ledgersmb ledgersmb vulnerabilities and exploits

(subscribe to this query)

10

CVSSv2

Unspecified vulnerability in login.pl in LedgerSMB 1.2.0 through 1.2.6 allows remote attackers to bypass authentication and perform certain actions as an arbitrary user via unspecified vectors involving a URL with a redirect parameter value, along with a callback parameter...

Ledgersmb Ledgersmb 1.2.6 Ledgersmb Ledgersmb 1.2.0 Ledgersmb Ledgersmb 1.2.1 Ledgersmb Ledgersmb 1.2.2 Ledgersmb Ledgersmb 1.2.3 Ledgersmb Ledgersmb 1.2.4 Ledgersmb Ledgersmb 1.2.5

7.5

CVSSv2

Multiple SQL injection vulnerabilities in LedgerSMB (LSMB) 1.1.0 and earlier allow remote attackers to execute arbitrary SQL commands via unspecified vectors in (1) OE.pm, (2) AM.pm, and (3) Form.pm....

Ledgersmb Ledgersmb 1.0.0 Ledgersmb Ledgersmb

9

CVSSv2

Unspecified vulnerability in LedgerSMB before 1.1.5 and SQL-Ledger before 2.6.25 allows remote attackers to overwrite files and possibly bypass authentication, and remote authenticated users to execute unauthorized code, by calling a custom error function that returns from...

Ledgersmb Ledgersmb 1.0.0 Sql-ledger Sql-ledger Ledgersmb Ledgersmb 1.1.0 Ledgersmb Ledgersmb 1.1.1

4

CVSSv2

LedgerSMB does not set the 'Secure' attribute on the session authorization cookie when the client uses HTTPS and the LedgerSMB server is behind a reverse proxy. By tricking a user to use an unencrypted connection (HTTP), an attacker may be able to obtain the...

Ledgersmb Ledgersmb 1.8.0

6.8

CVSSv2

LedgerSMB does not sufficiently HTML-encode error messages sent to the browser. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure....

Ledgersmb Ledgersmb Debian Debian Linux 10.0 Debian Debian Linux 11.0

4.3

CVSSv2

LedgerSMB does not sufficiently guard against being wrapped by other sites, making it vulnerable to 'clickjacking'. This allows an attacker to trick a targetted user to execute unintended actions....

Ledgersmb Ledgersmb Debian Debian Linux 10.0 Debian Debian Linux 11.0

4.3

CVSSv2

Directory traversal vulnerability in am.pl in (1) SQL-Ledger 2.6.27 and earlier, and (2) LedgerSMB before 1.2.0, allows remote attackers to run arbitrary executables and bypass authentication via a .. (dot dot) sequence and trailing NULL (%00) in the login parameter. NOTE: this...

Sql-ledger Sql-ledger Ledgersmb Ledgersmb1 EDB exploit available

7.5

CVSSv2

(1) LedgerSMB and (2) DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direct requests....

Dws Systems Inc. Sql-ledger Ledgersmb Ledgersmb

10

CVSSv2

Directory traversal vulnerability in SQL-Ledger, and LedgerSMB before 1.1.5, allows remote attackers to read and overwrite arbitrary files, and execute arbitrary code, via . (dot) characters adjacent to (1) users and (2) users/members strings, which are removed by blacklisting...

Sql-ledger Sql-ledger 2.6.25 Ledgersmb Ledgersmb

7.5

CVSSv2

The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in LedgerSMB through 1.5.x, insufficiently sanitizes or escapes variable values used as part of shell command execution, resulting in shell code injection via the create(), run_file(), backup(), or restore()...

Pgobject-util-dbadmin Project Pgobject-util-dbadmin Ledgersmb Ledgersmb

Get Started

1 2 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook