Vulnerabilites related to sql-ledger - sql-ledger
Vulnerability from fkie_nvd
Published
2009-12-23 18:30
Modified
2025-04-09 00:30
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in SQL-Ledger 2.8.24 allow remote authenticated users to inject arbitrary web script or HTML via (1) the DCN Description field in the Accounts Receivables menu item for Add Transaction, (2) the Description field in the Accounts Payable menu item for Add Transaction, or the name field in (3) the Customers menu item for Add Customer or (4) the Vendor menu item for Add Vendor.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sql-ledger | sql-ledger | 2.8.24 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.8.24:*:*:*:*:*:*:*",
"matchCriteriaId": "E37F91C4-5164-4428-82B6-10DAFC0C3FAD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in SQL-Ledger 2.8.24 allow remote authenticated users to inject arbitrary web script or HTML via (1) the DCN Description field in the Accounts Receivables menu item for Add Transaction, (2) the Description field in the Accounts Payable menu item for Add Transaction, or the name field in (3) the Customers menu item for Add Customer or (4) the Vendor menu item for Add Vendor."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en SQL-Ledger v2.8.24 permite a usuarios autenticados remotamente inyectar secuencias de comandos web o HTML de su elecci\u00f3n mediante (1) el campo DCN Description en el elemento de men\u00fa Accounts Receivables para Add Transaction, (2) el campo Description en el elemento de men\u00fa Accounts Payable para Add Transaction, o el campo nombre en (3) el elemento de men\u00fa Customers para Add Customer o (4) el elemento de men\u00fa Vendor para Add Vendor."
}
],
"id": "CVE-2009-3581",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-12-23T18:30:00.563",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37877"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/508559/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/37431"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54965"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37877"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/508559/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/37431"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54965"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-08-31 01:04
Modified
2025-04-03 01:03
Severity ?
Summary
SQL-Ledger 2.4.4 through 2.6.17 authenticates users by verifying that the value of the sql-ledger-[username] cookie matches the value of the sessionid parameter, which allows remote attackers to gain access as any logged-in user by setting the cookie and the parameter to the same value.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "96A468DE-4EA0-40E5-848C-9A046E9EE073",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1AB67B38-EB93-4F07-B57D-20D839036341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FA5C8095-CDB8-40D3-8AE1-0F31B62DA859",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E93E88F3-AAB8-424A-909D-187490A569DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9379DECB-18FB-47FF-B6CA-FEDE70BD0090",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2DE7C358-802F-47B9-B905-72077F0C27D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "08C91CB6-C4C3-4964-875B-868FCF2AFB33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "6AA97417-7192-4BC7-8C6D-CF2F311491AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "BB579DCA-1C5C-4EA3-9EFA-B440D64B771F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "51CD497C-6B27-440C-ADD3-9CCE7835B512",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "F8647ABC-1F51-4E3C-A362-ECE15961F7AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "5587FE38-7533-45CD-B238-88691B8B0ACD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.4.16:*:*:*:*:*:*:*",
"matchCriteriaId": "1942D52F-6877-4B81-9157-D5CAB707D66D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FFBA608E-699C-4D60-AF1F-1BBA3862A47B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5699B67-86B0-47FE-90D9-D409F6FABC15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4D11204D-B57D-40E6-B8FE-59F48BE8EAD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C31AB41D-86C9-4063-9D63-DEF9C463CB6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "388D505B-8227-4C5F-93BA-B37B7FCE08A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9895620D-BABD-4A4A-A196-BC5FCC549FE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A067D306-200B-4EF6-A58F-0222FDA16C7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "46865444-8B28-4DBA-8086-E2C5B5E4D33D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "8C671286-D9AC-46F0-866F-B530C25901FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EE5762E9-A65D-43D1-AE6F-D00469F2C1F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "3A017D9C-78DE-4D35-AE6E-032311F8CF22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D0F9DB72-874F-4369-AE14-EF33B98574E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "08A78E62-B64F-4A3F-A89A-86D19E7FA403",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.6.13:*:*:*:*:*:*:*",
"matchCriteriaId": "DB32ED5F-490C-4C72-96EF-FE1B239A1841",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.6.14:*:*:*:*:*:*:*",
"matchCriteriaId": "EE241D6D-6802-4BA6-B526-15824976C8BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.6.15:*:*:*:*:*:*:*",
"matchCriteriaId": "2EC578E3-D2DF-497B-8D25-AE64AA39DEBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.6.16:*:*:*:*:*:*:*",
"matchCriteriaId": "0DAE416E-30A9-4AB3-B968-BB17EB1889F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.6.17:*:*:*:*:*:*:*",
"matchCriteriaId": "12BFEF80-BCC4-44BC-A7B6-D688F1688A96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.6.18:*:*:*:*:*:*:*",
"matchCriteriaId": "FD7E5E53-3B67-46CA-A85F-37A93958A4BD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.6.19:*:*:*:*:*:*:*",
"matchCriteriaId": "BD66FE58-EF0E-4F02-9FDB-8AB5C715FCD6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.6.20:*:*:*:*:*:*:*",
"matchCriteriaId": "32309E76-7795-47B7-937E-CB6122A1BBB0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.6.21:*:*:*:*:*:*:*",
"matchCriteriaId": "DD3EDFA2-8A21-4331-9715-3204DAA22845",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.6.22:*:*:*:*:*:*:*",
"matchCriteriaId": "3635B9CC-E41D-4B08-8790-088035A1BB77",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.6.23:*:*:*:*:*:*:*",
"matchCriteriaId": "35CDD731-E995-4513-9AC4-D0EE9820E995",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.6.24:*:*:*:*:*:*:*",
"matchCriteriaId": "42CAECC0-260F-4B61-ACC6-18C075003FBB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.6.25:*:*:*:*:*:*:*",
"matchCriteriaId": "7EC85020-344F-4B75-A79E-CA190FD8D335",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.6.26:*:*:*:*:*:*:*",
"matchCriteriaId": "3F314723-AE62-4DA9-8904-B27DD1D3AA28",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.6.27:*:*:*:*:*:*:*",
"matchCriteriaId": "5BB097CC-822C-4271-8D86-C978E3687630",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A5C8571C-8240-4DA2-9190-AA5844ACE954",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B8D4DB7D-B779-42C3-87E0-F19FD546B1D0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F9347B79-BF54-45B9-91BE-10AC9B8CAE1D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "80606CA8-22A2-4B8B-870D-80723DBA2EB4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3E4E69D9-273F-4816-B793-2F6BAF764C74",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F81B17BD-570A-4FB2-B9F3-D7FA1230FB39",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "8EC2718E-D742-4E6A-BBA2-4FE16AB9F808",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CA77D30D-51F9-4B1D-8BCF-3725BDA43526",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "8E9B5E2C-8C1C-4C47-B69D-A1AA17F9AAAC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "79497E96-8A63-4D02-A6C4-490146BFCDAC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "5D962297-E903-4F52-A572-B58D056248E4",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.8.11:*:*:*:*:*:*:*",
"matchCriteriaId": "AD2CB622-0A42-4498-9218-EC691772BF83",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.8.12:*:*:*:*:*:*:*",
"matchCriteriaId": "C42629C1-3BC6-40AE-9A5C-F6E8CF5BD88E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.8.13:*:*:*:*:*:*:*",
"matchCriteriaId": "E89B5D37-EFC0-4C4C-AF9C-7504FBDB9DFE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.8.14:*:*:*:*:*:*:*",
"matchCriteriaId": "F47E4D57-7CC5-493E-97BF-E46A50D8CF84",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.8.15:*:*:*:*:*:*:*",
"matchCriteriaId": "17E2A5DA-FB9F-43C7-BF0E-D2015064B8BB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.8.16:*:*:*:*:*:*:*",
"matchCriteriaId": "23E2D064-9D18-4868-A8C1-2CED2755425F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.8.17:*:*:*:*:*:*:*",
"matchCriteriaId": "B2C3C7C0-F508-4565-BD6E-4C54A4DA0E9F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.8.18:*:*:*:*:*:*:*",
"matchCriteriaId": "C4882BC7-93D6-457C-BFB8-633115F04E7E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL-Ledger 2.4.4 through 2.6.17 authenticates users by verifying that the value of the sql-ledger-[username] cookie matches the value of the sessionid parameter, which allows remote attackers to gain access as any logged-in user by setting the cookie and the parameter to the same value."
