ledgersmb

Top products

The 15 most recently published vulnerabilities affecting ledgersmb.

• CVE-2024-23831Privilege escalation through CSRF attack on 'setup.pl'7.5Feb 2, 2024
• CVE-2021-3882Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in ledgersmb/ledgersmb6.8Oct 14, 2021
• CVE-2021-3731Improper Restriction of Rendered UI Layers or Frames in ledgersmb/ledgersmb5.9Aug 23, 2021
• CVE-2021-3694Cross-site Scripting (XSS) - Reflected in ledgersmb/ledgersmb8.2Aug 23, 2021
• CVE-2021-3693Cross-site Scripting (XSS) - DOM in ledgersmb/ledgersmb8.8Aug 23, 2021
• CVE-2018-9246The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in LedgerSMB through 1.5.x, insufficiently sanitizes or escapes variable values used as part of shell command execution, resultin...9.8Jun 8, 2018
• CVE-2008-4078SQL injection vulnerability in the AR/AP transaction report in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allows remote authenticated users to execute arbitrary SQL co...6.5Sep 15, 2008
• CVE-2008-4077The CGI scripts in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allow remote attackers to cause a denial of service (resource exhaustion) via an HTTP POST request with a...7.8Sep 15, 2008
• CVE-2007-5372Multiple SQL injection vulnerabilities in (a) LedgerSMB 1.0.0 through 1.2.7 and (b) DWS Systems SQL-Ledger 2.x allow remote attackers to execute arbitrary SQL commands via (1) the invoice quantity ...10.0Oct 11, 2007
• CVE-2007-3907Unspecified vulnerability in login.pl in LedgerSMB 1.2.0 through 1.2.6 allows remote attackers to bypass authentication and perform certain actions as an arbitrary user via unspecified vectors invo...10.0Jul 19, 2007
• CVE-2007-1923(1) LedgerSMB and (2) DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direc...7.5Apr 10, 2007
• CVE-2007-1540Directory traversal vulnerability in am.pl in (1) SQL-Ledger 2.6.27 and earlier, and (2) LedgerSMB before 1.2.0, allows remote attackers to run arbitrary executables and bypass authentication via a...4.3Mar 20, 2007
• CVE-2007-1437Unspecified vulnerability in LedgerSMB before 1.1.5 and SQL-Ledger before 2.6.25 allows remote attackers to overwrite files and possibly bypass authentication, and remote authenticated users to exe...9.0Mar 13, 2007
• CVE-2007-1436Unspecified vulnerability in admin.pl in SQL-Ledger before 2.6.26 and LedgerSMB before 1.1.9 allows remote attackers to bypass authentication via unknown vectors that prevents a password check from...7.5Mar 13, 2007
• CVE-2007-1329Directory traversal vulnerability in SQL-Ledger, and LedgerSMB before 1.1.5, allows remote attackers to read and overwrite arbitrary files, and execute arbitrary code, via . (dot) characters adjace...10.0Mar 7, 2007