Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ledgersmb ledgersmb vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2018-9246
The PGObject::Util::DBAdmin module prior to 0.120.0 for Perl, as used in LedgerSMB up to and including 1.5.x, insufficiently sanitizes or escapes variable values used as part of shell command execution, resulting in shell code injection via the create(), run_file(), backup(), or ...
Pgobject-util-dbadmin Project Pgobject-util-dbadmin
Ledgersmb Ledgersmb
9.6
CVSSv3
CVE-2021-3693
LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure.
Ledgersmb Ledgersmb
Debian Debian Linux 10.0
Debian Debian Linux 11.0
9.6
CVSSv3
CVE-2021-3694
LedgerSMB does not sufficiently HTML-encode error messages sent to the browser. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure.
Ledgersmb Ledgersmb
Debian Debian Linux 10.0
Debian Debian Linux 11.0
4.7
CVSSv3
CVE-2021-3731
LedgerSMB does not sufficiently guard against being wrapped by other sites, making it vulnerable to 'clickjacking'. This allows an malicious user to trick a targetted user to execute unintended actions.
Ledgersmb Ledgersmb
Debian Debian Linux 10.0
Debian Debian Linux 11.0
NA
CVE-2007-5372
Multiple SQL injection vulnerabilities in (a) LedgerSMB 1.0.0 up to and including 1.2.7 and (b) DWS Systems SQL-Ledger 2.x allow remote malicious users to execute arbitrary SQL commands via (1) the invoice quantity field or (2) the sort field.
Dws Systems Inc. Sql-ledger 2.2.7
Dws Systems Inc. Sql-ledger 2.4.0
Dws Systems Inc. Sql-ledger 2.4.15
Dws Systems Inc. Sql-ledger 2.4.16
Dws Systems Inc. Sql-ledger 2.4.8
Dws Systems Inc. Sql-ledger 2.4.9
Dws Systems Inc. Sql-ledger 2.6.16
Dws Systems Inc. Sql-ledger 2.6.17
Dws Systems Inc. Sql-ledger 2.6.6
Dws Systems Inc. Sql-ledger 2.6.7
Ledgersmb Ledgersmb 1.1.8
Ledgersmb Ledgersmb 1.2.0
Dws Systems Inc. Sql-ledger 2.2.0
Dws Systems Inc. Sql-ledger 2.2.1
Dws Systems Inc. Sql-ledger 2.4.1
Dws Systems Inc. Sql-ledger 2.4.10
Dws Systems Inc. Sql-ledger 2.4.2
Dws Systems Inc. Sql-ledger 2.4.3
Dws Systems Inc. Sql-ledger 2.6.1
Dws Systems Inc. Sql-ledger 2.6.10
Dws Systems Inc. Sql-ledger 2.6.18
Dws Systems Inc. Sql-ledger 2.6.2
NA
CVE-2007-1436
Unspecified vulnerability in admin.pl in SQL-Ledger prior to 2.6.26 and LedgerSMB prior to 1.1.9 allows remote malicious users to bypass authentication via unknown vectors that prevents a password check from occurring.
Sql-ledger Sql-ledger 2.4.10
Sql-ledger Sql-ledger 2.4.11
Sql-ledger Sql-ledger 2.4.6
Sql-ledger Sql-ledger 2.4.7
Sql-ledger Sql-ledger 2.6.12
Sql-ledger Sql-ledger 2.6.13
Sql-ledger Sql-ledger 2.6.2
Sql-ledger Sql-ledger 2.6.21
Ledgersmb Ledgersmb
Sql-ledger Sql-ledger
Sql-ledger Sql-ledger 2.4.12
Sql-ledger Sql-ledger 2.4.13
Sql-ledger Sql-ledger 2.4.8
Sql-ledger Sql-ledger 2.4.9
Sql-ledger Sql-ledger 2.6.14
Sql-ledger Sql-ledger 2.6.15
Sql-ledger Sql-ledger 2.6.3
Sql-ledger Sql-ledger 2.6.4
Sql-ledger Sql-ledger 2.6.5
Ledgersmb Ledgersmb 1.1.1
Ledgersmb Ledgersmb 1.1.5
Sql-ledger Sql-ledger 2.4.4
NA
CVE-2007-0667
The redirect function in Form.pm for (1) LedgerSMB prior to 1.1.5 and (2) SQL-Ledger allows remote authenticated users to execute arbitrary code via redirects, related to callbacks, a different issue than CVE-2006-5872.