},
{
"lang": "es",
"value": "SQL-Ledger 2.4.4 a la 2.6.17 valida usuarios a trav\u00e9s de la verificaci\u00f3n del valor de la cookie sql-ledger-[username] selecciona el valor del par\u00e1metro sessionid, lo cual permite a un atacante remoto aumentar el acceso como cualquier usuario validado a trav\u00e9s de la configuraci\u00f3n la cookie y el par\u00e1metro con el mismo valor."
}
],
"id": "CVE-2006-4244",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-08-31T01:04:00.000",
"references": [
{
"source": "security@debian.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21689"
},
{
"source": "security@debian.org",
"url": "http://securityreason.com/securityalert/1472"
},
{
"source": "security@debian.org",
"url": "http://www.securityfocus.com/archive/1/444741/100/0/threaded"
},
{
"source": "security@debian.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/archive/1/445512"
},
{
"source": "security@debian.org",
"url": "http://www.securityfocus.com/bid/19758"
},
{
"source": "security@debian.org",
"url": "http://www.sql-ledger.org/cgi-bin/nav.pl?page=news.html\u0026title=What%27s%20New"
},
{
"source": "security@debian.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28671"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/21689"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/1472"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/444741/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/archive/1/445512"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/19758"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.sql-ledger.org/cgi-bin/nav.pl?page=news.html\u0026title=What%27s%20New"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28671"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-09-15 15:14
Modified
2025-04-09 00:30
Severity ?
Summary
The CGI scripts in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allow remote attackers to cause a denial of service (resource exhaustion) via an HTTP POST request with a large Content-Length.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ledgersmb | ledgersmb | * | |
| sql-ledger | sql-ledger | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ledgersmb:ledgersmb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4416D2DF-77A4-42E9-9920-BEF9EF00F423",
"versionEndExcluding": "1.2.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B15622DA-57A0-48A8-A271-7E8DE5D508AC",
"versionEndIncluding": "2.8.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The CGI scripts in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allow remote attackers to cause a denial of service (resource exhaustion) via an HTTP POST request with a large Content-Length."
},
{
"lang": "es",
"value": "Las secuencias de comandos (script) CGI en (1) LedgerSMB (LSMB) versiones anteriores a 1.2.15 y (2) SQL-Ledger 2.8.17 y versiones anteriores permite a atacantes remotos provocar una denegaci\u00f3n de servicio (agotamiento de recursos) a trav\u00e9s de una petici\u00f3n HTTP POST con un largo Content-Length."
}
],
"id": "CVE-2008-4077",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-09-15T15:14:07.367",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31843"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://securityreason.com/securityalert/4250"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "http://www.ledgersmb.org/node/70"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/496181/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/31109"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45033"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31843"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://securityreason.com/securityalert/4250"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "http://www.ledgersmb.org/node/70"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/496181/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/31109"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45033"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-09-15 15:14
Modified
2025-04-09 00:30
Severity ?
Summary
SQL injection vulnerability in the AR/AP transaction report in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ledgersmb | ledgersmb | * | |
| sql-ledger | sql-ledger | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ledgersmb:ledgersmb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4416D2DF-77A4-42E9-9920-BEF9EF00F423",
"versionEndExcluding": "1.2.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B15622DA-57A0-48A8-A271-7E8DE5D508AC",
"versionEndIncluding": "2.8.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the AR/AP transaction report in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en el informe de transacci\u00f3n AR/AP en (1) LedgerSMB (LSMB) versiones anteriores a 1.2.15 y (2) SQL-Ledger 2.8.17 y versiones anteriores permite a usuarios remotos autenticados ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2008-4078",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-09-15T15:14:07.397",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31843"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://securityreason.com/securityalert/4250"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=175965\u0026release_id=624978"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/496181/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/31109"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45034"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31843"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://securityreason.com/securityalert/4250"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=175965\u0026release_id=624978"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/496181/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/31109"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45034"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-03-13 19:19
Modified
2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in LedgerSMB before 1.1.5 and SQL-Ledger before 2.6.25 allows remote attackers to overwrite files and possibly bypass authentication, and remote authenticated users to execute unauthorized code, by calling a custom error function that returns from execution.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ledgersmb | ledgersmb | 1.0.0 | |
| ledgersmb | ledgersmb | 1.1.0 | |
| ledgersmb | ledgersmb | 1.1.1 | |
| sql-ledger | sql-ledger | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ledgersmb:ledgersmb:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FBCE1BDC-52DF-4555-AB36-3A0AD4DF6EFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ledgersmb:ledgersmb:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F92E614-45B3-4744-8CFB-2F4387242B1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ledgersmb:ledgersmb:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E4E199FF-805A-4473-8E15-B712132E0BE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5A85D61C-3097-470C-9A5A-A16C96EFDBC0",
"versionEndIncluding": "2.6.24",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in LedgerSMB before 1.1.5 and SQL-Ledger before 2.6.25 allows remote attackers to overwrite files and possibly bypass authentication, and remote authenticated users to execute unauthorized code, by calling a custom error function that returns from execution."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en LedgerSMB anterior a 1.1.5 y SQL-Ledger anterior a 2.6.25 permite a atacantes remotos sobrescribir ficheros y evitar autenticaci\u00f3n, y a usuarios autenticados ejecutar c\u00f3digo no autorizado, mediante la llamada a una funci\u00f3n de error que retorna desde la ejecuci\u00f3n."
}
],
"id": "CVE-2007-1437",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-03-13T19:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24363"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24366"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/2435"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/461944/100/100/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24363"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24366"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/2435"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/461944/100/100/threaded"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-04-10 23:19
Modified
2025-04-09 00:30
Severity ?
Summary
(1) LedgerSMB and (2) DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direct requests. The LedgerSMB affected versions are before 1.3.0.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ledgersmb | ledgersmb | * | |
| sql-ledger | sql-ledger | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ledgersmb:ledgersmb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0AEC949D-05C5-46A4-8524-708110C55CD1",
"versionEndExcluding": "1.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA6F3CE1-B130-49E4-BABB-A2C44F955625",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "(1) LedgerSMB and (2) DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direct requests. The LedgerSMB affected versions are before 1.3.0."
},
{
"lang": "es",
"value": "(1) LedgerSMB y (2) DWS Systems SQL-Ledger implementa las listas de control de acceso a trav\u00e9s del cambio de la asignaci\u00f3n de URLs enlazadas desde men\u00fas, lo cual permite a atacantes remotos acceder a funcionalidades restringidas a trav\u00e9s de una respuesta directa."
}
],
"id": "CVE-2007-1923",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-04-10T23:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/38217"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/38218"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://securityreason.com/securityalert/2552"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/464880/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/23352"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33494"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://github.com/ledgersmb/LedgerSMB/blob/master/Changelog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/38217"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://osvdb.org/38218"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://securityreason.com/securityalert/2552"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/archive/1/464880/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/23352"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33494"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://github.com/ledgersmb/LedgerSMB/blob/master/Changelog"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-03-20 22:19
Modified
2025-04-09 00:30
Severity ?
Summary
Directory traversal vulnerability in am.pl in SQL-Ledger 2.6.27 only checks for the presence of a NULL (%00) character to protect against directory traversal attacks, which allows remote attackers to run arbitrary executables and bypass authentication via a .. (dot dot) sequence in the login parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sql-ledger | sql-ledger | 2.6.27 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.6.27:*:*:*:*:*:*:*",
"matchCriteriaId": "5BB097CC-822C-4271-8D86-C978E3687630",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in am.pl in SQL-Ledger 2.6.27 only checks for the presence of a NULL (%00) character to protect against directory traversal attacks, which allows remote attackers to run arbitrary executables and bypass authentication via a .. (dot dot) sequence in the login parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en am.pl de SQL-Ledger 2.6.27 s\u00f3lo comprueba la presencia del car\u00e1cter nulo (%00) para proteger contra ataques de salto de directorio, lo cual permite a atacantes remotos ejecutar programas de su elecci\u00f3n y evitar la autenticaci\u00f3n mediante una secuencia .. (punto punto) en el par\u00e1metro login."
}
],
"id": "CVE-2007-1541",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-03-20T22:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/24560"
},
{
"source": "cve@mitre.org",
"url": "http://sql-ledger.com/cgi-bin/nav.pl?page=news.html\u0026title=What%27s%20New"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/463175/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/23034"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/1025"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24560"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sql-ledger.com/cgi-bin/nav.pl?page=news.html\u0026title=What%27s%20New"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/463175/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/23034"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/1025"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-03-13 19:19
Modified
2025-04-09 00:30
Severity ?
