653 matches found
SQL-Ledger 2.6.x/LedgerSMB 1.0 - 'Terminal' Directory Traversal
source: https://www.securityfocus.com/bid/19960/info SQL-Ledger and LedgerSMB are prone to a remote directory-traversal vulnerability. An attacker can exploit this issue to include arbitrary files located on the vulnerable computer in the context of the webserver process. The attacker may be able...
SQL-Ledger 2.6.xLedgerSMB 1.0 - Terminal Directory Traversal
SQL-Ledger 2.6.xLedgerSMB 1.0 - Terminal Directory Traversal source: https://www.securityfocus.com/bid/19960/info SQL-Ledger and LedgerSMB are prone to a remote directory-traversal vulnerability. An attacker can exploit this issue to include arbitrary files located on the vulnerable computer in t...
sqlledger.txt
Hi all; I have received many requests from security professions responsible for the security of Linux distros to move the full disclosure ahead. Now that I am reasonably sure that the full scope of the problem is known and fixed in the fix that Chris Murtagh and myself put together, it has been...
CVE-2006-4244
SQL-Ledger 2.4.4 through 2.6.17 authenticates users by verifying that the value of the sql-ledger-username cookie matches the value of the sessionid parameter, which allows remote attackers to gain access as any logged-in user by setting the cookie and the parameter to the same value...
CVE-2006-4244
SQL-Ledger 2.4.4 through 2.6.17 authenticates users by verifying that the value of the sql-ledger-username cookie matches the value of the sessionid parameter, which allows remote attackers to gain access as any logged-in user by setting the cookie and the parameter to the same value...
CVE-2006-4244
SQL-Ledger 2.4.4 through 2.6.17 authenticates users by verifying that the value of the sql-ledger-username cookie matches the value of the sessionid parameter, which allows remote attackers to gain access as any logged-in user by setting the cookie and the parameter to the same value...
DEBIAN-CVE-2006-4244
SQL-Ledger 2.4.4 through 2.6.17 authenticates users by verifying that the value of the sql-ledger-username cookie matches the value of the sessionid parameter, which allows remote attackers to gain access as any logged-in user by setting the cookie and the parameter to the same value...
CVE-2006-4244
SQL-Ledger 2.4.4 through 2.6.17 authenticates users by verifying that the value of the sql-ledger-username cookie matches the value of the sessionid parameter, which allows remote attackers to gain access as any logged-in user by setting the cookie and the parameter to the same value...
CVE-2006-4244
CVE-2006-4244 affects SQL-Ledger versions 2.4.4 through 2.6.17, where authentication relies on a cookie value (sql-ledger-[username]) matching the sessionid parameter. An attacker can gain access as any logged-in user by setting the cookie and sessionid to the same value. Connected advisories con...
CVE-2006-4244
SQL-Ledger 2.4.4 through 2.6.17 authenticates users by verifying that the value of the sql-ledger-username cookie matches the value of the sessionid parameter, which allows remote attackers to gain access as any logged-in user by setting the cookie and the parameter to the same value...
SQL-Ledger serious security vulnerability and workaround
Hi; This post is to inform everyone that there is a serious security hole that has been discovered in SQL-Ledger involving session handling. The flaw allows anyone with network access to the server to access the application as any logged in user using trivial mechanisms. I have previously brought...
Design/Logic Flaw
Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5.10CU2 have unknown impact and attack vectors, as identified by Vuln 1 APPS01 in the a Application Install component; 2 APPS09 in the b Oracle Diagnostics Interfaces component; 3 APPS10 in the c Oracle General...
CVE-2006-1880
Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5.10CU2 have unknown impact and attack vectors, as identified by Vuln 1 APPS01 in the a Application Install component; 2 APPS09 in the b Oracle Diagnostics Interfaces component; 3 APPS10 in the c Oracle General...