Vulnerability-Lookup

Search criteria ⓘ Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

Full-Text Search

Vendor

Product

Assigner

Sources

Sort by

Order

Apply ordering (override relevance)

CVE-2008-4078 (GCVE-0-2008-4078)

Vulnerability from nvd – Published: 2008-09-15 15:00 – Updated: 2024-08-07 10:00

Summary

SQL injection vulnerability in the AR/AP transaction report in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

Severity

No CVSS data available.

CWE

n/a

Assigner

mitre

References

6 references

URL	Tags
http://sourceforge.net/project/shownotes.php?grou…	x_refsource_CONFIRM
http://secunia.com/advisories/31843	third-party-advisoryx_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
http://www.securityfocus.com/bid/31109	vdb-entryx_refsource_BID
http://www.securityfocus.com/archive/1/496181/100…	mailing-listx_refsource_BUGTRAQ
http://securityreason.com/securityalert/4250	third-party-advisoryx_refsource_SREASON

Date Public

2008-09-10 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T10:00:42.806Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sourceforge.net/project/shownotes.php?group_id=175965\u0026release_id=624978"
          },
          {
            "name": "31843",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31843"
          },
          {
            "name": "ledgersmb-aptransactionreport-sql-injection(45034)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45034"
          },
          {
            "name": "31109",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/31109"
          },
          {
            "name": "20080910 Multiple Vulnerabilities: LedgerSMB \u003c 1.2.15",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/496181/100/0/threaded"
          },
          {
            "name": "4250",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/4250"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-09-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "SQL injection vulnerability in the AR/AP transaction report in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-11T19:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sourceforge.net/project/shownotes.php?group_id=175965\u0026release_id=624978"
        },
        {
          "name": "31843",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31843"
        },
        {
          "name": "ledgersmb-aptransactionreport-sql-injection(45034)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45034"
        },
        {
          "name": "31109",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/31109"
        },
        {
          "name": "20080910 Multiple Vulnerabilities: LedgerSMB \u003c 1.2.15",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/496181/100/0/threaded"
        },
        {
          "name": "4250",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/4250"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-4078",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SQL injection vulnerability in the AR/AP transaction report in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://sourceforge.net/project/shownotes.php?group_id=175965\u0026release_id=624978",
              "refsource": "CONFIRM",
              "url": "http://sourceforge.net/project/shownotes.php?group_id=175965\u0026release_id=624978"
            },
            {
              "name": "31843",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31843"
            },
            {
              "name": "ledgersmb-aptransactionreport-sql-injection(45034)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45034"
            },
            {
              "name": "31109",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/31109"
            },
            {
              "name": "20080910 Multiple Vulnerabilities: LedgerSMB \u003c 1.2.15",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/496181/100/0/threaded"
            },
            {
              "name": "4250",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/4250"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-4078",
    "datePublished": "2008-09-15T15:00:00.000Z",
    "dateReserved": "2008-09-15T00:00:00.000Z",
    "dateUpdated": "2024-08-07T10:00:42.806Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2008-4077 (GCVE-0-2008-4077)

Vulnerability from nvd – Published: 2008-09-15 15:00 – Updated: 2024-08-07 10:00

Summary

The CGI scripts in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allow remote attackers to cause a denial of service (resource exhaustion) via an HTTP POST request with a large Content-Length.

Severity

No CVSS data available.

CWE

n/a

Assigner

mitre

References

6 references

URL	Tags
http://secunia.com/advisories/31843	third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/31109	vdb-entryx_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
http://www.securityfocus.com/archive/1/496181/100…	mailing-listx_refsource_BUGTRAQ
http://www.ledgersmb.org/node/70	x_refsource_CONFIRM
http://securityreason.com/securityalert/4250	third-party-advisoryx_refsource_SREASON

