228 matches found
CVE-2009-3584
CVE-2009-3584 involves SQL-Ledger 2.8.24 where the session cookie’s secure flag is not set in HTTPS, enabling potential cookie interception in HTTP sessions. The available connected sources confirm the affected product (SQL-Ledger 2.8.24) and the vulnerability class (cookie security flag misconfi...
CVE-2009-3581
Multiple cross-site scripting XSS vulnerabilities in SQL-Ledger 2.8.24 allow remote authenticated users to inject arbitrary web script or HTML via 1 the DCN Description field in the Accounts Receivables menu item for Add Transaction, 2 the Description field in the Accounts Payable menu item for A...
CVE-2009-3583
Directory traversal vulnerability in the Preferences menu item in SQL-Ledger 2.8.24 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the countrycode field...
CVE-2009-3583
Directory traversal vulnerability in the Preferences menu item in SQL-Ledger 2.8.24 allows remote attackers to include and execute arbitrary local files via a .. dot dot in the countrycode field...
CVE-2009-3581
Multiple cross-site scripting XSS vulnerabilities in SQL-Ledger 2.8.24 allow remote authenticated users to inject arbitrary web script or HTML via 1 the DCN Description field in the Accounts Receivables menu item for Add Transaction, 2 the Description field in the Accounts Payable menu item for A...
CVE-2009-3584
SQL-Ledger 2.8.24 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...
CVE-2009-4402
The default configuration of SQL-Ledger 2.8.24 allows remote attackers to perform unspecified administrative operations by providing an arbitrary password to the admin interface...
CVE-2009-4402
The default configuration of SQL-Ledger 2.8.24 allows remote attackers to perform unspecified administrative operations by providing an arbitrary password to the admin interface...
CVE-2009-3583
CVE-2009-3583 describes a directory traversal vulnerability in SQL-Ledger 2.8.24. The flaw resides in the Preferences menu item where an attacker can cause local files to be included and executed by supplying a .. (dot dot) sequence in the countrycode field. Public references consistently state t...
SQL-Ledger 'admin.pl' Empty Credentials
The remote web server is hosting SQL-Ledger, a web-based double-entry accounting system. The installed version does not require credentials to access the administrator interface. Note that the installed version is potentially affected by several other vulnerabilities, though Nessus has not tested...
SQL-Ledger – several vulnerabilities
============================================ ||| Security Advisory AKLINK-SA-2009-001 ||| ||| CVE-2009-3580 CVE candidate ||| ||| CVE-2009-3581 CVE candidate ||| ||| CVE-2009-3582 CVE candidate ||| ||| CVE-2009-3583 CVE candidate ||| ||| CVE-2009-3584 CVE candidate |||...
SQL-Ledger XSS / XSRF / SQL Injection / LFI
============================================ ||| Security Advisory AKLINK-SA-2009-001 ||| ||| CVE-2009-3580 CVE candidate ||| ||| CVE-2009-3581 CVE candidate ||| ||| CVE-2009-3582 CVE candidate ||| ||| CVE-2009-3583 CVE candidate ||| ||| CVE-2009-3584 CVE candidate |||...
CVE-2008-4078
SQL injection vulnerability in the AR/AP transaction report in 1 LedgerSMB LSMB before 1.2.15 and 2 SQL-Ledger 2.8.17 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...
CVE-2008-4077
The CGI scripts in 1 LedgerSMB LSMB before 1.2.15 and 2 SQL-Ledger 2.8.17 and earlier allow remote attackers to cause a denial of service resource exhaustion via an HTTP POST request with a large Content-Length...
CVE-2008-4078
SQL injection vulnerability in the AR/AP transaction report in 1 LedgerSMB LSMB before 1.2.15 and 2 SQL-Ledger 2.8.17 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...
DEBIAN-CVE-2008-4078
SQL injection vulnerability in the AR/AP transaction report in 1 LedgerSMB LSMB before 1.2.15 and 2 SQL-Ledger 2.8.17 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...
CVE-2008-4077
The CGI scripts in 1 LedgerSMB LSMB before 1.2.15 and 2 SQL-Ledger 2.8.17 and earlier allow remote attackers to cause a denial of service resource exhaustion via an HTTP POST request with a large Content-Length...
DEBIAN-CVE-2008-4077
The CGI scripts in 1 LedgerSMB LSMB before 1.2.15 and 2 SQL-Ledger 2.8.17 and earlier allow remote attackers to cause a denial of service resource exhaustion via an HTTP POST request with a large Content-Length...
Code injection
The CGI scripts in 1 LedgerSMB LSMB before 1.2.15 and 2 SQL-Ledger 2.8.17 and earlier allow remote attackers to cause a denial of service resource exhaustion via an HTTP POST request with a large Content-Length...
Sql injection
SQL injection vulnerability in the AR/AP transaction report in 1 LedgerSMB LSMB before 1.2.15 and 2 SQL-Ledger 2.8.17 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...