653 matches found
[SECURITY] [DSA 1239-1] New sql-ledger packages fix arbitrary code execution
-------------------------------------------------------------------------- Debian Security Advisory DSA 1239-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff December 17th, 2006 http://www.debian.org/security/faq -...
DSA-1239-1 sql-ledger
Bulletin has no description...
sql-ledger -- multiple vulnerabilities
The Debian security Team reports: Several remote vulnerabilities have been discovered in SQL Ledger, a web based double-entry accounting program, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: Chris Travers...
SQL-Ledger验证绕过漏洞
SQL-Ledger是一款开源的ERP系统。 SQL-Ledger验证机制实现存在错误,远程攻击者可以利用漏洞未授权访问应用程序。 SQL-Ledger使用的会话验证存在问题,当用户登录时,会检查密码信息,如果匹配users/members文件中的内容,那么就生成会话ID并在WEB浏览器上处理。验证所需只要简单在COOKIE中指定"sql-ledger-username"名和timestamp值,并且这个值匹配通过GET或POST操作传递的"sessionid"值。username是登录的用户名,timestamp是UNIX时间戳。 SQL-Ledger = 2.6.17...
OpenEMR 2.8.1 - srcdir Multiple Remote File Inclusions
OpenEMR 2.8.1 - srcdir Multiple Remote File Inclusions \ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV60$2006 ----------------------------------------------------------------------------------------------- ECHOADV60$2006 OpenEMR =2.8.1 Multiple Remote File...
CVE-2006-4798
SQL-Ledger before 2.4.4 stores a password in a query string, which might allow context-dependent attackers to obtain the password via a Referer field or browser history...
CVE-2006-4798
SQL-Ledger before 2.4.4 stores a password in a query string, which might allow context-dependent attackers to obtain the password via a Referer field or browser history...
CVE-2006-4798
SQL-Ledger before 2.4.4 stores a password in a query string, which might allow context-dependent attackers to obtain the password via a Referer field or browser history...
DEBIAN-CVE-2006-4798
SQL-Ledger before 2.4.4 stores a password in a query string, which might allow context-dependent attackers to obtain the password via a Referer field or browser history...
CVE-2006-4798
SQL-Ledger before 2.4.4 stores a password in a query string, which might allow context-dependent attackers to obtain the password via a Referer field or browser history. Affected product/version: SQL-Ledger prior to 2.4.4. Underlying issue: password disclosed in URL/query string. The connected do...
CVE-2006-4798
SQL-Ledger before 2.4.4 stores a password in a query string, which might allow context-dependent attackers to obtain the password via a Referer field or browser history...
CVE-2006-4798
SQL-Ledger before 2.4.4 stores a password in a query string, which might allow context-dependent attackers to obtain the password via a Referer field or browser history...
CVE-2006-4731
Multiple directory traversal vulnerabilities in 1 login.pl and 2 admin.pl in a SQL-Ledger before 2.6.19 and b LedgerSMB before 1.0.0p1 allow remote attackers to execute arbitrary Perl code via an unspecified terminal parameter value containing ../ dot dot slash...
CVE-2006-4731
Multiple directory traversal vulnerabilities in 1 login.pl and 2 admin.pl in a SQL-Ledger before 2.6.19 and b LedgerSMB before 1.0.0p1 allow remote attackers to execute arbitrary Perl code via an unspecified terminal parameter value containing ../ dot dot slash...
DEBIAN-CVE-2006-4731
Multiple directory traversal vulnerabilities in 1 login.pl and 2 admin.pl in a SQL-Ledger before 2.6.19 and b LedgerSMB before 1.0.0p1 allow remote attackers to execute arbitrary Perl code via an unspecified terminal parameter value containing ../ dot dot slash...
CVE-2006-4731
CVE-2006-4731 is a directory traversal vulnerability in SQL-Ledger (before 2.6.19) and LedgerSMB (before 1.0.0p1). Remote attackers could cause arbitrary Perl code execution by supplying a terminal parameter value containing ../, as reported across multiple advisories. Related OpenVAS entries con...
CVE-2006-4731
Multiple directory traversal vulnerabilities in 1 login.pl and 2 admin.pl in a SQL-Ledger before 2.6.19 and b LedgerSMB before 1.0.0p1 allow remote attackers to execute arbitrary Perl code via an unspecified terminal parameter value containing ../ dot dot slash...
LedgerSMB.txt
Hi all; Summary: A directory transversal issue was found in LedgerSMB 1.0.0 involving the terminal variable. This vulnerability was inherited from the SQL-Ledger codebase. Due to the fact that SQL-Ledger has a built-in text editor, this issue could result in arbitrary code execution on the server...
LedgerSMB 1.0.0 and SQL-Ledger 2.6.18 and earler arbitrary code execution
Hi all; Summary: A directory transversal issue was found in LedgerSMB 1.0.0 involving the terminal variable. This vulnerability was inherited from the SQL-Ledger codebase. Due to the fact that SQL-Ledger has a built-in text editor, this issue could result in arbitrary code execution on the server...
CVE-2006-4731
Multiple directory traversal vulnerabilities in 1 login.pl and 2 admin.pl in a SQL-Ledger before 2.6.19 and b LedgerSMB before 1.0.0p1 allow remote attackers to execute arbitrary Perl code via an unspecified terminal parameter value containing ../ dot dot slash...