228 matches found
CVE-2007-1437
Unspecified vulnerability in LedgerSMB before 1.1.5 and SQL-Ledger before 2.6.25 allows remote attackers to overwrite files and possibly bypass authentication, and remote authenticated users to execute unauthorized code, by calling a custom error function that returns from execution...
CVE-2007-1437
Unspecified vulnerability in LedgerSMB before 1.1.5 and SQL-Ledger before 2.6.25 allows remote attackers to overwrite files and possibly bypass authentication, and remote authenticated users to execute unauthorized code, by calling a custom error function that returns from execution...
CVE-2007-1436
CVE-2007-1436 affects LedgerSMB/SQL-Ledger and concerns an authentication bypass in the admin.pl entry point. The vulnerability allows remote attackers to bypass the password check and gain administrative access via unknown vectors. Affected software is LedgerSMB or SQL-Ledger prior to versions 1...
CVE-2007-1437
CVE-2007-1437 affects LedgerSMB prior to 1.1.5 and SQL-Ledger prior to 2.6.25. The vulnerability allows remote attackers to overwrite files and possibly bypass authentication, and remote authenticated users to execute unauthorized code by calling a custom error function that returns from executio...
CVE-2007-1436
Unspecified vulnerability in admin.pl in SQL-Ledger before 2.6.26 and LedgerSMB before 1.1.9 allows remote attackers to bypass authentication via unknown vectors that prevents a password check from occurring...
CVE-2007-1436
Unspecified vulnerability in admin.pl in SQL-Ledger before 2.6.26 and LedgerSMB before 1.1.9 allows remote attackers to bypass authentication via unknown vectors that prevents a password check from occurring...
LedgerSMB / SQL-Ledger Authentication Bypass
Binary data 3942.prm...
Security bypass vulnerability in LedgerSMB and SQL-Ledger (fixes released today)
Hi all; George Theall of Tenable Security notified the LedgerSMB core team today of an authentication bypass vulnerability allowing full access to the administrator interface of LedgerSMB 1.1 and SQL-Ledger 2.x. The problem is caused by the password checking routine failing to enforce a password...
LedgerSMB / SQL-Ledger file Parameter Multiple Vulnerabilities
The remote host is running LedgerSMB or SQL-Ledger, a web-based double-entry accounting system. The version of LedgerSMB or SQL-Ledger on the remote host fails to properly sanitize the 'file' parameter of the 'am.pl' script before using it in various template routines in the 'AM.pm' module. An...
LedgerSMB / SQL-Ledger admin.pl Admin Authentication Bypass
The remote host is running LedgerSMB or SQL-Ledger, a web-based double-entry accounting system. The version of LedgerSMB or SQL-Ledger on the remote host contains a design flaw that can be leveraged by a remote attacker to bypass authentication and gain administrative access of the application...
sql-ledger -- security bypass vulnerability
Chris Travers reports: George Theall of Tenable Security notified the LedgerSMB core team today of an authentication bypass vulnerability allowing full access to the administrator interface of LedgerSMB 1.1 and SQL-Ledger 2.x. The problem is caused by the password checking routine failing to...
Directory traversal
Directory traversal vulnerability in SQL-Ledger, and LedgerSMB before 1.1.5, allows remote attackers to read and overwrite arbitrary files, and execute arbitrary code, via . dot characters adjacent to 1 users and 2 users/members strings, which are removed by blacklisting functions that filter the...
CVE-2007-1329
Directory traversal vulnerability in SQL-Ledger, and LedgerSMB before 1.1.5, allows remote attackers to read and overwrite arbitrary files, and execute arbitrary code, via . dot characters adjacent to 1 users and 2 users/members strings, which are removed by blacklisting functions that filter the...
UBUNTU-CVE-2007-1329
Directory traversal vulnerability in SQL-Ledger, and LedgerSMB before 1.1.5, allows remote attackers to read and overwrite arbitrary files, and execute arbitrary code, via . dot characters adjacent to 1 users and 2 users/members strings, which are removed by blacklisting functions that filter the...
CVE-2007-1329
Directory traversal vulnerability in SQL-Ledger, and LedgerSMB before 1.1.5, allows remote attackers to read and overwrite arbitrary files, and execute arbitrary code, via . dot characters adjacent to 1 users and 2 users/members strings, which are removed by blacklisting functions that filter the...
CVE-2007-1329
Directory traversal vulnerability in SQL-Ledger, and LedgerSMB before 1.1.5, allows remote attackers to read and overwrite arbitrary files, and execute arbitrary code, via . dot characters adjacent to 1 users and 2 users/members strings, which are removed by blacklisting functions that filter the...
CVE-2007-1329
Directory traversal vulnerability in SQL-Ledger, and LedgerSMB before 1.1.5, allows remote attackers to read and overwrite arbitrary files, and execute arbitrary code, via . dot characters adjacent to 1 users and 2 users/members strings, which are removed by blacklisting functions that filter the...
CVE-2007-1329
Directory traversal vulnerability in SQL-Ledger, and LedgerSMB before 1.1.5, allows remote attackers to read and overwrite arbitrary files, and execute arbitrary code, via . dot characters adjacent to 1 users and 2 users/members strings, which are removed by blacklisting functions that filter the...
CVE-2007-1329
CVE-2007-1329 affects SQL-Ledger, and LedgerSMB before 1.1.5. A directory traversal flaw allows remote attackers to read/overwrite arbitrary files and execute arbitrary code by using "." characters adjacent to (1) users and (2) users/members; blacklist filtering collapses to ".." sequences. The v...
Design/Logic Flaw
The redirect function in Form.pm for 1 LedgerSMB before 1.1.5 and 2 SQL-Ledger allows remote authenticated users to execute arbitrary code via redirects, related to callbacks, a different issue than CVE-2006-5872...