Date Public

2008-09-10 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T10:00:42.863Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "31843",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31843"
          },
          {
            "name": "31109",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/31109"
          },
          {
            "name": "ledgersmb-contentlength-dos(45033)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45033"
          },
          {
            "name": "20080910 Multiple Vulnerabilities: LedgerSMB \u003c 1.2.15",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/496181/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ledgersmb.org/node/70"
          },
          {
            "name": "4250",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/4250"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-09-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The CGI scripts in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allow remote attackers to cause a denial of service (resource exhaustion) via an HTTP POST request with a large Content-Length."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-11T19:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "31843",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31843"
        },
        {
          "name": "31109",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/31109"
        },
        {
          "name": "ledgersmb-contentlength-dos(45033)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45033"
        },
        {
          "name": "20080910 Multiple Vulnerabilities: LedgerSMB \u003c 1.2.15",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/496181/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ledgersmb.org/node/70"
        },
        {
          "name": "4250",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/4250"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-4077",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The CGI scripts in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allow remote attackers to cause a denial of service (resource exhaustion) via an HTTP POST request with a large Content-Length."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "31843",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31843"
            },
            {
              "name": "31109",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/31109"
            },
            {
              "name": "ledgersmb-contentlength-dos(45033)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45033"
            },
            {
              "name": "20080910 Multiple Vulnerabilities: LedgerSMB \u003c 1.2.15",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/496181/100/0/threaded"
            },
            {
              "name": "http://www.ledgersmb.org/node/70",
              "refsource": "CONFIRM",
              "url": "http://www.ledgersmb.org/node/70"
            },
            {
              "name": "4250",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/4250"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-4077",
    "datePublished": "2008-09-15T15:00:00.000Z",
    "dateReserved": "2008-09-15T00:00:00.000Z",
    "dateUpdated": "2024-08-07T10:00:42.863Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2007-5372 (GCVE-0-2007-5372)

Vulnerability from nvd – Published: 2007-10-11 10:00 – Updated: 2024-08-07 15:31

Summary

Multiple SQL injection vulnerabilities in (a) LedgerSMB 1.0.0 through 1.2.7 and (b) DWS Systems SQL-Ledger 2.x allow remote attackers to execute arbitrary SQL commands via (1) the invoice quantity field or (2) the sort field.

Severity

No CVSS data available.

CWE

n/a

Assigner

mitre

References

11 references

URL	Tags
http://secunia.com/advisories/27159	third-party-advisoryx_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
http://www.securityfocus.com/archive/1/481866/100…	mailing-listx_refsource_BUGTRAQ
http://osvdb.org/37865	vdb-entryx_refsource_OSVDB
https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
http://www.vupen.com/english/advisories/2007/3453	vdb-entryx_refsource_VUPEN
http://securityreason.com/securityalert/3209	third-party-advisoryx_refsource_SREASON
http://www.securityfocus.com/bid/25979	vdb-entryx_refsource_BID
http://osvdb.org/37866	vdb-entryx_refsource_OSVDB
http://www.ledgersmb.org/node/54	x_refsource_CONFIRM
http://secunia.com/advisories/27171	third-party-advisoryx_refsource_SECUNIA

Date Public

2007-10-09 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T15:31:57.153Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "27159",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27159"
          },
          {
            "name": "ledgersmb-unspecified-sql-injection(37032)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37032"
          },
          {
            "name": "20071009 LedgerSMB \u003c 1.2.8, SQL-Ledger 2.x Multiple SQL Injection Issues",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/481866/100/0/threaded"
          },
          {
            "name": "37865",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/37865"
          },
          {
            "name": "sqlledger-unspecified-sql-injection(37033)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37033"
          },
          {
            "name": "ADV-2007-3453",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/3453"
          },
          {
            "name": "3209",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/3209"
          },
          {
            "name": "25979",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/25979"
          },
          {
            "name": "37866",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/37866"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ledgersmb.org/node/54"
          },
          {
            "name": "27171",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27171"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-10-09T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple SQL injection vulnerabilities in (a) LedgerSMB 1.0.0 through 1.2.7 and (b) DWS Systems SQL-Ledger 2.x allow remote attackers to execute arbitrary SQL commands via (1) the invoice quantity field or (2) the sort field."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-15T20:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "27159",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27159"
        },
        {
          "name": "ledgersmb-unspecified-sql-injection(37032)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37032"
        },
        {
          "name": "20071009 LedgerSMB \u003c 1.2.8, SQL-Ledger 2.x Multiple SQL Injection Issues",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/481866/100/0/threaded"
        },
        {
          "name": "37865",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/37865"
        },
        {
          "name": "sqlledger-unspecified-sql-injection(37033)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37033"
        },
        {
          "name": "ADV-2007-3453",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/3453"
        },
        {
          "name": "3209",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/3209"
        },
        {
          "name": "25979",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/25979"
        },
        {
          "name": "37866",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/37866"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ledgersmb.org/node/54"
        },
        {
          "name": "27171",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27171"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-5372",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple SQL injection vulnerabilities in (a) LedgerSMB 1.0.0 through 1.2.7 and (b) DWS Systems SQL-Ledger 2.x allow remote attackers to execute arbitrary SQL commands via (1) the invoice quantity field or (2) the sort field."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "27159",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27159"
            },
            {
              "name": "ledgersmb-unspecified-sql-injection(37032)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37032"
            },
            {
              "name": "20071009 LedgerSMB \u003c 1.2.8, SQL-Ledger 2.x Multiple SQL Injection Issues",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/481866/100/0/threaded"
            },
            {
              "name": "37865",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/37865"
            },
            {
              "name": "sqlledger-unspecified-sql-injection(37033)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37033"
            },
            {
              "name": "ADV-2007-3453",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/3453"
            },
            {
              "name": "3209",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/3209"
            },
            {
              "name": "25979",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/25979"
            },
            {
              "name": "37866",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/37866"
            },
            {
              "name": "http://www.ledgersmb.org/node/54",
              "refsource": "CONFIRM",
              "url": "http://www.ledgersmb.org/node/54"
            },
            {
              "name": "27171",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27171"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-5372",
    "datePublished": "2007-10-11T10:00:00.000Z",
    "dateReserved": "2007-10-10T00:00:00.000Z",
    "dateUpdated": "2024-08-07T15:31:57.153Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2007-1923 (GCVE-0-2007-1923)

