Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Tenable Nessus
Tenable Nessusadded 2025/08/24 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2009-3580

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cross-site request forgery CSRF vulnerability in am.pl in SQL-Ledger 2.8.24 allows remote attackers to hijack the authentication of arbitrary users for requests...

6.8CVSS5.8AI score0.00126EPSS
Exploits1References3
OSV
OSVadded 2009/12/23 6:30 p.m.2 views

DEBIAN-CVE-2009-3580

Cross-site request forgery CSRF vulnerability in am.pl in SQL-Ledger 2.8.24 allows remote attackers to hijack the authentication of arbitrary users for requests that change a password via the login, newpassword, and confirmpassword parameters in a preferences action...

6.8CVSS7.5AI score0.00126EPSS
Exploits1References1
OSV
OSVadded 2009/12/23 6:30 p.m.1 views

UBUNTU-CVE-2009-3580

Cross-site request forgery CSRF vulnerability in am.pl in SQL-Ledger 2.8.24 allows remote attackers to hijack the authentication of arbitrary users for requests that change a password via the login, newpassword, and confirmpassword parameters in a preferences action...

6.8CVSS5.9AI score0.00126EPSS
Exploits1References2
seebug.org
seebug.orgadded 2007/03/21 12:0 a.m.20 views

LedgerSMB/SQL-Ledger login本地文件包含和验证绕过漏洞

SQL-Ledger/LedgerSMB是开源的ERP系统。 SQL-Ledger/LedgerSMB不正确过滤用户提交的输入,远程攻击者可以利用漏洞以WEB权限查看系统文件内容。 问题是'am.pl'脚本对用户提交的'login'参数缺少过滤,提交恶意脚本代码作为参数数据,并诱使用户访问,可导致获得目标用户敏感信息。 SQL-Ledger SQL-Ledger 2.6.26 SQL-Ledger SQL-Ledger 2.6.25 SQL-Ledger SQL-Ledger 2.6.21 SQL-Ledger SQL-Ledger 2.6.19 SQL-Ledger SQL-Ledge...

7.1AI score
Exploits0
OSV
OSVadded 2007/03/20 10:19 p.m.3 views

DEBIAN-CVE-2007-1540

Directory traversal vulnerability in am.pl in 1 SQL-Ledger 2.6.27 and earlier, and 2 LedgerSMB before 1.2.0, allows remote attackers to run arbitrary executables and bypass authentication via a .. dot dot sequence and trailing NULL %00 in the login parameter. NOTE: this issue was reportedly...

4.3CVSS7.1AI score0.08245EPSS
Exploits0References1
UbuntuCve
UbuntuCveadded 2007/03/20 10:19 p.m.18 views

CVE-2007-1540

Directory traversal vulnerability in am.pl in 1 SQL-Ledger 2.6.27 and earlier, and 2 LedgerSMB before 1.2.0, allows remote attackers to run arbitrary executables and bypass authentication via a .. dot dot sequence and trailing NULL %00 in the login parameter. NOTE: this issue was reportedly...

4.3CVSS6AI score0.08245EPSS
Exploits0References1
CVE
CVEadded 2007/03/20 10:0 p.m.46 views

CVE-2007-1540

CVE-2007-1540: Directory traversal in am.pl affects SQL-Ledger 2.6.27 and earlier and LedgerSMB before 1.2.0. The login parameter can be manipulated with a .. sequence and trailing NULL (%00) to run arbitrary executables and bypass authentication. The issue was reportedly addressed in SQL-Ledger ...

4.3CVSS7AI score0.08245EPSS
Exploits0References9Affected Software2
Rows per page
Query Builder