Summary
Unspecified vulnerability in admin.pl in SQL-Ledger before 2.6.26 and LedgerSMB before 1.1.9 allows remote attackers to bypass authentication via unknown vectors that prevents a password check from occurring.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ledgersmb:ledgersmb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F7858BB-0570-4E97-BB32-536D30DC4525",
"versionEndIncluding": "1.1.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ledgersmb:ledgersmb:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FBCE1BDC-52DF-4555-AB36-3A0AD4DF6EFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ledgersmb:ledgersmb:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F92E614-45B3-4744-8CFB-2F4387242B1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ledgersmb:ledgersmb:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E4E199FF-805A-4473-8E15-B712132E0BE8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ledgersmb:ledgersmb:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EEF4DD67-2815-418E-B6C8-F9ABDA1BA6DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0E1259FE-76CA-4BDB-A860-B1309D7B64B9",
"versionEndIncluding": "2.6.25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "96A468DE-4EA0-40E5-848C-9A046E9EE073",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1AB67B38-EB93-4F07-B57D-20D839036341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FA5C8095-CDB8-40D3-8AE1-0F31B62DA859",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E93E88F3-AAB8-424A-909D-187490A569DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9379DECB-18FB-47FF-B6CA-FEDE70BD0090",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2DE7C358-802F-47B9-B905-72077F0C27D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "08C91CB6-C4C3-4964-875B-868FCF2AFB33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "6AA97417-7192-4BC7-8C6D-CF2F311491AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "BB579DCA-1C5C-4EA3-9EFA-B440D64B771F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "51CD497C-6B27-440C-ADD3-9CCE7835B512",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "F8647ABC-1F51-4E3C-A362-ECE15961F7AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "5587FE38-7533-45CD-B238-88691B8B0ACD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.4.16:*:*:*:*:*:*:*",
"matchCriteriaId": "1942D52F-6877-4B81-9157-D5CAB707D66D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FFBA608E-699C-4D60-AF1F-1BBA3862A47B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5699B67-86B0-47FE-90D9-D409F6FABC15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4D11204D-B57D-40E6-B8FE-59F48BE8EAD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C31AB41D-86C9-4063-9D63-DEF9C463CB6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "388D505B-8227-4C5F-93BA-B37B7FCE08A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9895620D-BABD-4A4A-A196-BC5FCC549FE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A067D306-200B-4EF6-A58F-0222FDA16C7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "46865444-8B28-4DBA-8086-E2C5B5E4D33D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "8C671286-D9AC-46F0-866F-B530C25901FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EE5762E9-A65D-43D1-AE6F-D00469F2C1F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "3A017D9C-78DE-4D35-AE6E-032311F8CF22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D0F9DB72-874F-4369-AE14-EF33B98574E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "08A78E62-B64F-4A3F-A89A-86D19E7FA403",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.6.13:*:*:*:*:*:*:*",
"matchCriteriaId": "DB32ED5F-490C-4C72-96EF-FE1B239A1841",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.6.14:*:*:*:*:*:*:*",
"matchCriteriaId": "EE241D6D-6802-4BA6-B526-15824976C8BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.6.15:*:*:*:*:*:*:*",
"matchCriteriaId": "2EC578E3-D2DF-497B-8D25-AE64AA39DEBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.6.16:*:*:*:*:*:*:*",
"matchCriteriaId": "0DAE416E-30A9-4AB3-B968-BB17EB1889F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.6.17:*:*:*:*:*:*:*",
"matchCriteriaId": "12BFEF80-BCC4-44BC-A7B6-D688F1688A96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.6.18:*:*:*:*:*:*:*",
"matchCriteriaId": "FD7E5E53-3B67-46CA-A85F-37A93958A4BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.6.19:*:*:*:*:*:*:*",
"matchCriteriaId": "BD66FE58-EF0E-4F02-9FDB-8AB5C715FCD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.6.21:*:*:*:*:*:*:*",
"matchCriteriaId": "DD3EDFA2-8A21-4331-9715-3204DAA22845",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in admin.pl in SQL-Ledger before 2.6.26 and LedgerSMB before 1.1.9 allows remote attackers to bypass authentication via unknown vectors that prevents a password check from occurring."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en admin.pl en SQL-Ledger anterior a 2.6.26 y LedgerSMB anterior a 1.1.9 permite a atacantes remotos evitar la autenticaci\u00f3n mediante vectores desconocidos que previenen del chequeo de la contrase\u00f1a."
}
],
"evaluatorSolution": "This vulnerability is addressed in the following product updates:\r\nSQL-Ledger, 2.6.26 \r\nLedgerSMB, 1.1.9",
"id": "CVE-2007-1436",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-03-13T19:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24467"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24496"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/2436"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/project/shownotes.php?release_id=494462\u0026group_id=175965"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/33622"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/33623"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/462375/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/22889"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24467"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24496"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/2436"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/project/shownotes.php?release_id=494462\u0026group_id=175965"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/33622"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/33623"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/462375/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/22889"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-03-20 22:19
Modified
2025-04-09 00:30
Severity ?
Summary
Directory traversal vulnerability in am.pl in (1) SQL-Ledger 2.6.27 and earlier, and (2) LedgerSMB before 1.2.0, allows remote attackers to run arbitrary executables and bypass authentication via a .. (dot dot) sequence and trailing NULL (%00) in the login parameter. NOTE: this issue was reportedly addressed in SQL-Ledger 2.6.27, however third-party researchers claim that the file is still executed even though an error is generated.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ledgersmb | ledgersmb | * | |
| sql-ledger | sql-ledger | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ledgersmb:ledgersmb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F7858BB-0570-4E97-BB32-536D30DC4525",
"versionEndIncluding": "1.1.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E2FBBC0F-B7B2-44BB-9126-FE55DD095273",
"versionEndIncluding": "2.6.27",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in am.pl in (1) SQL-Ledger 2.6.27 and earlier, and (2) LedgerSMB before 1.2.0, allows remote attackers to run arbitrary executables and bypass authentication via a .. (dot dot) sequence and trailing NULL (%00) in the login parameter. NOTE: this issue was reportedly addressed in SQL-Ledger 2.6.27, however third-party researchers claim that the file is still executed even though an error is generated."
},
{
"lang": "es",
"value": "Una vulnerabilidad de salto de directorio en el archivo am.pl en (1) SQL-Ledger versi\u00f3n 2.6.27 y anteriores, y (2) LedgerSMB anterior a la versi\u00f3n 1.2.0, permite a los atacantes remotos correr ejecutables arbitrarios y omitir autenticaci\u00f3n mediante una secuencia .. (punto punto) y al final NULL (%00) en el par\u00e1metro login. NOTA: este problema se solucion\u00f3 en SQL-Ledger versi\u00f3n 2.6.27, sin embargo, los investigadores externos afirman que el archivo todav\u00eda se ejecuta, aunque se genera un error."
}
],
"id": "CVE-2007-1540",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-03-20T22:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/24560"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/24585"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=494462\u0026group_id=175965"
},
{
"source": "cve@mitre.org",
"url": "http://sql-ledger.com/cgi-bin/nav.pl?page=news.html\u0026title=What%27s%20New"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/33624"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/463175/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/23034"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/1024"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/1025"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24560"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24585"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=494462\u0026group_id=175965"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sql-ledger.com/cgi-bin/nav.pl?page=news.html\u0026title=What%27s%20New"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/33624"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/463175/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/23034"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/1024"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/1025"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-12-23 18:30
Modified
2025-04-09 00:30
Severity ?
Summary
SQL-Ledger 2.8.24 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sql-ledger | sql-ledger | 2.8.24 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.8.24:*:*:*:*:*:*:*",
"matchCriteriaId": "E37F91C4-5164-4428-82B6-10DAFC0C3FAD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL-Ledger 2.8.24 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session."
},
{
"lang": "es",
"value": "SQL-Ledger v2.8.24 no inicializa el flag de seguridad para la cookie de sesi\u00f3n en una conexi\u00f3n https, lo que facilita a atacantes remotos la captura de esta cookie interceptando su transmisi\u00f3n con una sesi\u00f3n http."
}
],
"id": "CVE-2009-3584",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-12-23T18:30:00.657",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37877"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/508559/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/37431"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54968"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37877"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/508559/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/37431"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54968"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-16"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-12-23 18:30
Modified
2025-04-09 00:30
Severity ?
Summary
The default configuration of SQL-Ledger 2.8.24 allows remote attackers to perform unspecified administrative operations by providing an arbitrary password to the admin interface.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sql-ledger | sql-ledger | 2.8.24 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.8.24:*:*:*:*:*:*:*",
"matchCriteriaId": "E37F91C4-5164-4428-82B6-10DAFC0C3FAD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The default configuration of SQL-Ledger 2.8.24 allows remote attackers to perform unspecified administrative operations by providing an arbitrary password to the admin interface."
},
{
"lang": "es",
"value": "La configuraci\u00f3n por defecto de SQL-Ledger v2.8.24 permite a atacantes remotos realizar operaciones de administraci\u00f3n no especificadas al proporcionar una contrase\u00f1a arbitraria al interfaz de \"admin\"."
}
],
"id": "CVE-2009-4402",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-12-23T18:30:00.717",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37877"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/508559/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/37431"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37877"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/508559/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/37431"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-16"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-03-07 21:19
Modified
2025-04-09 00:30
Severity ?
Summary
Directory traversal vulnerability in SQL-Ledger, and LedgerSMB before 1.1.5, allows remote attackers to read and overwrite arbitrary files, and execute arbitrary code, via . (dot) characters adjacent to (1) users and (2) users/members strings, which are removed by blacklisting functions that filter these strings and collapse into .. (dot dot) sequences.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ledgersmb | ledgersmb | * | |
| sql-ledger | sql-ledger | 2.6.25 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ledgersmb:ledgersmb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "17E0DA0F-6168-4BAD-8CA1-F867886A6546",
"versionEndIncluding": "1.1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.6.25:*:*:*:*:*:*:*",
"matchCriteriaId": "7EC85020-344F-4B75-A79E-CA190FD8D335",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in SQL-Ledger, and LedgerSMB before 1.1.5, allows remote attackers to read and overwrite arbitrary files, and execute arbitrary code, via . (dot) characters adjacent to (1) users and (2) users/members strings, which are removed by blacklisting functions that filter these strings and collapse into .. (dot dot) sequences."
},
{
"lang": "es",
"value": "Vulnerabilidad de escalado de directorio en SQL-Ledger, y LedgerSMB versiones anteriores a 1.1.5, permite a atacantes remotos leer y sobre-escribir ficheros de su elecci\u00f3n, y ejecutar c\u00f3digo de su elecci\u00f3n mediante caracteres . (punto) adyacentes a cadenas (1) users y (2) users/members, que son eliminadas por funciones lista-negra que filtran dichas cadenas y las reducen en secuencias .. (punto punto)."
}
],
"id": "CVE-2007-1329",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-03-07T21:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/33619"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/33621"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/24363"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/24366"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/2381"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1017715"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/461630/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32776"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/33619"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/33621"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24363"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24366"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/2381"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1017715"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/461630/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32776"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-12-23 18:30
Modified
2025-04-09 00:30
Severity ?
Summary
Multiple SQL injection vulnerabilities in the delete subroutine in SQL-Ledger 2.8.24 allow remote authenticated users to execute arbitrary SQL commands via the (1) id and possibly (2) db parameters in a Delete action to the output of a Vendors>Reports>Search search operation.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sql-ledger | sql-ledger | 2.8.24 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.8.24:*:*:*:*:*:*:*",
"matchCriteriaId": "E37F91C4-5164-4428-82B6-10DAFC0C3FAD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in the delete subroutine in SQL-Ledger 2.8.24 allow remote authenticated users to execute arbitrary SQL commands via the (1) id and possibly (2) db parameters in a Delete action to the output of a Vendors\u003eReports\u003eSearch search operation."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en la subrutina de borrado en SQL-Ledger v2.8.24 permite a usuarios autenticados remotamente ejecutar comandos SQL de su elecci\u00f3n mediante los par\u00e1metros (1) \"id\" y posiblemente (2) \"db\" en una acci\u00f3n Delete en la salida de una operaci\u00f3n de b\u00fasquedaVendors\u003eReports\u003eSearch."
}
],
"id": "CVE-2009-3582",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-12-23T18:30:00.610",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37877"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/508559/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/37431"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54966"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37877"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/508559/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/37431"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54966"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-12-23 18:30
Modified
2025-04-09 00:30
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in am.pl in SQL-Ledger 2.8.24 allows remote attackers to hijack the authentication of arbitrary users for requests that change a password via the login, new_password, and confirm_password parameters in a preferences action.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sql-ledger | sql-ledger | 2.8.24 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.8.24:*:*:*:*:*:*:*",
"matchCriteriaId": "E37F91C4-5164-4428-82B6-10DAFC0C3FAD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in am.pl in SQL-Ledger 2.8.24 allows remote attackers to hijack the authentication of arbitrary users for requests that change a password via the login, new_password, and confirm_password parameters in a preferences action."
},
{
"lang": "es",
"value": "Vulnerabilidad de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en am.pl en SQL-Ledger v2.8.24 permite a atacantes remotos secuestrar la autenticaci\u00f3n de usuarios de su elecci\u00f3n para solicitar el cambio de contrase\u00f1a mediante los par\u00e1metros \"login\", \"new_password\", y \"confirm_password\" en una acci\u00f3n preferences."
}
],
"id": "CVE-2009-3580",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-12-23T18:30:00.467",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37877"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/508559/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54964"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37877"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/508559/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54964"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-12-23 18:30
Modified
2025-04-09 00:30
Severity ?
Summary
Directory traversal vulnerability in the Preferences menu item in SQL-Ledger 2.8.24 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the countrycode field.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sql-ledger | sql-ledger | 2.8.24 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.8.24:*:*:*:*:*:*:*",
"matchCriteriaId": "E37F91C4-5164-4428-82B6-10DAFC0C3FAD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the Preferences menu item in SQL-Ledger 2.8.24 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the countrycode field."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en el elemento de men\u00fa Preferences en SQL-Ledger v2.8.24 permite a atacantes remotos incluir y ejecutar ficheros locales mediante los caracteres .. (punto punto) en el campo \"countrycode\"."
}
],
"id": "CVE-2009-3583",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-12-23T18:30:00.627",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37877"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/508559/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/37431"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54967"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37877"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/508559/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/37431"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54967"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-02-02 21:28
Modified
2025-04-09 00:30
Severity ?
Summary
The redirect function in Form.pm for (1) LedgerSMB before 1.1.5 and (2) SQL-Ledger allows remote authenticated users to execute arbitrary code via redirects, related to callbacks, a different issue than CVE-2006-5872.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ledgersmb | ledgersmb | * | |
| sql-ledger | sql-ledger | 2.4.7 | |
| sql-ledger | sql-ledger | 2.6.17 | |
| sql-ledger | sql-ledger | 2.6.18 | |
| sql-ledger | sql-ledger | 2.6.19 | |
| sql-ledger | sql-ledger | 2.6.21 | |
| sql-ledger | sql-ledger | 2.6.25 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ledgersmb:ledgersmb:*:*:*:*:*:*:*:*",
"matchCriteriaId": "17E0DA0F-6168-4BAD-8CA1-F867886A6546",
"versionEndIncluding": "1.1.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "E93E88F3-AAB8-424A-909D-187490A569DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.6.17:*:*:*:*:*:*:*",
"matchCriteriaId": "12BFEF80-BCC4-44BC-A7B6-D688F1688A96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.6.18:*:*:*:*:*:*:*",
"matchCriteriaId": "FD7E5E53-3B67-46CA-A85F-37A93958A4BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.6.19:*:*:*:*:*:*:*",
"matchCriteriaId": "BD66FE58-EF0E-4F02-9FDB-8AB5C715FCD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.6.21:*:*:*:*:*:*:*",
"matchCriteriaId": "DD3EDFA2-8A21-4331-9715-3204DAA22845",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sql-ledger:sql-ledger:2.6.25:*:*:*:*:*:*:*",
"matchCriteriaId": "7EC85020-344F-4B75-A79E-CA190FD8D335",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The redirect function in Form.pm for (1) LedgerSMB before 1.1.5 and (2) SQL-Ledger allows remote authenticated users to execute arbitrary code via redirects, related to callbacks, a different issue than CVE-2006-5872."
