228 matches found
Linux Distros Unpatched Vulnerability : CVE-2008-4078
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SQL injection vulnerability in the AR/AP transaction report in 1 LedgerSMB LSMB before 1.2.15 and 2 SQL-Ledger 2.8.17 and earlier allows remote authenticated...
Linux Distros Unpatched Vulnerability : CVE-2009-3581
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple cross-site scripting XSS vulnerabilities in SQL-Ledger 2.8.24 allow remote authenticated users to inject arbitrary web script or HTML via 1 the DCN...
Linux Distros Unpatched Vulnerability : CVE-2009-3580
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cross-site request forgery CSRF vulnerability in am.pl in SQL-Ledger 2.8.24 allows remote attackers to hijack the authentication of arbitrary users for requests...
Linux Distros Unpatched Vulnerability : CVE-2007-1923
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - 1 LedgerSMB and 2 DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access...
Linux Distros Unpatched Vulnerability : CVE-2007-5372
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple SQL injection vulnerabilities in a LedgerSMB 1.0.0 through 1.2.7 and b DWS Systems SQL-Ledger 2.x allow remote attackers to execute arbitrary SQL...
SQL-Ledger 2.6.x/LedgerSMB 1.0 Terminal Parameter Directory Traversal Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/19960/info SQL-Ledger and LedgerSMB are prone to a remote directory-traversal vulnerability. An attacker can exploit this issue to include arbitrary files located on the vulnerable computer in the context of the webserver...
SQL-Ledger <= 2.8.33 Post-authentication Local File Include/Edit Vulnerability
No description provided by source. Exploit Title: SQL-Ledger = 2.8.33 Post-authentication Local File Include/Edit Vulnerability Google Dork: inurl:/sql-ledger/login.pl Date: April 15, 2011 Author: bitform Software Link: http://www.sql-ledger.com/source/sql-ledger-2.8.33.tar.gz Version: 2.8.33...
LedgerSMB1.0/1.1,SQL-Ledger 2.6.x Login Parameter Local File Include And Authentication Bypass Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/23034/info LedgerSMB/SQL-Ledger are prone to a local file-include vulnerability because the application fails to sufficiently sanitize user-supplied input. SQL-Ledger is also prone to an authentication-bypass vulnerabilit...
Full disclosure for SA45649, SQL Injection in LedgerSMB and SQL-Ledger
Affects versions: SQL-Ledger 2.8.33 and lower LedgerSMB 1.2.24 and lower. Both programs have vendor fixes available in the form of new, patched versions. These have been out for over a week with appropriate advisories, with users having time to upgrade. Files affected: LedgerSMB/RP.pm for LedgerS...
SQL-Ledger patch update for SQL injection
Hi all; We have been informed that SQL-Ledger 2.8.34 has in fact been released patching the security hole previously reported in LedgerSMB 1.2.24 and Lower. This is an SQL injection issue. I haven't been been able to find a CVE listing for this yet. Secunia has assigned this the id of SA45649 for...
Security advisory: SQL Injection in LedgerSMB 1.2.24 and lower
Hi all; The LedgerSMB development team has found an SQL injection issue in LedgerSMB 1.2.24. Because this issue stems from our common SQL-Ledger heritage, it affects all versions of LedgerSMB and has been confirmed in SQL-Ledger 2.8.33. We contacted Dieter when we initially discovered this and no...
SQL-Ledger SQL Injection Vulnerability
LedgerSMB and SQL-Ledger are prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are...
SQL-Ledger SQL Injection Vulnerability
LedgerSMB and SQL-Ledger are prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent...
SQL-Ledger <= 2.8.33 Post-authentication LFI/Edit Vulnerability
Exploit for php platform in category web applications Exploit Title: SQL-Ledger = 2.8.33 Post-authentication Local File Include/Edit Vulnerability Google Dork: inurl:/sql-ledger/login.pl Date: April 15, 2011 Author: bitform Software Link: http://www.sql-ledger.com/source/sql-ledger-2.8.33.tar.gz...
SQL-Ledger 2.8.33 - (Authenticated) Local File Inclusion / Edit
Exploit Title: SQL-Ledger = 2.8.33 Post-authentication Local File Include/Edit Vulnerability Google Dork: inurl:/sql-ledger/login.pl Date: April 15, 2011 Author: bitform Software Link: http://www.sql-ledger.com/source/sql-ledger-2.8.33.tar.gz Version: 2.8.33 Tested on: Ubuntu Server 10.04 CVE :...
SQL-Ledger 2.8.33 Local File Inclusion
Exploit Title: SQL-Ledger = 2.8.33 Post-authentication Local File Include/Edit Vulnerability Google Dork: inurl:/sql-ledger/login.pl Date: April 15, 2011 Author: bitform Software Link: http://www.sql-ledger.com/source/sql-ledger-2.8.33.tar.gz Version: 2.8.33 Tested on: Ubuntu Server 10.04 CVE :...
SQL-Ledger Multiple Vulnerabilities
This host is running SQL-Ledger and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: secpodsqlledgermultvuln.nasl 5122 2017-01-27 12:16:00Z teissa $ SQL-Ledger Multiple Vulnerabilities Authors: Sharath S Copyright: Copyright c 2009 SecPod, http://www.secpod.com This program i...
SQL-Ledger Version Detection
This script detects the installed SQL-Ledger version. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SQL-Ledger Multiple Vulnerabilities
SQL-Ledger is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SQL-Ledger ERP多个输入验证和绕过安全限制漏洞
BUGTRAQ ID: 37431 CVECAN ID: CVE-2009-3581,CVE-2009-3582,CVE-2009-3583,CVE-2009-3584 SQL-Ledger ERP是一个企业财务和ERP系统。 SQL-Ledger中的多个安全漏洞允许攻击者执行跨站请求伪造、跨站脚本或SQL注入攻击,或绕过某些安全限制。 1 SQL-Ledger没有执行任何有效性检查便允许用户通过HTTP请求执行某些操作。 2 由于没有正确地过滤提交给Accounts Receivables的客户名称、厂商名称和DCN描述字段,以及提交给Accounts...