CVE-2024-23831

LedgerSMB is a free web-based double-entry accounting system. When a LedgerSMB database administrator has an active session in /setup.pl, an attacker can trick the admin into clicking on a link which automatically submits a request to setup.pl without the admin's consent. This request can be used...

sso.comune.roma.it XSS vulnerability

Open Bug Bounty ID: OBB-640326 Description| Value ---|--- Affected Website:| sso.comune.roma.it Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

atn.aero XSS vulnerability

Vulnerable URL: https://www.atn.aero/login.pl Details: Description| Value ---|--- Patched:| No Latest check for patch:| 31.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 1065479 VIP website status:| No Check atn.aero SSL connection:| Grade: C+ Coordinated...

diversityarrays.com XSS vulnerability

Vulnerable URL: https://www.diversityarrays.com/cgi-bin/order/login.pl?logonName=%22%3E%3Csvg/onload=prompt%28/xssposed/%29%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 26.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknow...

Blackboard 5.0 Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5137/info Blackboard is reportedly prone to cross-site scripting attacks. This issue was reported to be in the login.pl script. The vulnerable script fails to sanitize HTML tags from CGI parameters. Attackers may exploit...

CVE-2007-3907

CVE-2007-3907 affects LedgerSMB 1.2.0–1.2.6. An authentication bypass allows remote attackers to perform actions as an arbitrary user via a crafted URL using a redirect parameter and a callback parameter containing an escaped URL. The exact vectors are not detailed in the provided documents. No p...

DEBIAN-CVE-2006-5872

login.pl in SQL-Ledger before 2.6.21 and LedgerSMB before 1.1.5 allows remote attackers to execute arbitrary Perl code via the "-e" flag in the script parameter, which is used as an argument to the perl program...

CVE-2006-5872

login.pl in SQL-Ledger before 2.6.21 and LedgerSMB before 1.1.5 allows remote attackers to execute arbitrary Perl code via the "-e" flag in the script parameter, which is used as an argument to the perl program...

CVE-2006-5872

login.pl in SQL-Ledger before 2.6.21 and LedgerSMB before 1.1.5 allows remote attackers to execute arbitrary Perl code via the "-e" flag in the script parameter, which is used as an argument to the perl program...

CVE-2006-5872

SQL-Ledger before 2.6.21 and LedgerSMB before 1.1.5 are affected by an input sanitising vulnerability that allows remote attackers to execute arbitrary Perl code via the -e flag in the script parameter. This mirrors the CVE-2006-5872 issue described in the Debian advisory (DSA-1239-1) and OpenVAS...

CVE-2006-4731

CVE-2006-4731 is a directory traversal vulnerability in SQL-Ledger (before 2.6.19) and LedgerSMB (before 1.0.0p1). Remote attackers could cause arbitrary Perl code execution by supplying a terminal parameter value containing ../, as reported across multiple advisories. Related OpenVAS entries con...

CVE-2002-1007

Cross-site scripting vulnerabilities in Blackboard 5 allow remote attackers to execute arbitrary web script via 1 the courseid parameter in a link to login.pl, 2 the CTID parameter in ProcessInfo.cgi, or 3 the Message parameter in index.cgi...