228 matches found
sql-ledger -- multiple vulnerabilities
The Debian security Team reports: Several remote vulnerabilities have been discovered in SQL Ledger, a web based double-entry accounting program, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: Chris Travers...
SQL-Ledger验证绕过漏洞
SQL-Ledger是一款开源的ERP系统。 SQL-Ledger验证机制实现存在错误,远程攻击者可以利用漏洞未授权访问应用程序。 SQL-Ledger使用的会话验证存在问题,当用户登录时,会检查密码信息,如果匹配users/members文件中的内容,那么就生成会话ID并在WEB浏览器上处理。验证所需只要简单在COOKIE中指定"sql-ledger-username"名和timestamp值,并且这个值匹配通过GET或POST操作传递的"sessionid"值。username是登录的用户名,timestamp是UNIX时间戳。 SQL-Ledger = 2.6.17...
OpenEMR 2.8.1 - srcdir Multiple Remote File Inclusions
OpenEMR 2.8.1 - srcdir Multiple Remote File Inclusions \ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV60$2006 ----------------------------------------------------------------------------------------------- ECHOADV60$2006 OpenEMR =2.8.1 Multiple Remote File...
CVE-2006-4798
SQL-Ledger before 2.4.4 stores a password in a query string, which might allow context-dependent attackers to obtain the password via a Referer field or browser history...
CVE-2006-4798
SQL-Ledger before 2.4.4 stores a password in a query string, which might allow context-dependent attackers to obtain the password via a Referer field or browser history...
CVE-2006-4798
SQL-Ledger before 2.4.4 stores a password in a query string, which might allow context-dependent attackers to obtain the password via a Referer field or browser history...
CVE-2006-4798
SQL-Ledger before 2.4.4 stores a password in a query string, which might allow context-dependent attackers to obtain the password via a Referer field or browser history...
CVE-2006-4798
SQL-Ledger before 2.4.4 stores a password in a query string, which might allow context-dependent attackers to obtain the password via a Referer field or browser history. Affected product/version: SQL-Ledger prior to 2.4.4. Underlying issue: password disclosed in URL/query string. The connected do...
CVE-2006-4798
SQL-Ledger before 2.4.4 stores a password in a query string, which might allow context-dependent attackers to obtain the password via a Referer field or browser history...
CVE-2006-4731
Multiple directory traversal vulnerabilities in 1 login.pl and 2 admin.pl in a SQL-Ledger before 2.6.19 and b LedgerSMB before 1.0.0p1 allow remote attackers to execute arbitrary Perl code via an unspecified terminal parameter value containing ../ dot dot slash...
DEBIAN-CVE-2006-4731
Multiple directory traversal vulnerabilities in 1 login.pl and 2 admin.pl in a SQL-Ledger before 2.6.19 and b LedgerSMB before 1.0.0p1 allow remote attackers to execute arbitrary Perl code via an unspecified terminal parameter value containing ../ dot dot slash...
CVE-2006-4731
Multiple directory traversal vulnerabilities in 1 login.pl and 2 admin.pl in a SQL-Ledger before 2.6.19 and b LedgerSMB before 1.0.0p1 allow remote attackers to execute arbitrary Perl code via an unspecified terminal parameter value containing ../ dot dot slash...
CVE-2006-4731
Multiple directory traversal vulnerabilities in 1 login.pl and 2 admin.pl in a SQL-Ledger before 2.6.19 and b LedgerSMB before 1.0.0p1 allow remote attackers to execute arbitrary Perl code via an unspecified terminal parameter value containing ../ dot dot slash...
CVE-2006-4731
Multiple directory traversal vulnerabilities in 1 login.pl and 2 admin.pl in a SQL-Ledger before 2.6.19 and b LedgerSMB before 1.0.0p1 allow remote attackers to execute arbitrary Perl code via an unspecified terminal parameter value containing ../ dot dot slash...
LedgerSMB.txt
Hi all; Summary: A directory transversal issue was found in LedgerSMB 1.0.0 involving the terminal variable. This vulnerability was inherited from the SQL-Ledger codebase. Due to the fact that SQL-Ledger has a built-in text editor, this issue could result in arbitrary code execution on the server...
LedgerSMB 1.0.0 and SQL-Ledger 2.6.18 and earler arbitrary code execution
Hi all; Summary: A directory transversal issue was found in LedgerSMB 1.0.0 involving the terminal variable. This vulnerability was inherited from the SQL-Ledger codebase. Due to the fact that SQL-Ledger has a built-in text editor, this issue could result in arbitrary code execution on the server...
CVE-2006-4731
CVE-2006-4731 is a directory traversal vulnerability in SQL-Ledger (before 2.6.19) and LedgerSMB (before 1.0.0p1). Remote attackers could cause arbitrary Perl code execution by supplying a terminal parameter value containing ../, as reported across multiple advisories. Related OpenVAS entries con...
SQL-Ledger 2.6.xLedgerSMB 1.0 - Terminal Directory Traversal
SQL-Ledger 2.6.xLedgerSMB 1.0 - Terminal Directory Traversal source: https://www.securityfocus.com/bid/19960/info SQL-Ledger and LedgerSMB are prone to a remote directory-traversal vulnerability. An attacker can exploit this issue to include arbitrary files located on the vulnerable computer in t...
SQL-Ledger 2.6.x/LedgerSMB 1.0 - 'Terminal' Directory Traversal
source: https://www.securityfocus.com/bid/19960/info SQL-Ledger and LedgerSMB are prone to a remote directory-traversal vulnerability. An attacker can exploit this issue to include arbitrary files located on the vulnerable computer in the context of the webserver process. The attacker may be able...
sqlledger.txt
Hi all; I have received many requests from security professions responsible for the security of Linux distros to move the full disclosure ahead. Now that I am reasonably sure that the full scope of the problem is known and fixed in the fix that Chris Murtagh and myself put together, it has been...