerSMB LSMB before 1.2.15 and 2 SQL-Ledger 2.8.17 and earlier allow remote attackers to cause a denial of service resource exhaustion via an HTTP POST request with a large Content-Length...

6.6AI score0.02831EPSS
Exploits0References6
Debian CVE
Debian CVE
added 2008/09/15 3:0 p.m.18 views

CVE-2008-4077

The CGI scripts in 1 LedgerSMB LSMB before 1.2.15 and 2 SQL-Ledger 2.8.17 and earlier allow remote attackers to cause a denial of service resource exhaustion via an HTTP POST request with a large Content-Length...

7.8CVSS3.6AI score0.02831EPSS
Exploits0
CVE
CVE
added 2008/09/15 3:0 p.m.48 views

CVE-2008-4077

LedgerSMB pre-1.2.15 and SQL-Ledger 2.8.17 and earlier are affected by CVE-2008-4077. The issue arises in the CGI scripts, where an HTTP POST with a large Content-Length can cause resource exhaustion (DoS). The vulnerability is exploited remotely via crafted requests to the CGI endpoints. Remedia...

7.8CVSS6.6AI score0.02831EPSS
Exploits0References6Affected Software2
Positive Technologies
Positive Technologies
added 2008/09/15 12:0 a.m.4 views

PT-2008-5381 · Ledgersmb +2 · Ledgersmb +2

Name of the Vulnerable Software and Affected Versions: LedgerSMB versions prior to 1.2.15 SQL-Ledger versions prior to 2.8.18 Description: The issue allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. This is a SQL injection vulnerability in the AR/AP...

6.5CVSS7.7AI score0.01624EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2008/09/15 12:0 a.m.10 views

PT-2008-5380 · Ledgersmb +2 · Ledgersmb +2

Name of the Vulnerable Software and Affected Versions: LedgerSMB versions prior to 1.2.15 SQL-Ledger versions 2.8.17 and earlier Description: The issue allows remote attackers to cause a denial of service, specifically resource exhaustion, via an HTTP POST request with a large Content-Length. Thi...

7.8CVSS6.7AI score0.02831EPSS
Exploits0References13
seebug.org
seebug.org
added 2008/09/14 12:0 a.m.15 views

LedgerSMB 1.2.15之前版本存在多个漏洞

BUGTRAQ ID: 31109 CNCAN ID:CNCAN-2008091102 LedgerSMB是一款开源的ERP系统。 LedgerSMB存在多个输入验证问题,远程攻击者可以利用漏洞消耗大量资源,破坏应用程序或访问修改数据。 1,CGI脚本从$ENVCONTENTLENGTH中读取查询字符串,允许POST大量数据而导致拒绝服务攻击,此漏洞无需验证。 2,AR/AP事务报告存在SQL注入,在生成报告时对参数缺少充分过滤,可导致任意SQL注入到查询中。 LedgerSMB LedgerSMB 1.2.8 LedgerSMB LedgerSMB 1.2.7 LedgerSMB...

6.9AI score
Exploits0
securityvulns
securityvulns
added 2008/09/10 12:0 a.m.41 views

Multiple Vulnerabilities: LedgerSMB < 1.2.15

Multiple vulnerabilities: LedgerSMB Synopsis: Two vulnerabilities announced in LedgerSMB for versions prior to 1.2.15 Status: Corrected in version 1.2.15 and later vendor fix available. Impact: Resource exhaustion on server, arbitrary SQL command execution. Other software affected: SQL-Ledger, al...

2.3AI score
Exploits0
OSV
OSV
added 2007/10/11 10:17 a.m.4 views

DEBIAN-CVE-2007-5372

Multiple SQL injection vulnerabilities in a LedgerSMB 1.0.0 through 1.2.7 and b DWS Systems SQL-Ledger 2.x allow remote attackers to execute arbitrary SQL commands via 1 the invoice quantity field or 2 the sort field...

10CVSS8.8AI score0.02407EPSS
Exploits0References1
NVD
NVD
added 2007/10/11 10:17 a.m.16 views

CVE-2007-5372

Multiple SQL injection vulnerabilities in a LedgerSMB 1.0.0 through 1.2.7 and b DWS Systems SQL-Ledger 2.x allow remote attackers to execute arbitrary SQL commands via 1 the invoice quantity field or 2 the sort field...

10CVSS8.5AI score0.02407EPSS
Exploits0References11
Prion
Prion
added 2007/10/11 10:17 a.m.24 views

Sql injection

Multiple SQL injection vulnerabilities in a LedgerSMB 1.0.0 through 1.2.7 and b DWS Systems SQL-Ledger 2.x allow remote attackers to execute arbitrary SQL commands via 1 the invoice quantity field or 2 the sort field...

10CVSS9.2AI score0.02407EPSS
Exploits0References11Affected Software2
OSV
OSV
added 2007/10/11 10:17 a.m.7 views

CVE-2007-5372

Multiple SQL injection vulnerabilities in a LedgerSMB 1.0.0 through 1.2.7 and b DWS Systems SQL-Ledger 2.x allow remote attackers to execute arbitrary SQL commands via 1 the invoice quantity field or 2 the sort field...

8.8AI score
Exploits0References11
Rows per page
Query Builder