sql-ledger

Top products

The 15 most recently published vulnerabilities affecting sql-ledger.

• CVE-2009-4402The default configuration of SQL-Ledger 2.8.24 allows remote attackers to perform unspecified administrative operations by providing an arbitrary password to the admin interface.7.5Dec 23, 2009
• CVE-2009-3584SQL-Ledger 2.8.24 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within ...5.0Dec 23, 2009
• CVE-2009-3583Directory traversal vulnerability in the Preferences menu item in SQL-Ledger 2.8.24 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the countrycode field.5.1Dec 23, 2009
• CVE-2009-3582Multiple SQL injection vulnerabilities in the delete subroutine in SQL-Ledger 2.8.24 allow remote authenticated users to execute arbitrary SQL commands via the (1) id and possibly (2) db parameters...6.5Dec 23, 2009
• CVE-2009-3581Multiple cross-site scripting (XSS) vulnerabilities in SQL-Ledger 2.8.24 allow remote authenticated users to inject arbitrary web script or HTML via (1) the DCN Description field in the Accounts Re...3.5Dec 23, 2009
• CVE-2009-3580Cross-site request forgery (CSRF) vulnerability in am.pl in SQL-Ledger 2.8.24 allows remote attackers to hijack the authentication of arbitrary users for requests that change a password via the log...6.8Dec 23, 2009
• CVE-2008-4078SQL injection vulnerability in the AR/AP transaction report in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allows remote authenticated users to execute arbitrary SQL co...6.5Sep 15, 2008
• CVE-2008-4077The CGI scripts in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allow remote attackers to cause a denial of service (resource exhaustion) via an HTTP POST request with a...7.8Sep 15, 2008
• CVE-2007-1923(1) LedgerSMB and (2) DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direc...7.5Apr 10, 2007
• CVE-2007-1541Directory traversal vulnerability in am.pl in SQL-Ledger 2.6.27 only checks for the presence of a NULL (%00) character to protect against directory traversal attacks, which allows remote attackers ...7.5Mar 20, 2007
• CVE-2007-1540Directory traversal vulnerability in am.pl in (1) SQL-Ledger 2.6.27 and earlier, and (2) LedgerSMB before 1.2.0, allows remote attackers to run arbitrary executables and bypass authentication via a...4.3Mar 20, 2007
• CVE-2007-1437Unspecified vulnerability in LedgerSMB before 1.1.5 and SQL-Ledger before 2.6.25 allows remote attackers to overwrite files and possibly bypass authentication, and remote authenticated users to exe...9.0Mar 13, 2007
• CVE-2007-1436Unspecified vulnerability in admin.pl in SQL-Ledger before 2.6.26 and LedgerSMB before 1.1.9 allows remote attackers to bypass authentication via unknown vectors that prevents a password check from...7.5Mar 13, 2007
• CVE-2007-1329Directory traversal vulnerability in SQL-Ledger, and LedgerSMB before 1.1.5, allows remote attackers to read and overwrite arbitrary files, and execute arbitrary code, via . (dot) characters adjace...10.0Mar 7, 2007
• CVE-2007-0667The redirect function in Form.pm for (1) LedgerSMB before 1.1.5 and (2) SQL-Ledger allows remote authenticated users to execute arbitrary code via redirects, related to callbacks, a different issue...6.5Feb 2, 2007