},
{
"lang": "es",
"value": "La funci\u00f3n redirect en el archivo Form.pm para (1) LedgerSMB anterior a la versi\u00f3n 1.1.5 y (2) SQL-Ledger permite a los usuarios autenticados remotos ejecutar c\u00f3digo arbitrario por medio de redireccionamientos, relacionados con callbacks, un problema diferente de CVE-2006-5872."
}
],
"id": "CVE-2007-0667",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-02-02T21:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/2217"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/458464/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/459264/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/22295"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/0407"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/2217"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/458464/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/459264/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/22295"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2007/0407"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2007-1541 (GCVE-0-2007-1541)
Vulnerability from cvelistv5
Published
2007-03-20 22:00
Modified
2024-08-07 12:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Directory traversal vulnerability in am.pl in SQL-Ledger 2.6.27 only checks for the presence of a NULL (%00) character to protect against directory traversal attacks, which allows remote attackers to run arbitrary executables and bypass authentication via a .. (dot dot) sequence in the login parameter.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:59:08.578Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "24560",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24560"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://sql-ledger.com/cgi-bin/nav.pl?page=news.html\u0026title=What%27s%20New"
},
{
"name": "ADV-2007-1025",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1025"
},
{
"name": "20070318 Full Disclosure: Arbitrary execution vulnerability in SQL-Ledger and LedgerSMB",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/463175/100/0/threaded"
},
{
"name": "23034",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23034"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in am.pl in SQL-Ledger 2.6.27 only checks for the presence of a NULL (%00) character to protect against directory traversal attacks, which allows remote attackers to run arbitrary executables and bypass authentication via a .. (dot dot) sequence in the login parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "24560",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24560"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://sql-ledger.com/cgi-bin/nav.pl?page=news.html\u0026title=What%27s%20New"
},
{
"name": "ADV-2007-1025",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1025"
},
{
"name": "20070318 Full Disclosure: Arbitrary execution vulnerability in SQL-Ledger and LedgerSMB",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/463175/100/0/threaded"
},
{
"name": "23034",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23034"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1541",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in am.pl in SQL-Ledger 2.6.27 only checks for the presence of a NULL (%00) character to protect against directory traversal attacks, which allows remote attackers to run arbitrary executables and bypass authentication via a .. (dot dot) sequence in the login parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "24560",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24560"
},
{
"name": "http://sql-ledger.com/cgi-bin/nav.pl?page=news.html\u0026title=What\u0027s%20New",
"refsource": "MISC",
"url": "http://sql-ledger.com/cgi-bin/nav.pl?page=news.html\u0026title=What\u0027s%20New"
},
{
"name": "ADV-2007-1025",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1025"
},
{
"name": "20070318 Full Disclosure: Arbitrary execution vulnerability in SQL-Ledger and LedgerSMB",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/463175/100/0/threaded"
},
{
"name": "23034",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23034"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1541",
"datePublished": "2007-03-20T22:00:00",
"dateReserved": "2007-03-20T00:00:00",
"dateUpdated": "2024-08-07T12:59:08.578Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-3584 (GCVE-0-2009-3584)
Vulnerability from cvelistv5
Published
2009-12-23 18:00
Modified
2024-08-07 06:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL-Ledger 2.8.24 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:31:10.543Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20091221 SQL-Ledger \u0026acirc;?? several vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/508559/100/0/threaded"
},
{
"name": "37877",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37877"
},
{
"name": "37431",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37431"
},
{
"name": "sqlledger-cookie-weak-security(54968)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54968"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-12-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL-Ledger 2.8.24 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20091221 SQL-Ledger \u0026acirc;?? several vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/508559/100/0/threaded"
},
{
"name": "37877",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37877"
},
{
"name": "37431",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37431"
},
{
"name": "sqlledger-cookie-weak-security(54968)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54968"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3584",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL-Ledger 2.8.24 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20091221 SQL-Ledger \u0026acirc;?? several vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/508559/100/0/threaded"
},
{
"name": "37877",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37877"
},
{
"name": "37431",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37431"
},
{
"name": "sqlledger-cookie-weak-security(54968)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54968"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3584",
"datePublished": "2009-12-23T18:00:00",
"dateReserved": "2009-10-07T00:00:00",
"dateUpdated": "2024-08-07T06:31:10.543Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-4402 (GCVE-0-2009-4402)
Vulnerability from cvelistv5
Published
2009-12-23 18:00
Modified
2024-08-07 07:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The default configuration of SQL-Ledger 2.8.24 allows remote attackers to perform unspecified administrative operations by providing an arbitrary password to the admin interface.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:01:20.312Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20091221 SQL-Ledger \u0026acirc;?? several vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/508559/100/0/threaded"
},
{
"name": "37877",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37877"
},
{
"name": "37431",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37431"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-12-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The default configuration of SQL-Ledger 2.8.24 allows remote attackers to perform unspecified administrative operations by providing an arbitrary password to the admin interface."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20091221 SQL-Ledger \u0026acirc;?? several vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/508559/100/0/threaded"
},
{
"name": "37877",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37877"
},
{
"name": "37431",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37431"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4402",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration of SQL-Ledger 2.8.24 allows remote attackers to perform unspecified administrative operations by providing an arbitrary password to the admin interface."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20091221 SQL-Ledger \u0026acirc;?? several vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/508559/100/0/threaded"
},
{
"name": "37877",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37877"
},
{
"name": "37431",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37431"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-4402",
"datePublished": "2009-12-23T18:00:00",
"dateReserved": "2009-12-23T00:00:00",
"dateUpdated": "2024-08-07T07:01:20.312Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4244 (GCVE-0-2006-4244)
Vulnerability from cvelistv5
Published
2006-08-31 01:00
Modified
2024-08-07 19:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL-Ledger 2.4.4 through 2.6.17 authenticates users by verifying that the value of the sql-ledger-[username] cookie matches the value of the sessionid parameter, which allows remote attackers to gain access as any logged-in user by setting the cookie and the parameter to the same value.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:06:06.557Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.sql-ledger.org/cgi-bin/nav.pl?page=news.html\u0026title=What%27s%20New"
},
{
"name": "sql-ledger-session-unauth-access(28671)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28671"
},
{
"name": "19758",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/19758"
},
{
"name": "21689",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21689"
},
{
"name": "20060830 SQL-Ledger serious security vulnerability and workaround",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/444741/100/0/threaded"
},
{
"name": "20060907 Full Disclosure for SQL-Ledger vulnerability CVE-2006-4244",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/445512"
},
{
"name": "1472",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/1472"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-08-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL-Ledger 2.4.4 through 2.6.17 authenticates users by verifying that the value of the sql-ledger-[username] cookie matches the value of the sessionid parameter, which allows remote attackers to gain access as any logged-in user by setting the cookie and the parameter to the same value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.sql-ledger.org/cgi-bin/nav.pl?page=news.html\u0026title=What%27s%20New"
},
{
"name": "sql-ledger-session-unauth-access(28671)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28671"
},
{
"name": "19758",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/19758"
},
{
"name": "21689",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21689"
},
{
"name": "20060830 SQL-Ledger serious security vulnerability and workaround",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/444741/100/0/threaded"
},
{
"name": "20060907 Full Disclosure for SQL-Ledger vulnerability CVE-2006-4244",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/445512"
},
{
"name": "1472",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/1472"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2006-4244",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL-Ledger 2.4.4 through 2.6.17 authenticates users by verifying that the value of the sql-ledger-[username] cookie matches the value of the sessionid parameter, which allows remote attackers to gain access as any logged-in user by setting the cookie and the parameter to the same value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.sql-ledger.org/cgi-bin/nav.pl?page=news.html\u0026title=What\u0027s%20New",
"refsource": "CONFIRM",
"url": "http://www.sql-ledger.org/cgi-bin/nav.pl?page=news.html\u0026title=What\u0027s%20New"
},
{
"name": "sql-ledger-session-unauth-access(28671)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28671"
},
{
"name": "19758",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19758"
},
{
"name": "21689",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21689"
},
{
"name": "20060830 SQL-Ledger serious security vulnerability and workaround",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/444741/100/0/threaded"
},
{
"name": "20060907 Full Disclosure for SQL-Ledger vulnerability CVE-2006-4244",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/445512"
},
{
"name": "1472",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/1472"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2006-4244",
"datePublished": "2006-08-31T01:00:00",
"dateReserved": "2006-08-21T00:00:00",
"dateUpdated": "2024-08-07T19:06:06.557Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1436 (GCVE-0-2007-1436)
Vulnerability from cvelistv5
Published
2007-03-13 19:00
Modified
2024-08-07 12:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in admin.pl in SQL-Ledger before 2.6.26 and LedgerSMB before 1.1.9 allows remote attackers to bypass authentication via unknown vectors that prevents a password check from occurring.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:59:08.319Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070309 Security bypass vulnerability in LedgerSMB and SQL-Ledger (fixes released today)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/462375/100/0/threaded"
},
{
"name": "24496",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24496"
},
{
"name": "24467",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24467"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=494462\u0026group_id=175965"
},
{
"name": "2436",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2436"
},
{
"name": "33622",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/33622"
},
{
"name": "33623",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/33623"
},
{
"name": "22889",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22889"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in admin.pl in SQL-Ledger before 2.6.26 and LedgerSMB before 1.1.9 allows remote attackers to bypass authentication via unknown vectors that prevents a password check from occurring."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070309 Security bypass vulnerability in LedgerSMB and SQL-Ledger (fixes released today)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/462375/100/0/threaded"
},
{
"name": "24496",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24496"
},
{
"name": "24467",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24467"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=494462\u0026group_id=175965"
},
{
"name": "2436",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2436"
},
{
"name": "33622",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/33622"
},
{
"name": "33623",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/33623"
},
{
"name": "22889",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22889"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1436",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in admin.pl in SQL-Ledger before 2.6.26 and LedgerSMB before 1.1.9 allows remote attackers to bypass authentication via unknown vectors that prevents a password check from occurring."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070309 Security bypass vulnerability in LedgerSMB and SQL-Ledger (fixes released today)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/462375/100/0/threaded"
},
{
"name": "24496",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24496"
},
{
"name": "24467",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24467"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=494462\u0026group_id=175965",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=494462\u0026group_id=175965"
},
{
"name": "2436",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2436"
},
{
"name": "33622",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/33622"
},
{
"name": "33623",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/33623"
},
{
"name": "22889",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22889"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1436",
"datePublished": "2007-03-13T19:00:00",
"dateReserved": "2007-03-13T00:00:00",
"dateUpdated": "2024-08-07T12:59:08.319Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1329 (GCVE-0-2007-1329)
Vulnerability from cvelistv5
Published
2007-03-07 21:00
Modified
2024-08-07 12:50
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Directory traversal vulnerability in SQL-Ledger, and LedgerSMB before 1.1.5, allows remote attackers to read and overwrite arbitrary files, and execute arbitrary code, via . (dot) characters adjacent to (1) users and (2) users/members strings, which are removed by blacklisting functions that filter these strings and collapse into .. (dot dot) sequences.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:50:35.165Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "24363",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24363"
},
{
"name": "33619",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/33619"
},
{
"name": "33621",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/33621"
},
{
"name": "20070301 Full disclosure: Directory Transversal and Arbitrary Code Execution Vulnerability in SQL-Ledger and LedgerSMB",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/461630/100/0/threaded"
},
{
"name": "2381",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2381"
},
{
"name": "24366",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24366"
},
{
"name": "sqlledger-userpathmemberfile-dir-traversal(32776)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32776"
},
{
"name": "1017715",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017715"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in SQL-Ledger, and LedgerSMB before 1.1.5, allows remote attackers to read and overwrite arbitrary files, and execute arbitrary code, via . (dot) characters adjacent to (1) users and (2) users/members strings, which are removed by blacklisting functions that filter these strings and collapse into .. (dot dot) sequences."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "24363",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24363"
},
{
"name": "33619",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/33619"
},
{
"name": "33621",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/33621"
},
{
"name": "20070301 Full disclosure: Directory Transversal and Arbitrary Code Execution Vulnerability in SQL-Ledger and LedgerSMB",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/461630/100/0/threaded"
},
{
"name": "2381",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2381"
},
{
"name": "24366",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24366"
},
{
"name": "sqlledger-userpathmemberfile-dir-traversal(32776)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32776"
},
{
"name": "1017715",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017715"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1329",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in SQL-Ledger, and LedgerSMB before 1.1.5, allows remote attackers to read and overwrite arbitrary files, and execute arbitrary code, via . (dot) characters adjacent to (1) users and (2) users/members strings, which are removed by blacklisting functions that filter these strings and collapse into .. (dot dot) sequences."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "24363",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24363"
},
{
"name": "33619",
"refsource": "OSVDB",
"url": "http://osvdb.org/33619"
},
{
"name": "33621",
"refsource": "OSVDB",
"url": "http://osvdb.org/33621"
},
{
"name": "20070301 Full disclosure: Directory Transversal and Arbitrary Code Execution Vulnerability in SQL-Ledger and LedgerSMB",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/461630/100/0/threaded"
},
{
"name": "2381",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2381"
},
{
"name": "24366",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24366"
},
{
"name": "sqlledger-userpathmemberfile-dir-traversal(32776)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32776"
},
{
"name": "1017715",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017715"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1329",
"datePublished": "2007-03-07T21:00:00",
"dateReserved": "2007-03-07T00:00:00",
"dateUpdated": "2024-08-07T12:50:35.165Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-3581 (GCVE-0-2009-3581)
Vulnerability from cvelistv5
Published
2009-12-23 18:00
Modified
2024-08-07 06:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple cross-site scripting (XSS) vulnerabilities in SQL-Ledger 2.8.24 allow remote authenticated users to inject arbitrary web script or HTML via (1) the DCN Description field in the Accounts Receivables menu item for Add Transaction, (2) the Description field in the Accounts Payable menu item for Add Transaction, or the name field in (3) the Customers menu item for Add Customer or (4) the Vendor menu item for Add Vendor.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:31:10.622Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "sqlledger-accounts-xss(54965)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54965"
},
{
"name": "20091221 SQL-Ledger \u0026acirc;?? several vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/508559/100/0/threaded"
},
{
"name": "37877",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37877"
},
{
"name": "37431",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37431"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-12-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in SQL-Ledger 2.8.24 allow remote authenticated users to inject arbitrary web script or HTML via (1) the DCN Description field in the Accounts Receivables menu item for Add Transaction, (2) the Description field in the Accounts Payable menu item for Add Transaction, or the name field in (3) the Customers menu item for Add Customer or (4) the Vendor menu item for Add Vendor."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "sqlledger-accounts-xss(54965)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54965"
},
{
"name": "20091221 SQL-Ledger \u0026acirc;?? several vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/508559/100/0/threaded"
},
{
"name": "37877",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37877"
},
{
"name": "37431",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37431"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3581",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in SQL-Ledger 2.8.24 allow remote authenticated users to inject arbitrary web script or HTML via (1) the DCN Description field in the Accounts Receivables menu item for Add Transaction, (2) the Description field in the Accounts Payable menu item for Add Transaction, or the name field in (3) the Customers menu item for Add Customer or (4) the Vendor menu item for Add Vendor."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "sqlledger-accounts-xss(54965)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54965"
},
{
"name": "20091221 SQL-Ledger \u0026acirc;?? several vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/508559/100/0/threaded"
},
{
"name": "37877",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37877"
},
{
"name": "37431",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37431"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3581",
"datePublished": "2009-12-23T18:00:00",
"dateReserved": "2009-10-07T00:00:00",
"dateUpdated": "2024-08-07T06:31:10.622Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1923 (GCVE-0-2007-1923)
Vulnerability from cvelistv5
Published
2007-04-10 00:00
Modified
2024-08-07 13:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
(1) LedgerSMB and (2) DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direct requests. The LedgerSMB affected versions are before 1.3.0.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:13:41.559Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "38218",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://osvdb.org/38218"
},
{
"name": "sqlledger-acl-weak-security(33494)",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33494"
},
{
"name": "2552",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2552"
},
{
"name": "38217",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://osvdb.org/38217"
},
{
"name": "23352",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23352"
},
{
"name": "20070406 ACLS ineffective in SQL-Ledger and LedgerSMB",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/464880/100/0/threaded"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ledgersmb/LedgerSMB/blob/master/Changelog"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-04-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "(1) LedgerSMB and (2) DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direct requests. The LedgerSMB affected versions are before 1.3.0."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-25T04:58:55.612724",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "38218",
