Lucene search
Ubuntu.comUB:CVE-2007-0667HistoryFeb 02, 2007 - 12:00 a.m.
CVE-2007-0667
2007-02-0200:00:00
ubuntu.com
ubuntu.com
4
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.01 Low
EPSS
Percentile
83.8%
The redirect function in Form.pm for (1) LedgerSMB before 1.1.5 and (2)
SQL-Ledger allows remote authenticated users to execute arbitrary code via
redirects, related to callbacks, a different issue than CVE-2006-5872.
Notes
| Author | Note |
|---|---|
| sbeattie | hard to determine if this was fixed in newer releases; see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=409703 |
| ebarretto | We won’t be patching it in esm-apps/xenial as this bug never got fixed and a separate fork of such project was created. |
Related
prion
prion
Design/Logic Flaw
2007-02-02 21:28:00
cve
cve
CVE-2007-0667
2007-02-02 21:28:00
CVE-2006-5872
2006-12-18 00:28:00
debiancve
debiancve
CVE-2007-0667
2007-02-02 21:28:00
CVE-2006-5872
2006-12-18 00:28:00
nessus
nessus
FreeBSD : sql-ledger -- multiple vulnerabilities (0679deeb-8eaf-11db-abc9-0003476f14d3)
2006-12-30 00:00:00
Debian DSA-1239-1 : sql-ledger - several vulnerabilities
2006-12-18 00:00:00
securityvulns
securityvulns
Full Disclosure: Arbitrary Code Execution in LedgerSMB CVE-2006-5872
2007-01-28 00:00:00
Arbitrary Code Execution in SQL-Ledger and LedgerSMB through redirects
2007-01-30 00:00:00
freebsd
freebsd
sql-ledger -- multiple vulnerabilities
2006-12-17 00:00:00
debian
debian
[SECURITY] [DSA 1239-1] New sql-ledger packages fix arbitrary code execution
2006-12-17 15:21:18
openvas
openvas
FreeBSD Ports: sql-ledger
2008-09-04 00:00:00
Debian Security Advisory DSA 1239-1 (sql-ledger)
2008-01-17 00:00:00
osv
osv
sql-ledger
2006-12-17 00:00:00
6.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
0.01 Low
EPSS
Percentile
83.8%
Related for UB:CVE-2007-0667