228 matches found
Code injection
The CGI scripts in 1 LedgerSMB LSMB before 1.2.15 and 2 SQL-Ledger 2.8.17 and earlier allow remote attackers to cause a denial of service resource exhaustion via an HTTP POST request with a large Content-Length...
CVE-2008-4077
The CGI scripts in 1 LedgerSMB LSMB before 1.2.15 and 2 SQL-Ledger 2.8.17 and earlier allow remote attackers to cause a denial of service resource exhaustion via an HTTP POST request with a large Content-Length...
CVE-2008-4078
SQL injection in the AR/AP transaction report affects LedgerSMB < 1.2.15 and SQL-Ledger
CVE-2008-4078
SQL injection vulnerability in the AR/AP transaction report in 1 LedgerSMB LSMB before 1.2.15 and 2 SQL-Ledger 2.8.17 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...
CVE-2008-4078
SQL injection vulnerability in the AR/AP transaction report in 1 LedgerSMB LSMB before 1.2.15 and 2 SQL-Ledger 2.8.17 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...
CVE-2008-4077
The CGI scripts in 1 LedgerSMB LSMB before 1.2.15 and 2 SQL-Ledger 2.8.17 and earlier allow remote attackers to cause a denial of service resource exhaustion via an HTTP POST request with a large Content-Length...
CVE-2008-4077
LedgerSMB pre-1.2.15 and SQL-Ledger 2.8.17 and earlier are affected by CVE-2008-4077. The issue arises in the CGI scripts, where an HTTP POST with a large Content-Length can cause resource exhaustion (DoS). The vulnerability is exploited remotely via crafted requests to the CGI endpoints. Remedia...
PT-2008-5380 · Ledgersmb +2 · Ledgersmb +2
Name of the Vulnerable Software and Affected Versions: LedgerSMB versions prior to 1.2.15 SQL-Ledger versions 2.8.17 and earlier Description: The issue allows remote attackers to cause a denial of service, specifically resource exhaustion, via an HTTP POST request with a large Content-Length. Thi...
Multiple Vulnerabilities: LedgerSMB < 1.2.15
Multiple vulnerabilities: LedgerSMB Synopsis: Two vulnerabilities announced in LedgerSMB for versions prior to 1.2.15 Status: Corrected in version 1.2.15 and later vendor fix available. Impact: Resource exhaustion on server, arbitrary SQL command execution. Other software affected: SQL-Ledger, al...
FreeBSD Ports: sql-ledger
The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
FreeBSD Ports: sql-ledger
The remote host is missing an update to the system as announced in the referenced advisory. VID 8e02441d-d39c-11db-a6da-0003476f14d3 OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...
FreeBSD Ports: sql-ledger
The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
FreeBSD Ports: sql-ledger
The remote host is missing an update to the system as announced in the referenced advisory. VID 0679deeb-8eaf-11db-abc9-0003476f14d3 OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...
Debian: Security Advisory (DSA-1239-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian Security Advisory DSA 1239-1 (sql-ledger)
The remote host is missing an update to sql-ledger announced via advisory DSA 1239-1. Several remote vulnerabilities have been discovered in SQL Ledger, a web based double-entry accounting program, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project...
DEBIAN-CVE-2007-5372
Multiple SQL injection vulnerabilities in a LedgerSMB 1.0.0 through 1.2.7 and b DWS Systems SQL-Ledger 2.x allow remote attackers to execute arbitrary SQL commands via 1 the invoice quantity field or 2 the sort field...
CVE-2007-5372
The CVE-2007-5372 entry documents multiple SQL injection vulnerabilities in LedgerSMB (1.0.0–1.2.7) and DWS Systems SQL-Ledger (2.x), allowing remote attackers to execute arbitrary SQL commands via (1) the invoice quantity field or (2) the sort field. Affected components and exact root cause are ...
CVE-2007-5372
Multiple SQL injection vulnerabilities in a LedgerSMB 1.0.0 through 1.2.7 and b DWS Systems SQL-Ledger 2.x allow remote attackers to execute arbitrary SQL commands via 1 the invoice quantity field or 2 the sort field...
SQL-Ledger < 2.6.27 Multiple Fields SQL Injection
Binary data 4237.prm...
LedgerSMB < 1.2.8, SQL-Ledger 2.x Multiple SQL Injection Issues
Severity: Critical Effect: Compromise of FInancial Data, deletion of audit trails, alteration of system settings, disclosure of confidential information possible in some setups. Affected products: LedgerSMB 1.0.0-1.2.7 , SQL-Ledger 2.x all versions. 1: SQL injection issue in invoice quantity fiel...