Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Ledgersmb
(Ledgersmb)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 18 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2018-06-07 | CVE-2018-9246 | The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in LedgerSMB through 1.5.x, insufficiently sanitizes or escapes variable values used as part of shell command execution, resulting in shell code injection via the create(), run_file(), backup(), or restore() function. The vulnerability allows unauthorized users to execute code with the same privileges as the running application. | Ledgersmb, Pgobject\-Util\-Dbadmin | 9.8 | ||
| 2007-10-11 | CVE-2007-5372 | Multiple SQL injection vulnerabilities in (a) LedgerSMB 1.0.0 through 1.2.7 and (b) DWS Systems SQL-Ledger 2.x allow remote attackers to execute arbitrary SQL commands via (1) the invoice quantity field or (2) the sort field. | Sql\-Ledger, Ledgersmb | N/A | ||
| 2007-07-19 | CVE-2007-3907 | Unspecified vulnerability in login.pl in LedgerSMB 1.2.0 through 1.2.6 allows remote attackers to bypass authentication and perform certain actions as an arbitrary user via unspecified vectors involving a URL with a redirect parameter value, along with a callback parameter containing an escaped URL that specifies the action. | Ledgersmb | N/A | ||
| 2007-03-13 | CVE-2007-1437 | Unspecified vulnerability in LedgerSMB before 1.1.5 and SQL-Ledger before 2.6.25 allows remote attackers to overwrite files and possibly bypass authentication, and remote authenticated users to execute unauthorized code, by calling a custom error function that returns from execution. | Ledgersmb, Sql\-Ledger | N/A | ||
| 2007-03-13 | CVE-2007-1436 | Unspecified vulnerability in admin.pl in SQL-Ledger before 2.6.26 and LedgerSMB before 1.1.9 allows remote attackers to bypass authentication via unknown vectors that prevents a password check from occurring. | Ledgersmb, Sql\-Ledger | N/A | ||
| 2007-03-07 | CVE-2007-1329 | Directory traversal vulnerability in SQL-Ledger, and LedgerSMB before 1.1.5, allows remote attackers to read and overwrite arbitrary files, and execute arbitrary code, via . (dot) characters adjacent to (1) users and (2) users/members strings, which are removed by blacklisting functions that filter these strings and collapse into .. (dot dot) sequences. | Ledgersmb, Sql\-Ledger | N/A | ||
| 2007-02-02 | CVE-2007-0667 | The redirect function in Form.pm for (1) LedgerSMB before 1.1.5 and (2) SQL-Ledger allows remote authenticated users to execute arbitrary code via redirects, related to callbacks, a different issue than CVE-2006-5872. | Ledgersmb, Sql\-Ledger | N/A | ||
| 2006-10-27 | CVE-2006-5589 | Multiple SQL injection vulnerabilities in LedgerSMB (LSMB) 1.1.0 and earlier allow remote attackers to execute arbitrary SQL commands via unspecified vectors in (1) OE.pm, (2) AM.pm, and (3) Form.pm. | Ledgersmb | N/A |