Linux Distros Unpatched Vulnerability : CVE-2024-23831

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - LedgerSMB is a free web-based double-entry accounting system. When a LedgerSMB database administrator has an active session in /setup.pl, an attacker can trick...

Linux Distros Unpatched Vulnerability : CVE-2018-9246

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in LedgerSMB through 1.5.x, insufficiently sanitizes or escapes variable values used as part...

Linux Distros Unpatched Vulnerability : CVE-2007-0667

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The redirect function in Form.pm for 1 LedgerSMB before 1.1.5 and 2 SQL-Ledger allows remote authenticated users to execute arbitrary code via redirects, relate...

Linux Distros Unpatched Vulnerability : CVE-2007-1329

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Directory traversal vulnerability in SQL-Ledger, and LedgerSMB before 1.1.5, allows remote attackers to read and overwrite arbitrary files, and execute arbitrar...

Linux Distros Unpatched Vulnerability : CVE-2007-1923

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - 1 LedgerSMB and 2 DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access...

DEBIAN-CVE-2024-23831

LedgerSMB is a free web-based double-entry accounting system. When a LedgerSMB database administrator has an active session in /setup.pl, an attacker can trick the admin into clicking on a link which automatically submits a request to setup.pl without the admin's consent. This request can be used...

The vulnerability of the Enterprise Resource Planning tool LedgerSMB lies in the absence of the “Secure” attribute being set in the authentication cookie files. This allows attackers to obtain authentication data.

The vulnerability of the enterprise resource planning tool LedgerSMB lies in the absence of the “Secure” attribute being set in the session cookie files during authentication. Exploiting this vulnerability could allow an attacker, operating remotely, to obtain authentication data by intercepting...

UBUNTU-CVE-2021-3694

LedgerSMB does not sufficiently HTML-encode error messages sent to the browser. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure...

UBUNTU-CVE-2021-3693

LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure...

LedgerSMB 跨站脚本漏洞

LedgerSMB is a free web-based double-entry bookkeeping system with quoting, ordering, invoicing, projects, time cards, inventory management, shipping, etc. A cross-site scripting vulnerability exists in LedgerSMB, which stems from the application's failure to check the origin of HTML fragments...

UBUNTU-CVE-2018-9246

The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in LedgerSMB through 1.5.x, insufficiently sanitizes or escapes variable values used as part of shell command execution, resulting in shell code injection via the create, runfile, backup, or restore function. The vulnerability...

PGObject::Util::DBAdmin shell code injection vulnerability

LedgerSMB is an open source ERP, financial management system written and maintained by software developer Dieter Simader. The system is a branch of SQL-Ledger financial management software.PGObject::Util::DBAdmin is one of the modules used to manage PGObject. A security vulnerability exists in...

DEBIAN-CVE-2008-4077

The CGI scripts in 1 LedgerSMB LSMB before 1.2.15 and 2 SQL-Ledger 2.8.17 and earlier allow remote attackers to cause a denial of service resource exhaustion via an HTTP POST request with a large Content-Length...

UBUNTU-CVE-2007-1923

1 LedgerSMB and 2 DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direct requests. The LedgerSMB affected versions are before 1.3.0...

PT-2007-3268 · Dws Systems +2 · Sql-Ledger +2

Name of the Vulnerable Software and Affected Versions: LedgerSMB versions prior to 1.3.0 DWS Systems SQL-Ledger affected versions not specified Description: The issue allows remote attackers to access restricted functionality via direct requests, as access control lists are implemented by changin...

DEBIAN-CVE-2007-0667

The redirect function in Form.pm for 1 LedgerSMB before 1.1.5 and 2 SQL-Ledger allows remote authenticated users to execute arbitrary code via redirects, related to callbacks, a different issue than CVE-2006-5872...

DEBIAN-CVE-2006-4731

Multiple directory traversal vulnerabilities in 1 login.pl and 2 admin.pl in a SQL-Ledger before 2.6.19 and b LedgerSMB before 1.0.0p1 allow remote attackers to execute arbitrary Perl code via an unspecified terminal parameter value containing ../ dot dot slash...