228 matches found
CVE-2007-1923
1 LedgerSMB and 2 DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direct requests. The LedgerSMB affected versions are before 1.3.0...
Improper access control
1 LedgerSMB and 2 DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direct requests. The LedgerSMB affected versions are before 1.3.0...
UBUNTU-CVE-2007-1923
1 LedgerSMB and 2 DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direct requests. The LedgerSMB affected versions are before 1.3.0...
DEBIAN-CVE-2007-1923
1 LedgerSMB and 2 DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direct requests. The LedgerSMB affected versions are before 1.3.0...
PT-2007-3268 · Dws Systems +2 · Sql-Ledger +2
Name of the Vulnerable Software and Affected Versions: LedgerSMB versions prior to 1.3.0 DWS Systems SQL-Ledger affected versions not specified Description: The issue allows remote attackers to access restricted functionality via direct requests, as access control lists are implemented by changin...
CVE-2007-1923
LedgerSMB and DWS Systems SQL-Ledger are affected by CVE-2007-1923 due to access-control weaknesses that let remote attackers access restricted functionality by directly requesting URLs. Affected LedgerSMB versions are prior to 1.3.0; PT-2007-3268 recommends upgrading LedgerSMB to 1.3.0 or later....
CVE-2007-1923
1 LedgerSMB and 2 DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direct requests. The LedgerSMB affected versions are before 1.3.0...
CVE-2007-1923
1 LedgerSMB and 2 DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direct requests. The LedgerSMB affected versions are before 1.3.0...
ACLS ineffective in SQL-Ledger and LedgerSMB
Hi all; I have decided to finally send to this list a serious security flaw in the design of SQL-Ledger all versions. LedgerSMB all versions is also affected but the problem with a workaround has been mentioned in our documentation since the fork. Ordinarily I would not make a big deal out of thi...
LedgerSMB/SQL-Ledger login本地文件包含和验证绕过漏洞
SQL-Ledger/LedgerSMB是开源的ERP系统。 SQL-Ledger/LedgerSMB不正确过滤用户提交的输入,远程攻击者可以利用漏洞以WEB权限查看系统文件内容。 问题是'am.pl'脚本对用户提交的'login'参数缺少过滤,提交恶意脚本代码作为参数数据,并诱使用户访问,可导致获得目标用户敏感信息。 SQL-Ledger SQL-Ledger 2.6.26 SQL-Ledger SQL-Ledger 2.6.25 SQL-Ledger SQL-Ledger 2.6.21 SQL-Ledger SQL-Ledger 2.6.19 SQL-Ledger SQL-Ledge...
CVE-2007-1541
Directory traversal vulnerability in am.pl in SQL-Ledger 2.6.27 only checks for the presence of a NULL %00 character to protect against directory traversal attacks, which allows remote attackers to run arbitrary executables and bypass authentication via a .. dot dot sequence in the login paramete...
CVE-2007-1541
Directory traversal vulnerability in am.pl in SQL-Ledger 2.6.27 only checks for the presence of a NULL %00 character to protect against directory traversal attacks, which allows remote attackers to run arbitrary executables and bypass authentication via a .. dot dot sequence in the login paramete...
DEBIAN-CVE-2007-1540
Directory traversal vulnerability in am.pl in 1 SQL-Ledger 2.6.27 and earlier, and 2 LedgerSMB before 1.2.0, allows remote attackers to run arbitrary executables and bypass authentication via a .. dot dot sequence and trailing NULL %00 in the login parameter. NOTE: this issue was reportedly...
CVE-2007-1540
Directory traversal vulnerability in am.pl in 1 SQL-Ledger 2.6.27 and earlier, and 2 LedgerSMB before 1.2.0, allows remote attackers to run arbitrary executables and bypass authentication via a .. dot dot sequence and trailing NULL %00 in the login parameter. NOTE: this issue was reportedly...
Directory traversal
Directory traversal vulnerability in am.pl in SQL-Ledger 2.6.27 only checks for the presence of a NULL %00 character to protect against directory traversal attacks, which allows remote attackers to run arbitrary executables and bypass authentication via a .. dot dot sequence in the login paramete...
Directory traversal
Directory traversal vulnerability in am.pl in 1 SQL-Ledger 2.6.27 and earlier, and 2 LedgerSMB before 1.2.0, allows remote attackers to run arbitrary executables and bypass authentication via a .. dot dot sequence and trailing NULL %00 in the login parameter. NOTE: this issue was reportedly...
CVE-2007-1540
Directory traversal vulnerability in am.pl in 1 SQL-Ledger 2.6.27 and earlier, and 2 LedgerSMB before 1.2.0, allows remote attackers to run arbitrary executables and bypass authentication via a .. dot dot sequence and trailing NULL %00 in the login parameter. NOTE: this issue was reportedly...
DEBIAN-CVE-2007-1541
Directory traversal vulnerability in am.pl in SQL-Ledger 2.6.27 only checks for the presence of a NULL %00 character to protect against directory traversal attacks, which allows remote attackers to run arbitrary executables and bypass authentication via a .. dot dot sequence in the login paramete...
CVE-2007-1540
Directory traversal vulnerability in am.pl in 1 SQL-Ledger 2.6.27 and earlier, and 2 LedgerSMB before 1.2.0, allows remote attackers to run arbitrary executables and bypass authentication via a .. dot dot sequence and trailing NULL %00 in the login parameter. NOTE: this issue was reportedly...
CVE-2007-1541
Directory traversal vulnerability in am.pl in SQL-Ledger 2.6.27 only checks for the presence of a NULL %00 character to protect against directory traversal attacks, which allows remote attackers to run arbitrary executables and bypass authentication via a .. dot dot sequence in the login paramete...