ledgersmb ledgersmb vulnerabilities and exploits

(subscribe to this query)

NA

Unspecified vulnerability in login.pl in LedgerSMB 1.2.0 through 1.2.6 allows remote attackers to bypass authentication and perform certain actions as an arbitrary user via unspecified vectors involving a URL with a redirect parameter value, along with a callback parameter...

Ledgersmb Ledgersmb 1.2.6 Ledgersmb Ledgersmb 1.2.0 Ledgersmb Ledgersmb 1.2.1 Ledgersmb Ledgersmb 1.2.2 Ledgersmb Ledgersmb 1.2.3 Ledgersmb Ledgersmb 1.2.4 Ledgersmb Ledgersmb 1.2.5

NA

Multiple SQL injection vulnerabilities in LedgerSMB (LSMB) 1.1.0 and earlier allow remote attackers to execute arbitrary SQL commands via unspecified vectors in (1) OE.pm, (2) AM.pm, and (3) Form.pm....

Ledgersmb Ledgersmb 1.0.0 Ledgersmb Ledgersmb

NA

Unspecified vulnerability in LedgerSMB before 1.1.5 and SQL-Ledger before 2.6.25 allows remote attackers to overwrite files and possibly bypass authentication, and remote authenticated users to execute unauthorized code, by calling a custom error function that returns from...

Ledgersmb Ledgersmb 1.0.0 Sql-ledger Sql-ledger Ledgersmb Ledgersmb 1.1.0 Ledgersmb Ledgersmb 1.1.1

6.8

CVSSv3

LedgerSMB does not set the 'Secure' attribute on the session authorization cookie when the client uses HTTPS and the LedgerSMB server is behind a reverse proxy. By tricking a user to use an unencrypted connection (HTTP), an attacker may be able to obtain the...

Ledgersmb Ledgersmb 1.8.0

NA

Directory traversal vulnerability in SQL-Ledger, and LedgerSMB before 1.1.5, allows remote attackers to read and overwrite arbitrary files, and execute arbitrary code, via . (dot) characters adjacent to (1) users and (2) users/members strings, which are removed by blacklisting...

Sql-ledger Sql-ledger 2.6.25 Ledgersmb Ledgersmb

NA

Directory traversal vulnerability in am.pl in (1) SQL-Ledger 2.6.27 and earlier, and (2) LedgerSMB before 1.2.0, allows remote attackers to run arbitrary executables and bypass authentication via a .. (dot dot) sequence and trailing NULL (%00) in the login parameter. NOTE: this...

Sql-ledger Sql-ledger Ledgersmb Ledgersmb1 EDB exploit available

NA

(1) LedgerSMB and (2) DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direct requests. The LedgerSMB affected versions are before 1.3.0....

Ledgersmb Ledgersmb Dws Systems Inc. Sql-ledger

9.8

CVSSv3

The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in LedgerSMB through 1.5.x, insufficiently sanitizes or escapes variable values used as part of shell command execution, resulting in shell code injection via the create(), run_file(), backup(), or restore()...

Pgobject-util-dbadmin Project Pgobject-util-dbadmin Ledgersmb Ledgersmb

9.6

CVSSv3

LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure....

Ledgersmb Ledgersmb Debian Debian Linux 10.0 Debian Debian Linux 11.0

4.7

CVSSv3

LedgerSMB does not sufficiently guard against being wrapped by other sites, making it vulnerable to 'clickjacking'. This allows an attacker to trick a targetted user to execute unintended actions....

Ledgersmb Ledgersmb Debian Debian Linux 10.0 Debian Debian Linux 11.0

Get Started

1 2 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook