Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
By Recent Activity
ledgersmb ledgersmb vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2007-3907
Unspecified vulnerability in login.pl in LedgerSMB 1.2.0 through 1.2.6 allows remote attackers to bypass authentication and perform certain actions as an arbitrary user via unspecified vectors involving a URL with a redirect parameter value, along with a callback parameter...
Ledgersmb Ledgersmb 1.2.6
Ledgersmb Ledgersmb 1.2.0
Ledgersmb Ledgersmb 1.2.1
Ledgersmb Ledgersmb 1.2.2
Ledgersmb Ledgersmb 1.2.3
Ledgersmb Ledgersmb 1.2.4
Ledgersmb Ledgersmb 1.2.5
7.5
CVSSv2
CVE-2006-5589
Multiple SQL injection vulnerabilities in LedgerSMB (LSMB) 1.1.0 and earlier allow remote attackers to execute arbitrary SQL commands via unspecified vectors in (1) OE.pm, (2) AM.pm, and (3) Form.pm....
Ledgersmb Ledgersmb 1.0.0
Ledgersmb Ledgersmb
9
CVSSv2
CVE-2007-1437
Unspecified vulnerability in LedgerSMB before 1.1.5 and SQL-Ledger before 2.6.25 allows remote attackers to overwrite files and possibly bypass authentication, and remote authenticated users to execute unauthorized code, by calling a custom error function that returns from...
Ledgersmb Ledgersmb 1.0.0
Sql-ledger Sql-ledger
Ledgersmb Ledgersmb 1.1.0
Ledgersmb Ledgersmb 1.1.1
4
CVSSv2
CVE-2021-3882
LedgerSMB does not set the 'Secure' attribute on the session authorization cookie when the client uses HTTPS and the LedgerSMB server is behind a reverse proxy. By tricking a user to use an unencrypted connection (HTTP), an attacker may be able to obtain the...
Ledgersmb Ledgersmb 1.8.0
1 Github repository available
4.3
CVSSv2
CVE-2007-1540
Directory traversal vulnerability in am.pl in (1) SQL-Ledger 2.6.27 and earlier, and (2) LedgerSMB before 1.2.0, allows remote attackers to run arbitrary executables and bypass authentication via a .. (dot dot) sequence and trailing NULL (%00) in the login parameter. NOTE: this...
Sql-ledger Sql-ledger
Ledgersmb Ledgersmb
1 EDB exploit available
10
CVSSv2
CVE-2007-1329
Directory traversal vulnerability in SQL-Ledger, and LedgerSMB before 1.1.5, allows remote attackers to read and overwrite arbitrary files, and execute arbitrary code, via . (dot) characters adjacent to (1) users and (2) users/members strings, which are removed by blacklisting...
Sql-ledger Sql-ledger 2.6.25
Ledgersmb Ledgersmb
7.5
CVSSv2
CVE-2007-1923
(1) LedgerSMB and (2) DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direct requests....
Dws Systems Inc. Sql-ledger
Ledgersmb Ledgersmb
6.8
CVSSv2
CVE-2021-3694
LedgerSMB does not sufficiently HTML-encode error messages sent to the browser. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure....
Ledgersmb Ledgersmb
Debian Debian Linux 10.0
Debian Debian Linux 11.0
4.3
CVSSv2
CVE-2021-3731
LedgerSMB does not sufficiently guard against being wrapped by other sites, making it vulnerable to 'clickjacking'. This allows an attacker to trick a targetted user to execute unintended actions....
Ledgersmb Ledgersmb
Debian Debian Linux 10.0
Debian Debian Linux 11.0
7.5
CVSSv2
CVE-2018-9246
The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in LedgerSMB through 1.5.x, insufficiently sanitizes or escapes variable values used as part of shell command execution, resulting in shell code injection via the create(), run_file(), backup(), or restore()...
Pgobject-util-dbadmin Project Pgobject-util-dbadmin
Ledgersmb Ledgersmb
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-41831
arbitrary code
LFI
CVE-2023-1536
CVE-2023-0175
XML external entity
CVE-2023-1515
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »