6 matches found
FreeBSD Ports: sql-ledger
The remote host is missing an update to the system as announced in the referenced advisory. VID 0679deeb-8eaf-11db-abc9-0003476f14d3 OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...
FreeBSD Ports: sql-ledger
The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
Debian DSA-1239-1 : sql-ledger - several vulnerabilities
Several remote vulnerabilities have been discovered in SQL Ledger, a web-based double-entry accounting program, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-4244 Chris Travers discovered that the...
[SECURITY] [DSA 1239-1] New sql-ledger packages fix arbitrary code execution
-------------------------------------------------------------------------- Debian Security Advisory DSA 1239-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff December 17th, 2006 http://www.debian.org/security/faq -...
SQL-Ledger验证绕过漏洞
SQL-Ledger是一款开源的ERP系统。 SQL-Ledger验证机制实现存在错误,远程攻击者可以利用漏洞未授权访问应用程序。 SQL-Ledger使用的会话验证存在问题,当用户登录时,会检查密码信息,如果匹配users/members文件中的内容,那么就生成会话ID并在WEB浏览器上处理。验证所需只要简单在COOKIE中指定"sql-ledger-username"名和timestamp值,并且这个值匹配通过GET或POST操作传递的"sessionid"值。username是登录的用户名,timestamp是UNIX时间戳。 SQL-Ledger = 2.6.17...
CVE-2006-4244
CVE-2006-4244 affects SQL-Ledger versions 2.4.4 through 2.6.17, where authentication relies on a cookie value (sql-ledger-[username]) matching the sessionid parameter. An attacker can gain access as any logged-in user by setting the cookie and sessionid to the same value. Connected advisories con...