Sql-ledger Sql-ledger 2.6.19
Sql-ledger Sql-ledger 2.6.21
Sql-ledger Sql-ledger 2.6.25
Ledgersmb Ledgersmb
Sql-ledger Sql-ledger 2.6.17
Sql-ledger Sql-ledger 2.6.18
Sql-ledger Sql-ledger 2.4.7
NA
CVE-2006-4731
Multiple directory traversal vulnerabilities in (1) login.pl and (2) admin.pl in (a) SQL-Ledger prior to 2.6.19 and (b) LedgerSMB prior to 1.0.0p1 allow remote malicious users to execute arbitrary Perl code via an unspecified terminal parameter value containing ../ (dot dot slash...
Dws Systems Inc. Sql-ledger 2.6.14
Dws Systems Inc. Sql-ledger 2.4.10
Dws Systems Inc. Sql-ledger 2.4.7
Dws Systems Inc. Sql-ledger 2.2.3
Dws Systems Inc. Sql-ledger 2.6.12
Dws Systems Inc. Sql-ledger 2.2.5
Dws Systems Inc. Sql-ledger 2.4.6
Dws Systems Inc. Sql-ledger 2.6.15
Dws Systems Inc. Sql-ledger 2.6.6
Dws Systems Inc. Sql-ledger 2.6.3
Dws Systems Inc. Sql-ledger 2.4.12
Dws Systems Inc. Sql-ledger 2.6.13
Dws Systems Inc. Sql-ledger 2.4.14
Dws Systems Inc. Sql-ledger 2.6.1
Dws Systems Inc. Sql-ledger 2.6.16
Dws Systems Inc. Sql-ledger 2.2.0
Dws Systems Inc. Sql-ledger 2.6.11
Dws Systems Inc. Sql-ledger 2.2.6
Dws Systems Inc. Sql-ledger 2.4.13
Dws Systems Inc. Sql-ledger 2.4.5
Dws Systems Inc. Sql-ledger 2.4.11
Dws Systems Inc. Sql-ledger 2.6.18
1 EDB exploit
NA
CVE-2006-5872
login.pl in SQL-Ledger prior to 2.6.21 and LedgerSMB prior to 1.1.5 allows remote malicious users to execute arbitrary Perl code via the "-e" flag in the script parameter, which is used as an argument to the perl program.
Dws Systems Inc. Sql-ledger 2.6.27
NA
CVE-2006-4244
SQL-Ledger 2.4.4 up to and including 2.6.17 authenticates users by verifying that the value of the sql-ledger-[username] cookie matches the value of the sessionid parameter, which allows remote malicious users to gain access as any logged-in user by setting the cookie and the par...
Sql-ledger Sql-ledger 2.6.16
Sql-ledger Sql-ledger 2.4.5
Sql-ledger Sql-ledger 2.6.6
Sql-ledger Sql-ledger 2.6.11
Sql-ledger Sql-ledger 2.4.7
Sql-ledger Sql-ledger 2.6.1
Sql-ledger Sql-ledger 2.6.15
Sql-ledger Sql-ledger 2.4.8
Sql-ledger Sql-ledger 2.6.9
Sql-ledger Sql-ledger 2.6.0
Sql-ledger Sql-ledger 2.6.12
Sql-ledger Sql-ledger 2.6.3
Sql-ledger Sql-ledger 2.4.9
Sql-ledger Sql-ledger 2.6.17
Sql-ledger Sql-ledger 2.4.4
Sql-ledger Sql-ledger 2.6.14
Sql-ledger Sql-ledger 2.4.6
Sql-ledger Sql-ledger 2.4.10
Sql-ledger Sql-ledger 2.4.13
Sql-ledger Sql-ledger 2.6.4
Sql-ledger Sql-ledger 2.4.16
Sql-ledger Sql-ledger 2.6.7
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2108
CVE-2024-31061
CVE-2024-25959
CVE-2023-45866
injection
IDOR
memory leak
CVE-2024-1086
CVE-2023-42931
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2