Vulnerability from nvd – Published: 2007-04-10 00:00 – Updated: 2024-08-07 13:13

Summary

(1) LedgerSMB and (2) DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direct requests. The LedgerSMB affected versions are before 1.3.0.

Severity

No CVSS data available.

CWE

n/a

Assigner

mitre

References

7 references

URL	Tags
http://osvdb.org/38218	vdb-entry
https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entry
http://securityreason.com/securityalert/2552	third-party-advisory
http://osvdb.org/38217	vdb-entry
http://www.securityfocus.com/bid/23352	vdb-entry
http://www.securityfocus.com/archive/1/464880/100…	mailing-list
https://github.com/ledgersmb/LedgerSMB/blob/maste…

Date Public

2007-04-06 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T13:13:41.559Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "38218",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://osvdb.org/38218"
          },
          {
            "name": "sqlledger-acl-weak-security(33494)",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33494"
          },
          {
            "name": "2552",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/2552"
          },
          {
            "name": "38217",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://osvdb.org/38217"
          },
          {
            "name": "23352",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/23352"
          },
          {
            "name": "20070406 ACLS ineffective in SQL-Ledger and LedgerSMB",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/464880/100/0/threaded"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/ledgersmb/LedgerSMB/blob/master/Changelog"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-04-06T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "(1) LedgerSMB and (2) DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direct requests. The LedgerSMB affected versions are before 1.3.0."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-25T04:58:55.612Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "38218",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://osvdb.org/38218"
        },
        {
          "name": "sqlledger-acl-weak-security(33494)",
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33494"
        },
        {
          "name": "2552",
          "tags": [
            "third-party-advisory"
          ],
          "url": "http://securityreason.com/securityalert/2552"
        },
        {
          "name": "38217",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://osvdb.org/38217"
        },
        {
          "name": "23352",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/23352"
        },
        {
          "name": "20070406 ACLS ineffective in SQL-Ledger and LedgerSMB",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.securityfocus.com/archive/1/464880/100/0/threaded"
        },
        {
          "url": "https://github.com/ledgersmb/LedgerSMB/blob/master/Changelog"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-1923",
    "datePublished": "2007-04-10T00:00:00.000Z",
    "dateReserved": "2007-04-10T00:00:00.000Z",
    "dateUpdated": "2024-08-07T13:13:41.559Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2006-5872 (GCVE-0-2006-5872)

Vulnerability from nvd – Published: 2006-12-18 00:00 – Updated: 2024-08-07 20:04

Summary

login.pl in SQL-Ledger before 2.6.21 and LedgerSMB before 1.1.5 allows remote attackers to execute arbitrary Perl code via the "-e" flag in the script parameter, which is used as an argument to the perl program.

Severity

No CVSS data available.

