Ledgersmb Security Vulnerabilities and Issues — Ledgersmb CVE List

Lucene search

LedgersmbLedgersmb

8 matches found

CVE•added 2007/04/10 11:19 p.m.•48 views

CVE-2007-1923

(1) LedgerSMB and (2) DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direct requests. The LedgerSMB affected versions are before 1.3.0.

7.5CVSS6.7AI score0.01147EPSS

CVE•added 2007/03/07 9:19 p.m.•47 views

CVE-2007-1329

Directory traversal vulnerability in SQL-Ledger, and LedgerSMB before 1.1.5, allows remote attackers to read and overwrite arbitrary files, and execute arbitrary code, via . (dot) characters adjacent to (1) users and (2) users/members strings, which are removed by blacklisting functions that filter...

10CVSS7.2AI score0.05736EPSS

CVE•added 2007/03/13 7:19 p.m.•47 views

CVE-2007-1436

Unspecified vulnerability in admin.pl in SQL-Ledger before 2.6.26 and LedgerSMB before 1.1.9 allows remote attackers to bypass authentication via unknown vectors that prevents a password check from occurring.

7.5CVSS6.9AI score0.00771EPSS

CVE•added 2007/03/13 7:19 p.m.•40 views

CVE-2007-1437

Unspecified vulnerability in LedgerSMB before 1.1.5 and SQL-Ledger before 2.6.25 allows remote attackers to overwrite files and possibly bypass authentication, and remote authenticated users to execute unauthorized code, by calling a custom error function that returns from execution.

9CVSS6.8AI score0.00727EPSS

CVE•added 2007/02/02 9:28 p.m.•39 views

CVE-2007-0667

The redirect function in Form.pm for (1) LedgerSMB before 1.1.5 and (2) SQL-Ledger allows remote authenticated users to execute arbitrary code via redirects, related to callbacks, a different issue than CVE-2006-5872.

6.5CVSS7.2AI score0.01651EPSS

CVE•added 2007/03/20 10:19 p.m.•37 views

CVE-2007-1540

Directory traversal vulnerability in am.pl in (1) SQL-Ledger 2.6.27 and earlier, and (2) LedgerSMB before 1.2.0, allows remote attackers to run arbitrary executables and bypass authentication via a .. (dot dot) sequence and trailing NULL (%00) in the login parameter. NOTE: this issue was reportedly...

4.3CVSS7AI score0.09845EPSS

CVE•added 2007/10/11 10:17 a.m.•33 views

CVE-2007-5372

Multiple SQL injection vulnerabilities in (a) LedgerSMB 1.0.0 through 1.2.7 and (b) DWS Systems SQL-Ledger 2.x allow remote attackers to execute arbitrary SQL commands via (1) the invoice quantity field or (2) the sort field.

10CVSS8.5AI score0.02387EPSS

CVE•added 2007/07/19 5:30 p.m.•29 views

CVE-2007-3907

Unspecified vulnerability in login.pl in LedgerSMB 1.2.0 through 1.2.6 allows remote attackers to bypass authentication and perform certain actions as an arbitrary user via unspecified vectors involving a URL with a redirect parameter value, along with a callback parameter containing an escaped URL...

10CVSS7AI score0.01484EPSS