13 matches found
EUVD-2007-5350
Malware in sbrugna...
SQL-Ledger XSS / XSRF / SQL Injection / LFI
============================================ ||| Security Advisory AKLINK-SA-2009-001 ||| ||| CVE-2009-3580 CVE candidate ||| ||| CVE-2009-3581 CVE candidate ||| ||| CVE-2009-3582 CVE candidate ||| ||| CVE-2009-3583 CVE candidate ||| ||| CVE-2009-3584 CVE candidate |||...
CVE-2007-5372
Multiple SQL injection vulnerabilities in a LedgerSMB 1.0.0 through 1.2.7 and b DWS Systems SQL-Ledger 2.x allow remote attackers to execute arbitrary SQL commands via 1 the invoice quantity field or 2 the sort field...
Sql injection
Multiple SQL injection vulnerabilities in a LedgerSMB 1.0.0 through 1.2.7 and b DWS Systems SQL-Ledger 2.x allow remote attackers to execute arbitrary SQL commands via 1 the invoice quantity field or 2 the sort field...
CVE-2007-5372
Multiple SQL injection vulnerabilities in a LedgerSMB 1.0.0 through 1.2.7 and b DWS Systems SQL-Ledger 2.x allow remote attackers to execute arbitrary SQL commands via 1 the invoice quantity field or 2 the sort field...
CVE-2007-5372
The CVE-2007-5372 entry documents multiple SQL injection vulnerabilities in LedgerSMB (1.0.0–1.2.7) and DWS Systems SQL-Ledger (2.x), allowing remote attackers to execute arbitrary SQL commands via (1) the invoice quantity field or (2) the sort field. Affected components and exact root cause are ...
CVE-2007-5372
Multiple SQL injection vulnerabilities in a LedgerSMB 1.0.0 through 1.2.7 and b DWS Systems SQL-Ledger 2.x allow remote attackers to execute arbitrary SQL commands via 1 the invoice quantity field or 2 the sort field...
CVE-2007-5372
Multiple SQL injection vulnerabilities in a LedgerSMB 1.0.0 through 1.2.7 and b DWS Systems SQL-Ledger 2.x allow remote attackers to execute arbitrary SQL commands via 1 the invoice quantity field or 2 the sort field...
Improper access control
1 LedgerSMB and 2 DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direct requests. The LedgerSMB affected versions are before 1.3.0...
CVE-2007-1923
1 LedgerSMB and 2 DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direct requests. The LedgerSMB affected versions are before 1.3.0...
CVE-2007-1923
LedgerSMB and DWS Systems SQL-Ledger are affected by CVE-2007-1923 due to access-control weaknesses that let remote attackers access restricted functionality by directly requesting URLs. Affected LedgerSMB versions are prior to 1.3.0; PT-2007-3268 recommends upgrading LedgerSMB to 1.3.0 or later....
CVE-2007-1923
1 LedgerSMB and 2 DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direct requests. The LedgerSMB affected versions are before 1.3.0...
CVE-2007-1923
1 LedgerSMB and 2 DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direct requests. The LedgerSMB affected versions are before 1.3.0...