CWE

n/a

Assigner

mitre

References

8 references

URL	Tags
http://securitytracker.com/id?1017391	vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/21634	vdb-entryx_refsource_BID
http://secunia.com/advisories/23375	third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/23419	third-party-advisoryx_refsource_SECUNIA
http://www.vupen.com/english/advisories/2006/5043	vdb-entryx_refsource_VUPEN
http://www.debian.org/security/2006/dsa-1239	vendor-advisoryx_refsource_DEBIAN
http://www.vupen.com/english/advisories/2007/0407	vdb-entryx_refsource_VUPEN
http://www.securityfocus.com/archive/1/458300/100…	mailing-listx_refsource_BUGTRAQ

Date Public

2006-12-17 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T20:04:55.662Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1017391",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1017391"
          },
          {
            "name": "21634",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/21634"
          },
          {
            "name": "23375",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23375"
          },
          {
            "name": "23419",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23419"
          },
          {
            "name": "ADV-2006-5043",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/5043"
          },
          {
            "name": "DSA-1239",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2006/dsa-1239"
          },
          {
            "name": "ADV-2007-0407",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/0407"
          },
          {
            "name": "20070127 Full Disclosure: Arbitrary Code Execution in LedgerSMB CVE-2006-5872",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/458300/100/0/threaded"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-12-17T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "login.pl in SQL-Ledger before 2.6.21 and LedgerSMB before 1.1.5 allows remote attackers to execute arbitrary Perl code via the \"-e\" flag in the script parameter, which is used as an argument to the perl program."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-17T20:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1017391",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1017391"
        },
        {
          "name": "21634",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/21634"
        },
        {
          "name": "23375",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23375"
        },
        {
          "name": "23419",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23419"
        },
        {
          "name": "ADV-2006-5043",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/5043"
        },
        {
          "name": "DSA-1239",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2006/dsa-1239"
        },
        {
          "name": "ADV-2007-0407",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/0407"
        },
        {
          "name": "20070127 Full Disclosure: Arbitrary Code Execution in LedgerSMB CVE-2006-5872",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/458300/100/0/threaded"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-5872",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "login.pl in SQL-Ledger before 2.6.21 and LedgerSMB before 1.1.5 allows remote attackers to execute arbitrary Perl code via the \"-e\" flag in the script parameter, which is used as an argument to the perl program."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1017391",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1017391"
            },
            {
              "name": "21634",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/21634"
            },
            {
              "name": "23375",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/23375"
            },
            {
              "name": "23419",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/23419"
            },
            {
              "name": "ADV-2006-5043",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/5043"
            },
            {
              "name": "DSA-1239",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2006/dsa-1239"
            },
            {
              "name": "ADV-2007-0407",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/0407"
            },
            {
              "name": "20070127 Full Disclosure: Arbitrary Code Execution in LedgerSMB CVE-2006-5872",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/458300/100/0/threaded"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-5872",
    "datePublished": "2006-12-18T00:00:00.000Z",
    "dateReserved": "2006-11-14T00:00:00.000Z",
    "dateUpdated": "2024-08-07T20:04:55.662Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2006-4798 (GCVE-0-2006-4798)

Vulnerability from nvd – Published: 2006-09-14 21:00 – Updated: 2024-08-07 19:23

Summary

SQL-Ledger before 2.4.4 stores a password in a query string, which might allow context-dependent attackers to obtain the password via a Referer field or browser history.

Severity

No CVSS data available.

CWE

n/a

Assigner

mitre

References

3 references

URL	Tags
https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
http://securityreason.com/securityalert/1579	third-party-advisoryx_refsource_SREASON
http://www.securityfocus.com/archive/1/445512	mailing-listx_refsource_BUGTRAQ

Date Public

2006-09-07 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T19:23:41.231Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "sql-ledger-session-unauth-access(28671)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28671"
          },
          {
            "name": "1579",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/1579"
          },
          {
            "name": "20060907 Full Disclosure for SQL-Ledger vulnerability CVE-2006-4244",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/445512"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-09-07T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "SQL-Ledger before 2.4.4 stores a password in a query string, which might allow context-dependent attackers to obtain the password via a Referer field or browser history."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-19T15:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "sql-ledger-session-unauth-access(28671)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28671"
        },
        {
          "name": "1579",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/1579"
        },
        {
          "name": "20060907 Full Disclosure for SQL-Ledger vulnerability CVE-2006-4244",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/445512"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-4798",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SQL-Ledger before 2.4.4 stores a password in a query string, which might allow context-dependent attackers to obtain the password via a Referer field or browser history."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "sql-ledger-session-unauth-access(28671)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28671"
            },
            {
              "name": "1579",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/1579"
            },
            {
              "name": "20060907 Full Disclosure for SQL-Ledger vulnerability CVE-2006-4244",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/445512"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-4798",
    "datePublished": "2006-09-14T21:00:00.000Z",
    "dateReserved": "2006-09-14T00:00:00.000Z",
    "dateUpdated": "2024-08-07T19:23:41.231Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2006-4731 (GCVE-0-2006-4731)

