14 matches found
EUVD-2021-27114
Malware in sbrugna...
EUVD-2007-1534
Malware in sbrugna...
EUVD-2007-1430
Malware in sbrugna...
EUVD-2021-26978
Malware in sbrugna...
EUVD-2006-5856
Malware in sbrugna...
EUVD-2024-21274
Malicious code in bioql PyPI...
CVE-2021-3882
LedgerSMB does not set the 'Secure' attribute on the session authorization cookie when the client uses HTTPS and the LedgerSMB server is behind a reverse proxy. By tricking a user to use an unencrypted connection HTTP, an attacker may be able to obtain the authentication data by capturing network...
PT-2024-20111 · Ledgersmb +3 · Ledgersmb +3
Name of the Vulnerable Software and Affected Versions: LedgerSMB versions prior to 1.10.30 LedgerSMB versions prior to 1.11.9 Description: LedgerSMB is a free web-based double-entry accounting system. When a LedgerSMB database administrator has an active session in "/setup.pl", an attacker can...
DEBIAN-CVE-2021-3693
LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure...
PT-2021-21605 · Ledgersmb +2 · Ledgersmb +2
Name of the Vulnerable Software and Affected Versions: LedgerSMB affected versions not specified Description: The issue allows an attacker to trick a targeted user into executing unintended actions through 'clickjacking', as LedgerSMB does not sufficiently guard against being wrapped by other...
PT-2021-21413 · Ledgersmb +2 · Ledgersmb +2
Name of the Vulnerable Software and Affected Versions: LedgerSMB affected versions not specified Description: The issue is related to LedgerSMB not checking the origin of HTML fragments merged into the browser's DOM. This can be exploited by sending a specially crafted URL to an authenticated use...
CVE-2007-1436
Unspecified vulnerability in admin.pl in SQL-Ledger before 2.6.26 and LedgerSMB before 1.1.9 allows remote attackers to bypass authentication via unknown vectors that prevents a password check from occurring...
Authentication flaw
Unspecified vulnerability in admin.pl in SQL-Ledger before 2.6.26 and LedgerSMB before 1.1.9 allows remote attackers to bypass authentication via unknown vectors that prevents a password check from occurring...
CVE-2006-5872
login.pl in SQL-Ledger before 2.6.21 and LedgerSMB before 1.1.5 allows remote attackers to execute arbitrary Perl code via the "-e" flag in the script parameter, which is used as an argument to the perl program...