Lucene search
K

7 matches found

securityvulns
securityvulns
added 2007/01/28 12:0 a.m.67 views

Full Disclosure: Arbitrary Code Execution in LedgerSMB CVE-2006-5872

CVE-2006-5872 filed against SQL-Ledger also affects LedgerSMB. This was first fixed in LedgerSMB 1.1.5 but due to a number of unrelated bugs, we recommend upgrading to 1.1.7. SQL-Ledger fixed the problem in 2.6.21. This occurs due to the improper handling of input handling in the redirect functio...

7.5CVSS0.9AI score0.01702EPSS
Exploits0
NVD
NVD
added 2006/12/18 12:28 a.m.31 views

CVE-2006-5872

login.pl in SQL-Ledger before 2.6.21 and LedgerSMB before 1.1.5 allows remote attackers to execute arbitrary Perl code via the "-e" flag in the script parameter, which is used as an argument to the perl program...

7.5CVSS7.2AI score0.01702EPSS
Exploits0References8
OSV
OSV
added 2006/12/18 12:28 a.m.8 views

CVE-2006-5872

login.pl in SQL-Ledger before 2.6.21 and LedgerSMB before 1.1.5 allows remote attackers to execute arbitrary Perl code via the "-e" flag in the script parameter, which is used as an argument to the perl program...

7.3AI score
Exploits0References9
Debian CVE
Debian CVE
added 2006/12/18 12:0 a.m.22 views

CVE-2006-5872

login.pl in SQL-Ledger before 2.6.21 and LedgerSMB before 1.1.5 allows remote attackers to execute arbitrary Perl code via the "-e" flag in the script parameter, which is used as an argument to the perl program...

7.5CVSS6.8AI score0.01702EPSS
Exploits0
CVE
CVE
added 2006/12/18 12:0 a.m.63 views

CVE-2006-5872

SQL-Ledger before 2.6.21 and LedgerSMB before 1.1.5 are affected by an input sanitising vulnerability that allows remote attackers to execute arbitrary Perl code via the -e flag in the script parameter. This mirrors the CVE-2006-5872 issue described in the Debian advisory (DSA-1239-1) and OpenVAS...

7.5CVSS7.2AI score0.01702EPSS
Exploits0References8Affected Software1
Tenable Nessus
Tenable Nessus
added 2006/12/18 12:0 a.m.40 views

Debian DSA-1239-1 : sql-ledger - several vulnerabilities

Several remote vulnerabilities have been discovered in SQL Ledger, a web-based double-entry accounting program, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2006-4244 Chris Travers discovered that the...

7.5CVSS6.3AI score0.05734EPSS
Exploits4References8
Debian
Debian
added 2006/12/17 3:21 p.m.24 views

[SECURITY] [DSA 1239-1] New sql-ledger packages fix arbitrary code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 1239-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff December 17th, 2006 http://www.debian.org/security/faq -...

7.5CVSS8.1AI score0.05734EPSS
Exploits4
Rows per page
Query Builder