3 matches found
CVE-2007-1329
Directory traversal vulnerability in SQL-Ledger, and LedgerSMB before 1.1.5, allows remote attackers to read and overwrite arbitrary files, and execute arbitrary code, via . dot characters adjacent to 1 users and 2 users/members strings, which are removed by blacklisting functions that filter the...
CVE-2007-1329
CVE-2007-1329 affects SQL-Ledger, and LedgerSMB before 1.1.5. A directory traversal flaw allows remote attackers to read/overwrite arbitrary files and execute arbitrary code by using "." characters adjacent to (1) users and (2) users/members; blacklist filtering collapses to ".." sequences. The v...
CVE-2007-1329
Directory traversal vulnerability in SQL-Ledger, and LedgerSMB before 1.1.5, allows remote attackers to read and overwrite arbitrary files, and execute arbitrary code, via . dot characters adjacent to 1 users and 2 users/members strings, which are removed by blacklisting functions that filter the...