228 matches found
DEBIAN-CVE-2009-3582
Multiple SQL injection vulnerabilities in the delete subroutine in SQL-Ledger 2.8.24 allow remote authenticated users to execute arbitrary SQL commands via the 1 id and possibly 2 db parameters in a Delete action to the output of a VendorsReportsSearch search operation...
CVE-2009-3581
Multiple cross-site scripting XSS vulnerabilities in SQL-Ledger 2.8.24 allow remote authenticated users to inject arbitrary web script or HTML via 1 the DCN Description field in the Accounts Receivables menu item for Add Transaction, 2 the Description field in the Accounts Payable menu item for A...
Directory traversal
Directory traversal vulnerability in the Preferences menu item in SQL-Ledger 2.8.24 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the countrycode field...
CVE-2009-3580
Cross-site request forgery CSRF vulnerability in am.pl in SQL-Ledger 2.8.24 allows remote attackers to hijack the authentication of arbitrary users for requests that change a password via the login, newpassword, and confirmpassword parameters in a preferences action...
CVE-2009-3580
Cross-site request forgery CSRF vulnerability in am.pl in SQL-Ledger 2.8.24 allows remote attackers to hijack the authentication of arbitrary users for requests that change a password via the login, newpassword, and confirmpassword parameters in a preferences action...
CVE-2009-3584
SQL-Ledger 2.8.24 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in SQL-Ledger 2.8.24 allow remote authenticated users to inject arbitrary web script or HTML via 1 the DCN Description field in the Accounts Receivables menu item for Add Transaction, 2 the Description field in the Accounts Payable menu item for A...
DEBIAN-CVE-2009-4402
The default configuration of SQL-Ledger 2.8.24 allows remote attackers to perform unspecified administrative operations by providing an arbitrary password to the admin interface...
CVE-2009-3583
Directory traversal vulnerability in the Preferences menu item in SQL-Ledger 2.8.24 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the countrycode field...
DEBIAN-CVE-2009-3583
Directory traversal vulnerability in the Preferences menu item in SQL-Ledger 2.8.24 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the countrycode field...
CVE-2009-3584
SQL-Ledger 2.8.24 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...
UBUNTU-CVE-2009-3580
Cross-site request forgery CSRF vulnerability in am.pl in SQL-Ledger 2.8.24 allows remote attackers to hijack the authentication of arbitrary users for requests that change a password via the login, newpassword, and confirmpassword parameters in a preferences action...
CVE-2009-3580
Cross-site request forgery CSRF vulnerability in am.pl in SQL-Ledger 2.8.24 allows remote attackers to hijack the authentication of arbitrary users for requests that change a password via the login, newpassword, and confirmpassword parameters in a preferences action...
CVE-2009-3584
SQL-Ledger 2.8.24 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...
CVE-2009-3580
Cross-site request forgery CSRF vulnerability in am.pl in SQL-Ledger 2.8.24 allows remote attackers to hijack the authentication of arbitrary users for requests that change a password via the login, newpassword, and confirmpassword parameters in a preferences action...
CVE-2009-3582
Multiple SQL injection vulnerabilities in the delete subroutine in SQL-Ledger 2.8.24 allow remote authenticated users to execute arbitrary SQL commands via the 1 id and possibly 2 db parameters in a Delete action to the output of a VendorsReportsSearch search operation...
CVE-2009-4402
CVE-2009-4402 affects SQL-Ledger 2.8.24, where default configuration allows remote attackers to perform unspecified administrative operations by supplying an arbitrary password to the admin interface. This is supported by multiple sources in the connected set (NVD/NASL/OpenVAS), all describing th...
CVE-2009-3580
CVE-2009-3580 is a CSRF vulnerability in SQL-Ledger 2.8.24 specifically in the am.pl script. An attacker can trigger requests that change a user’s password by exploiting the login, new_password, and confirm_password parameters in a preferences action, potentially hijacking an arbitrary user’s ses...
CVE-2009-3581
SQL-Ledger 2.8.24 is affected by multiple cross-site scripting (XSS) vulnerabilities described under CVE-2009-3581. The flaws enable remote authenticated users to inject arbitrary web script or HTML via specific fields: (1) DCN Description in Accounts Receivables Add Transaction, (2) Description ...
CVE-2009-3582
SQL-Ledger 2.8.24 contains multiple SQL injection vulnerabilities in the delete subroutine. Remote authenticated users can execute arbitrary SQL commands via the id and possibly db parameters in a Delete action to the Vendors>Reports>Search output. Affected component: SQL-Ledger code path h...