"tags": [
"vdb-entry"
],
"url": "http://osvdb.org/38218"
},
{
"name": "sqlledger-acl-weak-security(33494)",
"tags": [
"vdb-entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33494"
},
{
"name": "2552",
"tags": [
"third-party-advisory"
],
"url": "http://securityreason.com/securityalert/2552"
},
{
"name": "38217",
"tags": [
"vdb-entry"
],
"url": "http://osvdb.org/38217"
},
{
"name": "23352",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/23352"
},
{
"name": "20070406 ACLS ineffective in SQL-Ledger and LedgerSMB",
"tags": [
"mailing-list"
],
"url": "http://www.securityfocus.com/archive/1/464880/100/0/threaded"
},
{
"url": "https://github.com/ledgersmb/LedgerSMB/blob/master/Changelog"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1923",
"datePublished": "2007-04-10T00:00:00",
"dateReserved": "2007-04-10T00:00:00",
"dateUpdated": "2024-08-07T13:13:41.559Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-3583 (GCVE-0-2009-3583)
Vulnerability from cvelistv5
Published
2009-12-23 18:00
Modified
2024-08-07 06:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Directory traversal vulnerability in the Preferences menu item in SQL-Ledger 2.8.24 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the countrycode field.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:31:10.652Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "sqlledger-countrycode-file-include(54967)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54967"
},
{
"name": "20091221 SQL-Ledger \u0026acirc;?? several vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/508559/100/0/threaded"
},
{
"name": "37877",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37877"
},
{
"name": "37431",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37431"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-12-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the Preferences menu item in SQL-Ledger 2.8.24 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the countrycode field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "sqlledger-countrycode-file-include(54967)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54967"
},
{
"name": "20091221 SQL-Ledger \u0026acirc;?? several vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/508559/100/0/threaded"
},
{
"name": "37877",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37877"
},
{
"name": "37431",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37431"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3583",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the Preferences menu item in SQL-Ledger 2.8.24 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the countrycode field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "sqlledger-countrycode-file-include(54967)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54967"
},
{
"name": "20091221 SQL-Ledger \u0026acirc;?? several vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/508559/100/0/threaded"
},
{
"name": "37877",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37877"
},
{
"name": "37431",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37431"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3583",
"datePublished": "2009-12-23T18:00:00",
"dateReserved": "2009-10-07T00:00:00",
"dateUpdated": "2024-08-07T06:31:10.652Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-3580 (GCVE-0-2009-3580)
Vulnerability from cvelistv5
Published
2009-12-23 18:00
Modified
2024-08-07 06:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site request forgery (CSRF) vulnerability in am.pl in SQL-Ledger 2.8.24 allows remote attackers to hijack the authentication of arbitrary users for requests that change a password via the login, new_password, and confirm_password parameters in a preferences action.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:31:10.630Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "sqlledger-am-csrf(54964)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54964"
},
{
"name": "20091221 SQL-Ledger \u0026acirc;?? several vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/508559/100/0/threaded"
},
{
"name": "37877",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37877"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-12-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in am.pl in SQL-Ledger 2.8.24 allows remote attackers to hijack the authentication of arbitrary users for requests that change a password via the login, new_password, and confirm_password parameters in a preferences action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "sqlledger-am-csrf(54964)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54964"
},
{
"name": "20091221 SQL-Ledger \u0026acirc;?? several vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/508559/100/0/threaded"
},
{
"name": "37877",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37877"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3580",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in am.pl in SQL-Ledger 2.8.24 allows remote attackers to hijack the authentication of arbitrary users for requests that change a password via the login, new_password, and confirm_password parameters in a preferences action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "sqlledger-am-csrf(54964)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54964"
},
{
"name": "20091221 SQL-Ledger \u0026acirc;?? several vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/508559/100/0/threaded"
},
{
"name": "37877",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37877"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3580",
"datePublished": "2009-12-23T18:00:00",
"dateReserved": "2009-10-07T00:00:00",
"dateUpdated": "2024-08-07T06:31:10.630Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1437 (GCVE-0-2007-1437)
Vulnerability from cvelistv5
Published
2007-03-13 19:00
Modified
2024-08-07 12:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in LedgerSMB before 1.1.5 and SQL-Ledger before 2.6.25 allows remote attackers to overwrite files and possibly bypass authentication, and remote authenticated users to execute unauthorized code, by calling a custom error function that returns from execution.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:59:08.465Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "24363",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24363"
},
{
"name": "2435",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2435"
},
{
"name": "24366",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24366"
},
{
"name": "20070305 DoS and code execution issue in LedgerSMB \u003c 1.1.5 and SQL-Ledger \u003c 2.6.25",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/461944/100/100/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in LedgerSMB before 1.1.5 and SQL-Ledger before 2.6.25 allows remote attackers to overwrite files and possibly bypass authentication, and remote authenticated users to execute unauthorized code, by calling a custom error function that returns from execution."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "24363",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24363"
},
{
"name": "2435",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2435"
},
{
"name": "24366",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24366"
},
{
"name": "20070305 DoS and code execution issue in LedgerSMB \u003c 1.1.5 and SQL-Ledger \u003c 2.6.25",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/461944/100/100/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1437",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in LedgerSMB before 1.1.5 and SQL-Ledger before 2.6.25 allows remote attackers to overwrite files and possibly bypass authentication, and remote authenticated users to execute unauthorized code, by calling a custom error function that returns from execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "24363",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24363"
},
{
"name": "2435",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2435"
},
{
"name": "24366",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24366"
},
{
"name": "20070305 DoS and code execution issue in LedgerSMB \u003c 1.1.5 and SQL-Ledger \u003c 2.6.25",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/461944/100/100/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1437",
"datePublished": "2007-03-13T19:00:00",
"dateReserved": "2007-03-13T00:00:00",
"dateUpdated": "2024-08-07T12:59:08.465Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-3582 (GCVE-0-2009-3582)
Vulnerability from cvelistv5
Published
2009-12-23 18:00
Modified
2024-08-07 06:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple SQL injection vulnerabilities in the delete subroutine in SQL-Ledger 2.8.24 allow remote authenticated users to execute arbitrary SQL commands via the (1) id and possibly (2) db parameters in a Delete action to the output of a Vendors>Reports>Search search operation.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:31:10.603Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20091221 SQL-Ledger \u0026acirc;?? several vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/508559/100/0/threaded"
},
{
"name": "sqlledger-id-sql-injection(54966)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54966"
},
{
"name": "37877",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37877"
},
{
"name": "37431",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/37431"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-12-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in the delete subroutine in SQL-Ledger 2.8.24 allow remote authenticated users to execute arbitrary SQL commands via the (1) id and possibly (2) db parameters in a Delete action to the output of a Vendors\u003eReports\u003eSearch search operation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20091221 SQL-Ledger \u0026acirc;?? several vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/508559/100/0/threaded"
},
{
"name": "sqlledger-id-sql-injection(54966)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54966"
},
{
"name": "37877",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37877"
},
{
"name": "37431",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/37431"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3582",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in the delete subroutine in SQL-Ledger 2.8.24 allow remote authenticated users to execute arbitrary SQL commands via the (1) id and possibly (2) db parameters in a Delete action to the output of a Vendors\u003eReports\u003eSearch search operation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20091221 SQL-Ledger \u0026acirc;?? several vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/508559/100/0/threaded"
},
{
"name": "sqlledger-id-sql-injection(54966)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54966"
},
{
"name": "37877",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37877"
},
{
"name": "37431",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37431"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-3582",
"datePublished": "2009-12-23T18:00:00",
"dateReserved": "2009-10-07T00:00:00",
"dateUpdated": "2024-08-07T06:31:10.603Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-4077 (GCVE-0-2008-4077)
Vulnerability from cvelistv5
Published
2008-09-15 15:00
Modified
2024-08-07 10:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The CGI scripts in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allow remote attackers to cause a denial of service (resource exhaustion) via an HTTP POST request with a large Content-Length.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:00:42.863Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "31843",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31843"
},
{
"name": "31109",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31109"
},
{
"name": "ledgersmb-contentlength-dos(45033)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45033"
},
{
"name": "20080910 Multiple Vulnerabilities: LedgerSMB \u003c 1.2.15",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/496181/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ledgersmb.org/node/70"
},
{
