Lucene search
K

653 matches found

Exploit DB
Exploit DB
added 2006/09/12 12:0 a.m.39 views

SQL-Ledger 2.6.x/LedgerSMB 1.0 - 'Terminal' Directory Traversal

source: https://www.securityfocus.com/bid/19960/info SQL-Ledger and LedgerSMB are prone to a remote directory-traversal vulnerability. An attacker can exploit this issue to include arbitrary files located on the vulnerable computer in the context of the webserver process. The attacker may be able...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2006/09/12 12:0 a.m.12 views

SQL-Ledger 2.6.xLedgerSMB 1.0 - Terminal Directory Traversal

SQL-Ledger 2.6.xLedgerSMB 1.0 - Terminal Directory Traversal source: https://www.securityfocus.com/bid/19960/info SQL-Ledger and LedgerSMB are prone to a remote directory-traversal vulnerability. An attacker can exploit this issue to include arbitrary files located on the vulnerable computer in t...

0.3AI score
Exploits0
Packet Storm
Packet Storm
added 2006/09/08 12:0 a.m.50 views

sqlledger.txt

Hi all; I have received many requests from security professions responsible for the security of Linux distros to move the full disclosure ahead. Now that I am reasonably sure that the full scope of the problem is known and fixed in the fix that Chris Murtagh and myself put together, it has been...

7.5CVSS6.4AI score0.01811EPSS
Exploits4
NVD
NVD
added 2006/08/31 1:4 a.m.28 views

CVE-2006-4244

SQL-Ledger 2.4.4 through 2.6.17 authenticates users by verifying that the value of the sql-ledger-username cookie matches the value of the sessionid parameter, which allows remote attackers to gain access as any logged-in user by setting the cookie and the parameter to the same value...

7.5CVSS6.7AI score0.01811EPSS
Exploits4References7
OSV
OSV
added 2006/08/31 1:4 a.m.6 views

CVE-2006-4244

SQL-Ledger 2.4.4 through 2.6.17 authenticates users by verifying that the value of the sql-ledger-username cookie matches the value of the sessionid parameter, which allows remote attackers to gain access as any logged-in user by setting the cookie and the parameter to the same value...

6.7AI score
Exploits0References7
UbuntuCve
UbuntuCve
added 2006/08/31 1:4 a.m.32 views

CVE-2006-4244

SQL-Ledger 2.4.4 through 2.6.17 authenticates users by verifying that the value of the sql-ledger-username cookie matches the value of the sessionid parameter, which allows remote attackers to gain access as any logged-in user by setting the cookie and the parameter to the same value...

7.5CVSS6AI score0.01811EPSS
Exploits4References1
OSV
OSV
added 2006/08/31 1:4 a.m.1 views

DEBIAN-CVE-2006-4244

SQL-Ledger 2.4.4 through 2.6.17 authenticates users by verifying that the value of the sql-ledger-username cookie matches the value of the sessionid parameter, which allows remote attackers to gain access as any logged-in user by setting the cookie and the parameter to the same value...

7.5CVSS7.2AI score0.01811EPSS
Exploits4References1
Debian CVE
Debian CVE
added 2006/08/31 1:0 a.m.52 views

CVE-2006-4244

SQL-Ledger 2.4.4 through 2.6.17 authenticates users by verifying that the value of the sql-ledger-username cookie matches the value of the sessionid parameter, which allows remote attackers to gain access as any logged-in user by setting the cookie and the parameter to the same value...

7.5CVSS6.1AI score0.01811EPSS
Exploits4
CVE
CVE
added 2006/08/31 1:0 a.m.67 views

CVE-2006-4244

CVE-2006-4244 affects SQL-Ledger versions 2.4.4 through 2.6.17, where authentication relies on a cookie value (sql-ledger-[username]) matching the sessionid parameter. An attacker can gain access as any logged-in user by setting the cookie and sessionid to the same value. Connected advisories con...

7.5CVSS6.5AI score0.01811EPSS
Exploits4References7Affected Software1
Cvelist
Cvelist
added 2006/08/31 1:0 a.m.41 views

CVE-2006-4244

SQL-Ledger 2.4.4 through 2.6.17 authenticates users by verifying that the value of the sql-ledger-username cookie matches the value of the sessionid parameter, which allows remote attackers to gain access as any logged-in user by setting the cookie and the parameter to the same value...

6.6AI score0.01811EPSS
Exploits4References7
securityvulns
securityvulns
added 2006/08/31 12:0 a.m.52 views

SQL-Ledger serious security vulnerability and workaround

Hi; This post is to inform everyone that there is a serious security hole that has been discovered in SQL-Ledger involving session handling. The flaw allows anyone with network access to the server to access the application as any logged in user using trivial mechanisms. I have previously brought...

0.7AI score
Exploits0
Prion
Prion
added 2006/04/20 10:2 a.m.19 views

Design/Logic Flaw

Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5.10CU2 have unknown impact and attack vectors, as identified by Vuln 1 APPS01 in the a Application Install component; 2 APPS09 in the b Oracle Diagnostics Interfaces component; 3 APPS10 in the c Oracle General...

10CVSS7AI score0.03893EPSS
Exploits0References10Affected Software1
NVD
NVD
added 2006/04/20 10:2 a.m.20 views

CVE-2006-1880

Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5.10CU2 have unknown impact and attack vectors, as identified by Vuln 1 APPS01 in the a Application Install component; 2 APPS09 in the b Oracle Diagnostics Interfaces component; 3 APPS10 in the c Oracle General...

10CVSS6.5AI score0.03893EPSS
Exploits0References10
Rows per page
Query Builder