Vulnerability from nvd – Published: 2006-09-13 00:00 – Updated: 2024-08-07 19:23

Summary

Multiple directory traversal vulnerabilities in (1) login.pl and (2) admin.pl in (a) SQL-Ledger before 2.6.19 and (b) LedgerSMB before 1.0.0p1 allow remote attackers to execute arbitrary Perl code via an unspecified terminal parameter value containing ../ (dot dot slash).

Severity

No CVSS data available.

CWE

n/a

Assigner

mitre

References

11 references

URL	Tags
http://www.securityfocus.com/bid/19960	vdb-entryx_refsource_BID
http://www.sql-ledger.org/cgi-bin/nav.pl?page=new…	x_refsource_CONFIRM
http://sourceforge.net/project/shownotes.php?grou…	x_refsource_CONFIRM
http://securityreason.com/securityalert/1553	third-party-advisoryx_refsource_SREASON
http://secunia.com/advisories/21886	third-party-advisoryx_refsource_SECUNIA
http://www.vupen.com/english/advisories/2006/3555	vdb-entryx_refsource_VUPEN
https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
http://svn.sourceforge.net/viewvc/ledger-smb/trun…	x_refsource_MISC
http://www.securityfocus.com/archive/1/445817/100…	mailing-listx_refsource_BUGTRAQ
http://www.vupen.com/english/advisories/2006/3554	vdb-entryx_refsource_VUPEN
http://secunia.com/advisories/21824	third-party-advisoryx_refsource_SECUNIA

Date Public

2006-09-11 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T19:23:40.501Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "19960",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/19960"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.sql-ledger.org/cgi-bin/nav.pl?page=news.html\u0026title=What%27s%20New"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sourceforge.net/project/shownotes.php?group_id=175965\u0026release_id=446778"
          },
          {
            "name": "1553",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/1553"
          },
          {
            "name": "21886",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21886"
          },
          {
            "name": "ADV-2006-3555",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3555"
          },
          {
            "name": "sqlledger-ledgersmb-terminal-file-include(28885)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28885"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://svn.sourceforge.net/viewvc/ledger-smb/trunk/login.pl?r1=53\u0026r2=69"
          },
          {
            "name": "20060912 LedgerSMB 1.0.0 and SQL-Ledger 2.6.18 and earler arbitrary code execution",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/445817/100/0/threaded"
          },
          {
            "name": "ADV-2006-3554",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3554"
          },
          {
            "name": "21824",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21824"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-09-11T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple directory traversal vulnerabilities in (1) login.pl and (2) admin.pl in (a) SQL-Ledger before 2.6.19 and (b) LedgerSMB before 1.0.0p1 allow remote attackers to execute arbitrary Perl code via an unspecified terminal parameter value containing ../ (dot dot slash)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-17T20:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "19960",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/19960"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.sql-ledger.org/cgi-bin/nav.pl?page=news.html\u0026title=What%27s%20New"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sourceforge.net/project/shownotes.php?group_id=175965\u0026release_id=446778"
        },
        {
          "name": "1553",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/1553"
        },
        {
          "name": "21886",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21886"
        },
        {
          "name": "ADV-2006-3555",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3555"
        },
        {
          "name": "sqlledger-ledgersmb-terminal-file-include(28885)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28885"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://svn.sourceforge.net/viewvc/ledger-smb/trunk/login.pl?r1=53\u0026r2=69"
        },
        {
          "name": "20060912 LedgerSMB 1.0.0 and SQL-Ledger 2.6.18 and earler arbitrary code execution",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/445817/100/0/threaded"
        },
        {
          "name": "ADV-2006-3554",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3554"
        },
        {
          "name": "21824",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21824"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-4731",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple directory traversal vulnerabilities in (1) login.pl and (2) admin.pl in (a) SQL-Ledger before 2.6.19 and (b) LedgerSMB before 1.0.0p1 allow remote attackers to execute arbitrary Perl code via an unspecified terminal parameter value containing ../ (dot dot slash)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "19960",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/19960"
            },
            {
              "name": "http://www.sql-ledger.org/cgi-bin/nav.pl?page=news.html\u0026title=What\u0027s%20New",
              "refsource": "CONFIRM",
              "url": "http://www.sql-ledger.org/cgi-bin/nav.pl?page=news.html\u0026title=What\u0027s%20New"
            },
            {
              "name": "http://sourceforge.net/project/shownotes.php?group_id=175965\u0026release_id=446778",
              "refsource": "CONFIRM",
              "url": "http://sourceforge.net/project/shownotes.php?group_id=175965\u0026release_id=446778"
            },
            {
              "name": "1553",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/1553"
            },
            {
              "name": "21886",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21886"
            },
            {
              "name": "ADV-2006-3555",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/3555"
            },
            {
              "name": "sqlledger-ledgersmb-terminal-file-include(28885)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28885"
            },
            {
              "name": "http://svn.sourceforge.net/viewvc/ledger-smb/trunk/login.pl?r1=53\u0026r2=69",
              "refsource": "MISC",
              "url": "http://svn.sourceforge.net/viewvc/ledger-smb/trunk/login.pl?r1=53\u0026r2=69"
            },
            {
              "name": "20060912 LedgerSMB 1.0.0 and SQL-Ledger 2.6.18 and earler arbitrary code execution",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/445817/100/0/threaded"
            },
            {
              "name": "ADV-2006-3554",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/3554"
            },
            {
              "name": "21824",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21824"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-4731",
    "datePublished": "2006-09-13T00:00:00.000Z",
    "dateReserved": "2006-09-12T00:00:00.000Z",
    "dateUpdated": "2024-08-07T19:23:40.501Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2008-4077 (GCVE-0-2008-4077)