"name": "4250",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4250"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The CGI scripts in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allow remote attackers to cause a denial of service (resource exhaustion) via an HTTP POST request with a large Content-Length."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "31843",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31843"
},
{
"name": "31109",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31109"
},
{
"name": "ledgersmb-contentlength-dos(45033)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45033"
},
{
"name": "20080910 Multiple Vulnerabilities: LedgerSMB \u003c 1.2.15",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/496181/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ledgersmb.org/node/70"
},
{
"name": "4250",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4250"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4077",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The CGI scripts in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allow remote attackers to cause a denial of service (resource exhaustion) via an HTTP POST request with a large Content-Length."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "31843",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31843"
},
{
"name": "31109",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31109"
},
{
"name": "ledgersmb-contentlength-dos(45033)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45033"
},
{
"name": "20080910 Multiple Vulnerabilities: LedgerSMB \u003c 1.2.15",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/496181/100/0/threaded"
},
{
"name": "http://www.ledgersmb.org/node/70",
"refsource": "CONFIRM",
"url": "http://www.ledgersmb.org/node/70"
},
{
"name": "4250",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4250"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4077",
"datePublished": "2008-09-15T15:00:00",
"dateReserved": "2008-09-15T00:00:00",
"dateUpdated": "2024-08-07T10:00:42.863Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-4078 (GCVE-0-2008-4078)
Vulnerability from cvelistv5
Published
2008-09-15 15:00
Modified
2024-08-07 10:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in the AR/AP transaction report in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:00:42.806Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=175965\u0026release_id=624978"
},
{
"name": "31843",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31843"
},
{
"name": "ledgersmb-aptransactionreport-sql-injection(45034)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45034"
},
{
"name": "31109",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31109"
},
{
"name": "20080910 Multiple Vulnerabilities: LedgerSMB \u003c 1.2.15",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/496181/100/0/threaded"
},
{
"name": "4250",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4250"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in the AR/AP transaction report in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=175965\u0026release_id=624978"
},
{
"name": "31843",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31843"
},
{
"name": "ledgersmb-aptransactionreport-sql-injection(45034)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45034"
},
{
"name": "31109",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31109"
},
{
"name": "20080910 Multiple Vulnerabilities: LedgerSMB \u003c 1.2.15",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/496181/100/0/threaded"
},
{
"name": "4250",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4250"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4078",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the AR/AP transaction report in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/project/shownotes.php?group_id=175965\u0026release_id=624978",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?group_id=175965\u0026release_id=624978"
},
{
"name": "31843",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31843"
},
{
"name": "ledgersmb-aptransactionreport-sql-injection(45034)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45034"
},
{
"name": "31109",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31109"
},
{
"name": "20080910 Multiple Vulnerabilities: LedgerSMB \u003c 1.2.15",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/496181/100/0/threaded"
},
{
"name": "4250",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4250"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4078",
"datePublished": "2008-09-15T15:00:00",
"dateReserved": "2008-09-15T00:00:00",
"dateUpdated": "2024-08-07T10:00:42.806Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-0667 (GCVE-0-2007-0667)
Vulnerability from cvelistv5
Published
2007-02-02 21:00
Modified
2024-08-07 12:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The redirect function in Form.pm for (1) LedgerSMB before 1.1.5 and (2) SQL-Ledger allows remote authenticated users to execute arbitrary code via redirects, related to callbacks, a different issue than CVE-2006-5872.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:26:54.297Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070127 Arbitrary Code Execution in SQL-Ledger and LedgerSMB through redirects",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/458464/100/0/threaded"
},
{
"name": "20070206 Unofficial SQL-Ledger patch for CVE-2007-0667",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/459264/100/0/threaded"
},
{
"name": "2217",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2217"
},
{
"name": "ADV-2007-0407",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0407"
},
{
"name": "22295",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22295"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-01-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The redirect function in Form.pm for (1) LedgerSMB before 1.1.5 and (2) SQL-Ledger allows remote authenticated users to execute arbitrary code via redirects, related to callbacks, a different issue than CVE-2006-5872."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070127 Arbitrary Code Execution in SQL-Ledger and LedgerSMB through redirects",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/458464/100/0/threaded"
},
{
"name": "20070206 Unofficial SQL-Ledger patch for CVE-2007-0667",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/459264/100/0/threaded"
},
{
"name": "2217",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2217"
},
{
"name": "ADV-2007-0407",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0407"
},
{
"name": "22295",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22295"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0667",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The redirect function in Form.pm for (1) LedgerSMB before 1.1.5 and (2) SQL-Ledger allows remote authenticated users to execute arbitrary code via redirects, related to callbacks, a different issue than CVE-2006-5872."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070127 Arbitrary Code Execution in SQL-Ledger and LedgerSMB through redirects",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/458464/100/0/threaded"
},
{
"name": "20070206 Unofficial SQL-Ledger patch for CVE-2007-0667",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/459264/100/0/threaded"
},
{
"name": "2217",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2217"
},
{
"name": "ADV-2007-0407",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0407"
},
{
"name": "22295",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22295"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0667",
"datePublished": "2007-02-02T21:00:00",
"dateReserved": "2007-02-02T00:00:00",
"dateUpdated": "2024-08-07T12:26:54.297Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1540 (GCVE-0-2007-1540)
Vulnerability from cvelistv5
Published
2007-03-20 22:00
Modified
2024-08-07 12:59
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Directory traversal vulnerability in am.pl in (1) SQL-Ledger 2.6.27 and earlier, and (2) LedgerSMB before 1.2.0, allows remote attackers to run arbitrary executables and bypass authentication via a .. (dot dot) sequence and trailing NULL (%00) in the login parameter. NOTE: this issue was reportedly addressed in SQL-Ledger 2.6.27, however third-party researchers claim that the file is still executed even though an error is generated.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:59:08.628Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "24560",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24560"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sql-ledger.com/cgi-bin/nav.pl?page=news.html\u0026title=What%27s%20New"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=494462\u0026group_id=175965"
},
{
"name": "33624",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/33624"
},
{
"name": "ADV-2007-1024",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1024"
},
{
"name": "ADV-2007-1025",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1025"
},
{
"name": "24585",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24585"
},
{
"name": "20070318 Full Disclosure: Arbitrary execution vulnerability in SQL-Ledger and LedgerSMB",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/463175/100/0/threaded"
},
{
"name": "23034",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23034"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in am.pl in (1) SQL-Ledger 2.6.27 and earlier, and (2) LedgerSMB before 1.2.0, allows remote attackers to run arbitrary executables and bypass authentication via a .. (dot dot) sequence and trailing NULL (%00) in the login parameter. NOTE: this issue was reportedly addressed in SQL-Ledger 2.6.27, however third-party researchers claim that the file is still executed even though an error is generated."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "24560",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24560"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sql-ledger.com/cgi-bin/nav.pl?page=news.html\u0026title=What%27s%20New"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=494462\u0026group_id=175965"
},
{
"name": "33624",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/33624"
},
{
"name": "ADV-2007-1024",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1024"
},
{
"name": "ADV-2007-1025",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1025"
},
{
"name": "24585",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24585"
},
{
"name": "20070318 Full Disclosure: Arbitrary execution vulnerability in SQL-Ledger and LedgerSMB",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/463175/100/0/threaded"
},
{
"name": "23034",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23034"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1540",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in am.pl in (1) SQL-Ledger 2.6.27 and earlier, and (2) LedgerSMB before 1.2.0, allows remote attackers to run arbitrary executables and bypass authentication via a .. (dot dot) sequence and trailing NULL (%00) in the login parameter. NOTE: this issue was reportedly addressed in SQL-Ledger 2.6.27, however third-party researchers claim that the file is still executed even though an error is generated."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "24560",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24560"
},
{
"name": "http://sql-ledger.com/cgi-bin/nav.pl?page=news.html\u0026title=What\u0027s%20New",
"refsource": "CONFIRM",
"url": "http://sql-ledger.com/cgi-bin/nav.pl?page=news.html\u0026title=What\u0027s%20New"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=494462\u0026group_id=175965",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=494462\u0026group_id=175965"
},
{
"name": "33624",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/33624"
},
{
"name": "ADV-2007-1024",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1024"
},
{
"name": "ADV-2007-1025",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1025"
},
{
"name": "24585",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24585"
},
{
"name": "20070318 Full Disclosure: Arbitrary execution vulnerability in SQL-Ledger and LedgerSMB",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/463175/100/0/threaded"
},
{
"name": "23034",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23034"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1540",
"datePublished": "2007-03-20T22:00:00",
"dateReserved": "2007-03-20T00:00:00",
"dateUpdated": "2024-08-07T12:59:08.628Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}