Lucene search
K

6 matches found

OpenVAS
OpenVAS
added 2008/09/04 12:0 a.m.28 views

FreeBSD Ports: sql-ledger

The remote host is missing an update to the system as announced in the referenced advisory. VID 0679deeb-8eaf-11db-abc9-0003476f14d3 OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

7.5CVSS6.3AI score0.05734EPSS
Exploits4
OpenVAS
OpenVAS
added 2008/09/04 12:0 a.m.17 views

FreeBSD Ports: sql-ledger

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

7.5CVSS6.6AI score0.05734EPSS
Exploits4References2
Tenable Nessus
Tenable Nessus
added 2006/12/18 12:0 a.m.40 views

Debian DSA-1239-1 : sql-ledger - several vulnerabilities

Several remote vulnerabilities have been discovered in SQL Ledger, a web-based double-entry accounting program, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-4244 Chris Travers discovered that the...

7.5CVSS6.3AI score0.05734EPSS
Exploits4References8
Debian
Debian
added 2006/12/17 3:21 p.m.24 views

[SECURITY] [DSA 1239-1] New sql-ledger packages fix arbitrary code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 1239-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff December 17th, 2006 http://www.debian.org/security/faq -...

7.5CVSS8.1AI score0.05734EPSS
Exploits4
seebug.org
seebug.org
added 2006/12/14 12:0 a.m.36 views

SQL-Ledger验证绕过漏洞

SQL-Ledger是一款开源的ERP系统。 SQL-Ledger验证机制实现存在错误,远程攻击者可以利用漏洞未授权访问应用程序。 SQL-Ledger使用的会话验证存在问题,当用户登录时,会检查密码信息,如果匹配users/members文件中的内容,那么就生成会话ID并在WEB浏览器上处理。验证所需只要简单在COOKIE中指定"sql-ledger-username"名和timestamp值,并且这个值匹配通过GET或POST操作传递的"sessionid"值。username是登录的用户名,timestamp是UNIX时间戳。 SQL-Ledger = 2.6.17...

7.5CVSS6.4AI score0.01811EPSS
Exploits4
CVE
CVE
added 2006/08/31 1:0 a.m.67 views

CVE-2006-4244

CVE-2006-4244 affects SQL-Ledger versions 2.4.4 through 2.6.17, where authentication relies on a cookie value (sql-ledger-[username]) matching the sessionid parameter. An attacker can gain access as any logged-in user by setting the cookie and sessionid to the same value. Connected advisories con...

7.5CVSS6.5AI score0.01811EPSS
Exploits4References7Affected Software1
Rows per page
Query Builder