7 matches found
Full Disclosure: Arbitrary Code Execution in LedgerSMB CVE-2006-5872
CVE-2006-5872 filed against SQL-Ledger also affects LedgerSMB. This was first fixed in LedgerSMB 1.1.5 but due to a number of unrelated bugs, we recommend upgrading to 1.1.7. SQL-Ledger fixed the problem in 2.6.21. This occurs due to the improper handling of input handling in the redirect functio...
CVE-2006-5872
login.pl in SQL-Ledger before 2.6.21 and LedgerSMB before 1.1.5 allows remote attackers to execute arbitrary Perl code via the "-e" flag in the script parameter, which is used as an argument to the perl program...
CVE-2006-5872
login.pl in SQL-Ledger before 2.6.21 and LedgerSMB before 1.1.5 allows remote attackers to execute arbitrary Perl code via the "-e" flag in the script parameter, which is used as an argument to the perl program...
CVE-2006-5872
login.pl in SQL-Ledger before 2.6.21 and LedgerSMB before 1.1.5 allows remote attackers to execute arbitrary Perl code via the "-e" flag in the script parameter, which is used as an argument to the perl program...
CVE-2006-5872
SQL-Ledger before 2.6.21 and LedgerSMB before 1.1.5 are affected by an input sanitising vulnerability that allows remote attackers to execute arbitrary Perl code via the -e flag in the script parameter. This mirrors the CVE-2006-5872 issue described in the Debian advisory (DSA-1239-1) and OpenVAS...
Debian DSA-1239-1 : sql-ledger - several vulnerabilities
Several remote vulnerabilities have been discovered in SQL Ledger, a web-based double-entry accounting program, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-4244 Chris Travers discovered that the...
[SECURITY] [DSA 1239-1] New sql-ledger packages fix arbitrary code execution
-------------------------------------------------------------------------- Debian Security Advisory DSA 1239-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff December 17th, 2006 http://www.debian.org/security/faq -...