Linux Distros Unpatched Vulnerability : CVE-2009-3584

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SQL-Ledger 2.8.24 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by...

Linux Distros Unpatched Vulnerability : CVE-2009-3581

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple cross-site scripting XSS vulnerabilities in SQL-Ledger 2.8.24 allow remote authenticated users to inject arbitrary web script or HTML via 1 the DCN...

Linux Distros Unpatched Vulnerability : CVE-2007-5372

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple SQL injection vulnerabilities in a LedgerSMB 1.0.0 through 1.2.7 and b DWS Systems SQL-Ledger 2.x allow remote attackers to execute arbitrary SQL...

Linux Distros Unpatched Vulnerability : CVE-2009-3580

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cross-site request forgery CSRF vulnerability in am.pl in SQL-Ledger 2.8.24 allows remote attackers to hijack the authentication of arbitrary users for requests...

Linux Distros Unpatched Vulnerability : CVE-2007-1923

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - 1 LedgerSMB and 2 DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access...

SQL-Ledger 2.6.x/LedgerSMB 1.0 Terminal Parameter Directory Traversal Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/19960/info SQL-Ledger and LedgerSMB are prone to a remote directory-traversal vulnerability. An attacker can exploit this issue to include arbitrary files located on the vulnerable computer in the context of the webserver...

SQL-Ledger <= 2.8.33 Post-authentication Local File Include/Edit Vulnerability

No description provided by source. Exploit Title: SQL-Ledger = 2.8.33 Post-authentication Local File Include/Edit Vulnerability Google Dork: inurl:/sql-ledger/login.pl Date: April 15, 2011 Author: bitform Software Link: http://www.sql-ledger.com/source/sql-ledger-2.8.33.tar.gz Version: 2.8.33...

LedgerSMB1.0/1.1,SQL-Ledger 2.6.x Login Parameter Local File Include And Authentication Bypass Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/23034/info LedgerSMB/SQL-Ledger are prone to a local file-include vulnerability because the application fails to sufficiently sanitize user-supplied input. SQL-Ledger is also prone to an authentication-bypass vulnerabilit...

Full disclosure for SA45649, SQL Injection in LedgerSMB and SQL-Ledger

Affects versions: SQL-Ledger 2.8.33 and lower LedgerSMB 1.2.24 and lower. Both programs have vendor fixes available in the form of new, patched versions. These have been out for over a week with appropriate advisories, with users having time to upgrade. Files affected: LedgerSMB/RP.pm for LedgerS...

SQL-Ledger patch update for SQL injection

Hi all; We have been informed that SQL-Ledger 2.8.34 has in fact been released patching the security hole previously reported in LedgerSMB 1.2.24 and Lower. This is an SQL injection issue. I haven't been been able to find a CVE listing for this yet. Secunia has assigned this the id of SA45649 for...

Security advisory: SQL Injection in LedgerSMB 1.2.24 and lower

Hi all; The LedgerSMB development team has found an SQL injection issue in LedgerSMB 1.2.24. Because this issue stems from our common SQL-Ledger heritage, it affects all versions of LedgerSMB and has been confirmed in SQL-Ledger 2.8.33. We contacted Dieter when we initially discovered this and no...

SQL-Ledger SQL Injection Vulnerability

LedgerSMB and SQL-Ledger are prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are...

SQL-Ledger SQL Injection Vulnerability

LedgerSMB and SQL-Ledger are prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent...

SQL-Ledger <= 2.8.33 Post-authentication LFI/Edit Vulnerability

Exploit for php platform in category web applications Exploit Title: SQL-Ledger = 2.8.33 Post-authentication Local File Include/Edit Vulnerability Google Dork: inurl:/sql-ledger/login.pl Date: April 15, 2011 Author: bitform Software Link: http://www.sql-ledger.com/source/sql-ledger-2.8.33.tar.gz...

SQL-Ledger 2.8.33 - (Authenticated) Local File Inclusion / Edit

Exploit Title: SQL-Ledger = 2.8.33 Post-authentication Local File Include/Edit Vulnerability Google Dork: inurl:/sql-ledger/login.pl Date: April 15, 2011 Author: bitform Software Link: http://www.sql-ledger.com/source/sql-ledger-2.8.33.tar.gz Version: 2.8.33 Tested on: Ubuntu Server 10.04 CVE :...

SQL-Ledger 2.8.33 Local File Inclusion

Exploit Title: SQL-Ledger = 2.8.33 Post-authentication Local File Include/Edit Vulnerability Google Dork: inurl:/sql-ledger/login.pl Date: April 15, 2011 Author: bitform Software Link: http://www.sql-ledger.com/source/sql-ledger-2.8.33.tar.gz Version: 2.8.33 Tested on: Ubuntu Server 10.04 CVE :...

SQL-Ledger Version Detection

This script detects the installed SQL-Ledger version. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SQL-Ledger Multiple Vulnerabilities

This host is running SQL-Ledger and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: secpodsqlledgermultvuln.nasl 5122 2017-01-27 12:16:00Z teissa $ SQL-Ledger Multiple Vulnerabilities Authors: Sharath S Copyright: Copyright c 2009 SecPod, http://www.secpod.com This program i...

SQL-Ledger Multiple Vulnerabilities

SQL-Ledger is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SQL-Ledger ERP多个输入验证和绕过安全限制漏洞

BUGTRAQ ID: 37431 CVECAN ID: CVE-2009-3581,CVE-2009-3582,CVE-2009-3583,CVE-2009-3584 SQL-Ledger ERP是一个企业财务和ERP系统。 SQL-Ledger中的多个安全漏洞允许攻击者执行跨站请求伪造、跨站脚本或SQL注入攻击，或绕过某些安全限制。 1 SQL-Ledger没有执行任何有效性检查便允许用户通过HTTP请求执行某些操作。 2 由于没有正确地过滤提交给Accounts Receivables的客户名称、厂商名称和DCN描述字段，以及提交给Accounts...