228 matches found
CVE-2007-1540
Directory traversal vulnerability in am.pl in 1 SQL-Ledger 2.6.27 and earlier, and 2 LedgerSMB before 1.2.0, allows remote attackers to run arbitrary executables and bypass authentication via a .. dot dot sequence and trailing NULL %00 in the login parameter. NOTE: this issue was reportedly...
CVE-2007-1541
CVE-2007-1541 concerns SQL-Ledger 2.6.27 and is a directory traversal vulnerability in the am.pl script. The issue arises because validation only filters for a NULL (%00) character, allowing remote attackers to bypass authentication and access via a .. sequence in the login parameter. Multiple so...
CVE-2007-1541
Directory traversal vulnerability in am.pl in SQL-Ledger 2.6.27 only checks for the presence of a NULL %00 character to protect against directory traversal attacks, which allows remote attackers to run arbitrary executables and bypass authentication via a .. dot dot sequence in the login paramete...
CVE-2007-1540
CVE-2007-1540: Directory traversal in am.pl affects SQL-Ledger 2.6.27 and earlier and LedgerSMB before 1.2.0. The login parameter can be manipulated with a .. sequence and trailing NULL (%00) to run arbitrary executables and bypass authentication. The issue was reportedly addressed in SQL-Ledger ...
CVE-2007-1540
Directory traversal vulnerability in am.pl in 1 SQL-Ledger 2.6.27 and earlier, and 2 LedgerSMB before 1.2.0, allows remote attackers to run arbitrary executables and bypass authentication via a .. dot dot sequence and trailing NULL %00 in the login parameter. NOTE: this issue was reportedly...
CVE-2007-1541
Directory traversal vulnerability in am.pl in SQL-Ledger 2.6.27 only checks for the presence of a NULL %00 character to protect against directory traversal attacks, which allows remote attackers to run arbitrary executables and bypass authentication via a .. dot dot sequence in the login paramete...
overtheledger.txt
Hi; Affected versions: LedgerSMB 1.1.10 but see below, current is 1.1.11 SQL-Ledger 2.6.27 but see below. Current is 2.6.27 Effects: Arbitrary code execution both products and authentication bypass SQL-Ledger only. We have discovered yet another major security issue in both SQL-Ledger for affecte...
LedgerSMB1.01.1 SQL-Ledger 2.6.x - Login Local File Inclusion Authentication Bypass
LedgerSMB1.01.1 SQL-Ledger 2.6.x - Login Local File Inclusion Authentication Bypass source: https://www.securityfocus.com/bid/23034/info LedgerSMB/SQL-Ledger are prone to a local file-include vulnerability because the application fails to sufficiently sanitize user-supplied input. SQL-Ledger is...
LedgerSMB1.0/1.1 / SQL-Ledger 2.6.x - 'Login' Local File Inclusion / Authentication Bypass
source: https://www.securityfocus.com/bid/23034/info LedgerSMB/SQL-Ledger are prone to a local file-include vulnerability because the application fails to sufficiently sanitize user-supplied input. SQL-Ledger is also prone to an authentication-bypass vulnerability. A successful exploit would allo...
Full Disclosure: Arbitrary execution vulnerability in SQL-Ledger and LedgerSMB
Hi; Affected versions: LedgerSMB 1.1.10 but see below, current is 1.1.11 SQL-Ledger 2.6.27 but see below. Current is 2.6.27 Effects: Arbitrary code execution both products and authentication bypass SQL-Ledger only. We have discovered yet another major security issue in both SQL-Ledger for affecte...
FreeBSD : sql-ledger -- security bypass vulnerability (8e02441d-d39c-11db-a6da-0003476f14d3)
Chris Travers reports : George Theall of Tenable Security notified the LedgerSMB core team today of an authentication bypass vulnerability allowing full access to the administrator interface of LedgerSMB 1.1 and SQL-Ledger 2.x. The problem is caused by the password checking routine failing to...
CVE-2007-1436
Unspecified vulnerability in admin.pl in SQL-Ledger before 2.6.26 and LedgerSMB before 1.1.9 allows remote attackers to bypass authentication via unknown vectors that prevents a password check from occurring...
DEBIAN-CVE-2007-1436
Unspecified vulnerability in admin.pl in SQL-Ledger before 2.6.26 and LedgerSMB before 1.1.9 allows remote attackers to bypass authentication via unknown vectors that prevents a password check from occurring...
Authentication flaw
Unspecified vulnerability in LedgerSMB before 1.1.5 and SQL-Ledger before 2.6.25 allows remote attackers to overwrite files and possibly bypass authentication, and remote authenticated users to execute unauthorized code, by calling a custom error function that returns from execution...
DEBIAN-CVE-2007-1437
Unspecified vulnerability in LedgerSMB before 1.1.5 and SQL-Ledger before 2.6.25 allows remote attackers to overwrite files and possibly bypass authentication, and remote authenticated users to execute unauthorized code, by calling a custom error function that returns from execution...
CVE-2007-1436
Unspecified vulnerability in admin.pl in SQL-Ledger before 2.6.26 and LedgerSMB before 1.1.9 allows remote attackers to bypass authentication via unknown vectors that prevents a password check from occurring...
CVE-2007-1437
Unspecified vulnerability in LedgerSMB before 1.1.5 and SQL-Ledger before 2.6.25 allows remote attackers to overwrite files and possibly bypass authentication, and remote authenticated users to execute unauthorized code, by calling a custom error function that returns from execution...
CVE-2007-1436
Unspecified vulnerability in admin.pl in SQL-Ledger before 2.6.26 and LedgerSMB before 1.1.9 allows remote attackers to bypass authentication via unknown vectors that prevents a password check from occurring...
CVE-2007-1437
Unspecified vulnerability in LedgerSMB before 1.1.5 and SQL-Ledger before 2.6.25 allows remote attackers to overwrite files and possibly bypass authentication, and remote authenticated users to execute unauthorized code, by calling a custom error function that returns from execution...
Authentication flaw
Unspecified vulnerability in admin.pl in SQL-Ledger before 2.6.26 and LedgerSMB before 1.1.9 allows remote attackers to bypass authentication via unknown vectors that prevents a password check from occurring...