Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ledgersmb ledgersmb vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2007-3907
Unspecified vulnerability in login.pl in LedgerSMB 1.2.0 up to and including 1.2.6 allows remote malicious users to bypass authentication and perform certain actions as an arbitrary user via unspecified vectors involving a URL with a redirect parameter value, along with a callbac...
Ledgersmb Ledgersmb 1.2.3
Ledgersmb Ledgersmb 1.2.5
Ledgersmb Ledgersmb 1.2.2
Ledgersmb Ledgersmb 1.2.6
Ledgersmb Ledgersmb 1.2.0
Ledgersmb Ledgersmb 1.2.1
Ledgersmb Ledgersmb 1.2.4
NA
CVE-2006-5589
Multiple SQL injection vulnerabilities in LedgerSMB (LSMB) 1.1.0 and previous versions allow remote malicious users to execute arbitrary SQL commands via unspecified vectors in (1) OE.pm, (2) AM.pm, and (3) Form.pm.
Ledgersmb Ledgersmb 1.0.0
Ledgersmb Ledgersmb
NA
CVE-2007-1437
Unspecified vulnerability in LedgerSMB prior to 1.1.5 and SQL-Ledger prior to 2.6.25 allows remote malicious users to overwrite files and possibly bypass authentication, and remote authenticated users to execute unauthorized code, by calling a custom error function that returns f...
Ledgersmb Ledgersmb 1.1.0
Ledgersmb Ledgersmb 1.0.0
Sql-ledger Sql-ledger
Ledgersmb Ledgersmb 1.1.1
6.8
CVSSv3
CVE-2021-3882
LedgerSMB does not set the 'Secure' attribute on the session authorization cookie when the client uses HTTPS and the LedgerSMB server is behind a reverse proxy. By tricking a user to use an unencrypted connection (HTTP), an attacker may be able to obtain the authenticat...
Ledgersmb Ledgersmb
7.5
CVSSv3
CVE-2024-23831
LedgerSMB is a free web-based double-entry accounting system. When a LedgerSMB database administrator has an active session in /setup.pl, an attacker can trick the admin into clicking on a link which automatically submits a request to setup.pl without the admin's consent. Th...
Ledgersmb Ledgersmb
NA
CVE-2008-4077
The CGI scripts in (1) LedgerSMB (LSMB) prior to 1.2.15 and (2) SQL-Ledger 2.8.17 and previous versions allow remote malicious users to cause a denial of service (resource exhaustion) via an HTTP POST request with a large Content-Length.
Sql-ledger Sql-ledger
Ledgersmb Ledgersmb
NA
CVE-2008-4078
SQL injection vulnerability in the AR/AP transaction report in (1) LedgerSMB (LSMB) prior to 1.2.15 and (2) SQL-Ledger 2.8.17 and previous versions allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
Sql-ledger Sql-ledger
Ledgersmb Ledgersmb
NA
CVE-2007-1540
Directory traversal vulnerability in am.pl in (1) SQL-Ledger 2.6.27 and previous versions, and (2) LedgerSMB prior to 1.2.0, allows remote malicious users to run arbitrary executables and bypass authentication via a .. (dot dot) sequence and trailing NULL (%00) in the login param...
Sql-ledger Sql-ledger
Ledgersmb Ledgersmb
1 EDB exploit
NA
CVE-2007-1923
(1) LedgerSMB and (2) DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote malicious users to access restricted functionality via direct requests. The LedgerSMB affected versions are prior to 1.3.0.
Ledgersmb Ledgersmb
Sql-ledger Sql-ledger -
NA
CVE-2007-1329
Directory traversal vulnerability in SQL-Ledger, and LedgerSMB prior to 1.1.5, allows remote malicious users to read and overwrite arbitrary files, and execute arbitrary code, via . (dot) characters adjacent to (1) users and (2) users/members strings, which are removed by blackli...
Sql-ledger Sql-ledger 2.6.25
Ledgersmb Ledgersmb
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-9553
CVE-2024-47332
CVE-2024-47360
remote code execution
CVE-2024-45409
CVE-2024-45519
overflow
CVE-2024-47371
stored XSS
Home
/
Search Results
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »