Arbitrary Code Execution in SQL-Ledger and LedgerSMB through redirects

Separate from CVE-2006-5872, there is a possibility of causing arbitrary code execution during redirects. This requires a valid login to exploit and was discovered and brought to the attention of both the SQL-Ledger and LedgerSMB team in November. LedgerSMB 1.1.5 corred the problem, but it is sti...

LedgerSMB / SQL-Ledger login.pl script Parameter Arbitrary Perl Code Execution

The remote host is running LedgerSMB or SQL-Ledger, a web-based, double-entry accounting system. The version of LedgerSMB or SQL-Ledger on the remote host fails to sanitize user-supplied input to the 'script' parameter of the 'login.pl' script before using it to execute Perl code. An...

Full Disclosure: Arbitrary Code Execution in LedgerSMB CVE-2006-5872

CVE-2006-5872 filed against SQL-Ledger also affects LedgerSMB. This was first fixed in LedgerSMB 1.1.5 but due to a number of unrelated bugs, we recommend upgrading to 1.1.7. SQL-Ledger fixed the problem in 2.6.21. This occurs due to the improper handling of input handling in the redirect functio...

FreeBSD : sql-ledger -- multiple vulnerabilities (0679deeb-8eaf-11db-abc9-0003476f14d3)

The Debian security Team reports : Several remote vulnerabilities have been discovered in SQL Ledger, a web-based double-entry accounting program, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : Chris Travers...

CVE-2006-5872

login.pl in SQL-Ledger before 2.6.21 and LedgerSMB before 1.1.5 allows remote attackers to execute arbitrary Perl code via the "-e" flag in the script parameter, which is used as an argument to the perl program...

CVE-2006-5872

login.pl in SQL-Ledger before 2.6.21 and LedgerSMB before 1.1.5 allows remote attackers to execute arbitrary Perl code via the "-e" flag in the script parameter, which is used as an argument to the perl program...

CVE-2006-5872

SQL-Ledger before 2.6.21 and LedgerSMB before 1.1.5 are affected by an input sanitising vulnerability that allows remote attackers to execute arbitrary Perl code via the -e flag in the script parameter. This mirrors the CVE-2006-5872 issue described in the Debian advisory (DSA-1239-1) and OpenVAS...

CVE-2006-5872

login.pl in SQL-Ledger before 2.6.21 and LedgerSMB before 1.1.5 allows remote attackers to execute arbitrary Perl code via the "-e" flag in the script parameter, which is used as an argument to the perl program...

sql-ledger -- multiple vulnerabilities

The Debian security Team reports: Several remote vulnerabilities have been discovered in SQL Ledger, a web based double-entry accounting program, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: Chris Travers...

SQL-Ledger验证绕过漏洞

SQL-Ledger是一款开源的ERP系统。 SQL-Ledger验证机制实现存在错误，远程攻击者可以利用漏洞未授权访问应用程序。 SQL-Ledger使用的会话验证存在问题，当用户登录时，会检查密码信息，如果匹配users/members文件中的内容，那么就生成会话ID并在WEB浏览器上处理。验证所需只要简单在COOKIE中指定"sql-ledger-username"名和timestamp值，并且这个值匹配通过GET或POST操作传递的"sessionid"值。username是登录的用户名，timestamp是UNIX时间戳。 SQL-Ledger = 2.6.17...

OpenEMR 2.8.1 - srcdir Multiple Remote File Inclusions

OpenEMR 2.8.1 - srcdir Multiple Remote File Inclusions \ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV60$2006 ----------------------------------------------------------------------------------------------- ECHOADV60$2006 OpenEMR =2.8.1 Multiple Remote File...

CVE-2006-4798

SQL-Ledger before 2.4.4 stores a password in a query string, which might allow context-dependent attackers to obtain the password via a Referer field or browser history...

CVE-2006-4798

SQL-Ledger before 2.4.4 stores a password in a query string, which might allow context-dependent attackers to obtain the password via a Referer field or browser history...

CVE-2006-4798

SQL-Ledger before 2.4.4 stores a password in a query string, which might allow context-dependent attackers to obtain the password via a Referer field or browser history. Affected product/version: SQL-Ledger prior to 2.4.4. Underlying issue: password disclosed in URL/query string. The connected do...

CVE-2006-4798

SQL-Ledger before 2.4.4 stores a password in a query string, which might allow context-dependent attackers to obtain the password via a Referer field or browser history...

CVE-2006-4731

Multiple directory traversal vulnerabilities in 1 login.pl and 2 admin.pl in a SQL-Ledger before 2.6.19 and b LedgerSMB before 1.0.0p1 allow remote attackers to execute arbitrary Perl code via an unspecified terminal parameter value containing ../ dot dot slash...

LedgerSMB 1.0.0 and SQL-Ledger 2.6.18 and earler arbitrary code execution

Hi all; Summary: A directory transversal issue was found in LedgerSMB 1.0.0 involving the terminal variable. This vulnerability was inherited from the SQL-Ledger codebase. Due to the fact that SQL-Ledger has a built-in text editor, this issue could result in arbitrary code execution on the server...

LedgerSMB.txt

Hi all; Summary: A directory transversal issue was found in LedgerSMB 1.0.0 involving the terminal variable. This vulnerability was inherited from the SQL-Ledger codebase. Due to the fact that SQL-Ledger has a built-in text editor, this issue could result in arbitrary code execution on the server...

CVE-2006-4731

Multiple directory traversal vulnerabilities in 1 login.pl and 2 admin.pl in a SQL-Ledger before 2.6.19 and b LedgerSMB before 1.0.0p1 allow remote attackers to execute arbitrary Perl code via an unspecified terminal parameter value containing ../ dot dot slash...

CVE-2006-4731

CVE-2006-4731 is a directory traversal vulnerability in SQL-Ledger (before 2.6.19) and LedgerSMB (before 1.0.0p1). Remote attackers could cause arbitrary Perl code execution by supplying a terminal parameter value containing ../, as reported across multiple advisories. Related OpenVAS entries con...