Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ledgersmb ledgersmb vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2024-23831
LedgerSMB is a free web-based double-entry accounting system. When a LedgerSMB database administrator has an active session in /setup.pl, an attacker can trick the admin into clicking on a link which automatically submits a request to setup.pl without the admin's consent. Th...
Ledgersmb Ledgersmb
6.8
CVSSv3
CVE-2021-3882
LedgerSMB does not set the 'Secure' attribute on the session authorization cookie when the client uses HTTPS and the LedgerSMB server is behind a reverse proxy. By tricking a user to use an unencrypted connection (HTTP), an attacker may be able to obtain the authenticat...
Ledgersmb Ledgersmb
9.6
CVSSv3
CVE-2021-3693
LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure.
Ledgersmb Ledgersmb
Debian Debian Linux 10.0
Debian Debian Linux 11.0
9.6
CVSSv3
CVE-2021-3694
LedgerSMB does not sufficiently HTML-encode error messages sent to the browser. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure.
Ledgersmb Ledgersmb
Debian Debian Linux 10.0
Debian Debian Linux 11.0
4.7
CVSSv3
CVE-2021-3731
LedgerSMB does not sufficiently guard against being wrapped by other sites, making it vulnerable to 'clickjacking'. This allows an malicious user to trick a targetted user to execute unintended actions.
Ledgersmb Ledgersmb
Debian Debian Linux 10.0
Debian Debian Linux 11.0
9.8
CVSSv3
CVE-2018-9246
The PGObject::Util::DBAdmin module prior to 0.120.0 for Perl, as used in LedgerSMB up to and including 1.5.x, insufficiently sanitizes or escapes variable values used as part of shell command execution, resulting in shell code injection via the create(), run_file(), backup(), or ...
Pgobject-util-dbadmin Project Pgobject-util-dbadmin
Ledgersmb Ledgersmb
NA
CVE-2008-4077
The CGI scripts in (1) LedgerSMB (LSMB) prior to 1.2.15 and (2) SQL-Ledger 2.8.17 and previous versions allow remote malicious users to cause a denial of service (resource exhaustion) via an HTTP POST request with a large Content-Length.
Sql-ledger Sql-ledger
Ledgersmb Ledgersmb
NA
CVE-2008-4078
SQL injection vulnerability in the AR/AP transaction report in (1) LedgerSMB (LSMB) prior to 1.2.15 and (2) SQL-Ledger 2.8.17 and previous versions allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
Sql-ledger Sql-ledger
Ledgersmb Ledgersmb
NA
CVE-2007-5372
Multiple SQL injection vulnerabilities in (a) LedgerSMB 1.0.0 up to and including 1.2.7 and (b) DWS Systems SQL-Ledger 2.x allow remote malicious users to execute arbitrary SQL commands via (1) the invoice quantity field or (2) the sort field.
Dws Systems Inc. Sql-ledger 2.2.7
Dws Systems Inc. Sql-ledger 2.4.0
Dws Systems Inc. Sql-ledger 2.4.15
Dws Systems Inc. Sql-ledger 2.4.16
Dws Systems Inc. Sql-ledger 2.4.8
Dws Systems Inc. Sql-ledger 2.4.9
Dws Systems Inc. Sql-ledger 2.6.16
Dws Systems Inc. Sql-ledger 2.6.17
Dws Systems Inc. Sql-ledger 2.6.6
Dws Systems Inc. Sql-ledger 2.6.7
Ledgersmb Ledgersmb 1.1.8
Ledgersmb Ledgersmb 1.2.0
Dws Systems Inc. Sql-ledger 2.2.0
Dws Systems Inc. Sql-ledger 2.2.1
Dws Systems Inc. Sql-ledger 2.4.1
Dws Systems Inc. Sql-ledger 2.4.10
Dws Systems Inc. Sql-ledger 2.4.2
Dws Systems Inc. Sql-ledger 2.4.3
Dws Systems Inc. Sql-ledger 2.6.1
Dws Systems Inc. Sql-ledger 2.6.10
Dws Systems Inc. Sql-ledger 2.6.18
Dws Systems Inc. Sql-ledger 2.6.2
NA
CVE-2007-3907
Unspecified vulnerability in login.pl in LedgerSMB 1.2.0 up to and including 1.2.6 allows remote malicious users to bypass authentication and perform certain actions as an arbitrary user via unspecified vectors involving a URL with a redirect parameter value, along with a callbac...
Ledgersmb Ledgersmb 1.2.6
Ledgersmb Ledgersmb 1.2.0
Ledgersmb Ledgersmb 1.2.1
Ledgersmb Ledgersmb 1.2.2
Ledgersmb Ledgersmb 1.2.3
Ledgersmb Ledgersmb 1.2.4
Ledgersmb Ledgersmb 1.2.5
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671
unauthorized
CVE-2024-4776
CVE-2024-3407
CVE-2024-26026
CVE-2024-32888
wireless
CVE-2024-4656
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »