Lucene search
K

653 matches found

Debian
Debian
added 2006/12/17 3:21 p.m.45 views

[SECURITY] [DSA 1239-1] New sql-ledger packages fix arbitrary code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 1239-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff December 17th, 2006 http://www.debian.org/security/faq -...

7.5CVSS8.1AI score0.05734EPSS
Exploits4
OSV
OSV
added 2006/12/17 12:0 a.m.26 views

DSA-1239-1 sql-ledger

Bulletin has no description...

7.5CVSS6AI score0.05734EPSS
Exploits4
FreeBSD
FreeBSD
added 2006/12/17 12:0 a.m.35 views

sql-ledger -- multiple vulnerabilities

The Debian security Team reports: Several remote vulnerabilities have been discovered in SQL Ledger, a web based double-entry accounting program, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: Chris Travers...

7.5AI score
Exploits0References1
seebug.org
seebug.org
added 2006/12/14 12:0 a.m.37 views

SQL-Ledger验证绕过漏洞

SQL-Ledger是一款开源的ERP系统。 SQL-Ledger验证机制实现存在错误,远程攻击者可以利用漏洞未授权访问应用程序。 SQL-Ledger使用的会话验证存在问题,当用户登录时,会检查密码信息,如果匹配users/members文件中的内容,那么就生成会话ID并在WEB浏览器上处理。验证所需只要简单在COOKIE中指定"sql-ledger-username"名和timestamp值,并且这个值匹配通过GET或POST操作传递的"sessionid"值。username是登录的用户名,timestamp是UNIX时间戳。 SQL-Ledger = 2.6.17...

7.5CVSS6.4AI score0.01811EPSS
Exploits4
exploitpack
exploitpack
added 2006/11/06 12:0 a.m.31 views

OpenEMR 2.8.1 - srcdir Multiple Remote File Inclusions

OpenEMR 2.8.1 - srcdir Multiple Remote File Inclusions \ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV60$2006 ----------------------------------------------------------------------------------------------- ECHOADV60$2006 OpenEMR =2.8.1 Multiple Remote File...

0.1AI score
Exploits0
OSV
OSV
added 2006/09/14 9:7 p.m.8 views

CVE-2006-4798

SQL-Ledger before 2.4.4 stores a password in a query string, which might allow context-dependent attackers to obtain the password via a Referer field or browser history...

6.8AI score
Exploits0References4
NVD
NVD
added 2006/09/14 9:7 p.m.15 views

CVE-2006-4798

SQL-Ledger before 2.4.4 stores a password in a query string, which might allow context-dependent attackers to obtain the password via a Referer field or browser history...

5CVSS6.5AI score0.01263EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2006/09/14 9:7 p.m.18 views

CVE-2006-4798

SQL-Ledger before 2.4.4 stores a password in a query string, which might allow context-dependent attackers to obtain the password via a Referer field or browser history...

5CVSS5.9AI score0.01263EPSS
Exploits1References1
OSV
OSV
added 2006/09/14 9:7 p.m.1 views

DEBIAN-CVE-2006-4798

SQL-Ledger before 2.4.4 stores a password in a query string, which might allow context-dependent attackers to obtain the password via a Referer field or browser history...

5CVSS7AI score0.01263EPSS
Exploits1References1
CVE
CVE
added 2006/09/14 9:0 p.m.46 views

CVE-2006-4798

SQL-Ledger before 2.4.4 stores a password in a query string, which might allow context-dependent attackers to obtain the password via a Referer field or browser history. Affected product/version: SQL-Ledger prior to 2.4.4. Underlying issue: password disclosed in URL/query string. The connected do...

5CVSS6.5AI score0.01263EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2006/09/14 9:0 p.m.21 views

CVE-2006-4798

SQL-Ledger before 2.4.4 stores a password in a query string, which might allow context-dependent attackers to obtain the password via a Referer field or browser history...

6.5AI score0.01263EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2006/09/14 9:0 p.m.19 views

CVE-2006-4798

SQL-Ledger before 2.4.4 stores a password in a query string, which might allow context-dependent attackers to obtain the password via a Referer field or browser history...

5CVSS4.6AI score0.01263EPSS
Exploits1
OSV
OSV
added 2006/09/13 12:7 a.m.7 views

CVE-2006-4731

Multiple directory traversal vulnerabilities in 1 login.pl and 2 admin.pl in a SQL-Ledger before 2.6.19 and b LedgerSMB before 1.0.0p1 allow remote attackers to execute arbitrary Perl code via an unspecified terminal parameter value containing ../ dot dot slash...

7.5AI score
Exploits0References13
NVD
NVD
added 2006/09/13 12:7 a.m.21 views

CVE-2006-4731

Multiple directory traversal vulnerabilities in 1 login.pl and 2 admin.pl in a SQL-Ledger before 2.6.19 and b LedgerSMB before 1.0.0p1 allow remote attackers to execute arbitrary Perl code via an unspecified terminal parameter value containing ../ dot dot slash...

5CVSS7.5AI score0.05734EPSS
Exploits0References11
OSV
OSV
added 2006/09/13 12:7 a.m.2 views

DEBIAN-CVE-2006-4731

Multiple directory traversal vulnerabilities in 1 login.pl and 2 admin.pl in a SQL-Ledger before 2.6.19 and b LedgerSMB before 1.0.0p1 allow remote attackers to execute arbitrary Perl code via an unspecified terminal parameter value containing ../ dot dot slash...

5CVSS8AI score0.05734EPSS
Exploits0References1
CVE
CVE
added 2006/09/13 12:0 a.m.66 views

CVE-2006-4731

CVE-2006-4731 is a directory traversal vulnerability in SQL-Ledger (before 2.6.19) and LedgerSMB (before 1.0.0p1). Remote attackers could cause arbitrary Perl code execution by supplying a terminal parameter value containing ../, as reported across multiple advisories. Related OpenVAS entries con...

5CVSS7.5AI score0.05734EPSS
Exploits0References11Affected Software2
Cvelist
Cvelist
added 2006/09/13 12:0 a.m.29 views

CVE-2006-4731

Multiple directory traversal vulnerabilities in 1 login.pl and 2 admin.pl in a SQL-Ledger before 2.6.19 and b LedgerSMB before 1.0.0p1 allow remote attackers to execute arbitrary Perl code via an unspecified terminal parameter value containing ../ dot dot slash...

7.5AI score0.05734EPSS
Exploits0References11
Packet Storm
Packet Storm
added 2006/09/13 12:0 a.m.51 views

LedgerSMB.txt

Hi all; Summary: A directory transversal issue was found in LedgerSMB 1.0.0 involving the terminal variable. This vulnerability was inherited from the SQL-Ledger codebase. Due to the fact that SQL-Ledger has a built-in text editor, this issue could result in arbitrary code execution on the server...

7.5CVSS6.4AI score0.01811EPSS
Exploits4
securityvulns
securityvulns
added 2006/09/13 12:0 a.m.57 views

LedgerSMB 1.0.0 and SQL-Ledger 2.6.18 and earler arbitrary code execution

Hi all; Summary: A directory transversal issue was found in LedgerSMB 1.0.0 involving the terminal variable. This vulnerability was inherited from the SQL-Ledger codebase. Due to the fact that SQL-Ledger has a built-in text editor, this issue could result in arbitrary code execution on the server...

7.5CVSS1.6AI score0.01811EPSS
Exploits4
Debian CVE
Debian CVE
added 2006/09/13 12:0 a.m.37 views

CVE-2006-4731

Multiple directory traversal vulnerabilities in 1 login.pl and 2 admin.pl in a SQL-Ledger before 2.6.19 and b LedgerSMB before 1.0.0p1 allow remote attackers to execute arbitrary Perl code via an unspecified terminal parameter value containing ../ dot dot slash...

5CVSS7.3AI score0.05734EPSS
Exploits0
Rows per page
Query Builder