Vulnerability from cvelistv5 – Published: 2008-09-15 15:00 – Updated: 2024-08-07 10:00

Summary

The CGI scripts in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allow remote attackers to cause a denial of service (resource exhaustion) via an HTTP POST request with a large Content-Length.

Severity

No CVSS data available.

CWE

n/a

Assigner

mitre

References

6 references

URL	Tags
http://secunia.com/advisories/31843	third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/31109	vdb-entryx_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
http://www.securityfocus.com/archive/1/496181/100…	mailing-listx_refsource_BUGTRAQ
http://www.ledgersmb.org/node/70	x_refsource_CONFIRM
http://securityreason.com/securityalert/4250	third-party-advisoryx_refsource_SREASON

Date Public

2008-09-10 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T10:00:42.863Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "31843",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31843"
          },
          {
            "name": "31109",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/31109"
          },
          {
            "name": "ledgersmb-contentlength-dos(45033)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45033"
          },
          {
            "name": "20080910 Multiple Vulnerabilities: LedgerSMB \u003c 1.2.15",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/496181/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ledgersmb.org/node/70"
          },
          {
            "name": "4250",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/4250"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-09-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The CGI scripts in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allow remote attackers to cause a denial of service (resource exhaustion) via an HTTP POST request with a large Content-Length."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-11T19:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "31843",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31843"
        },
        {
          "name": "31109",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/31109"
        },
        {
          "name": "ledgersmb-contentlength-dos(45033)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45033"
        },
        {
          "name": "20080910 Multiple Vulnerabilities: LedgerSMB \u003c 1.2.15",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/496181/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ledgersmb.org/node/70"
        },
        {
          "name": "4250",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/4250"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-4077",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The CGI scripts in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allow remote attackers to cause a denial of service (resource exhaustion) via an HTTP POST request with a large Content-Length."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "31843",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31843"
            },
            {
              "name": "31109",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/31109"
            },
            {
              "name": "ledgersmb-contentlength-dos(45033)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45033"
            },
            {
              "name": "20080910 Multiple Vulnerabilities: LedgerSMB \u003c 1.2.15",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/496181/100/0/threaded"
            },
            {
              "name": "http://www.ledgersmb.org/node/70",
              "refsource": "CONFIRM",
              "url": "http://www.ledgersmb.org/node/70"
            },
            {
              "name": "4250",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/4250"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-4077",
    "datePublished": "2008-09-15T15:00:00.000Z",
    "dateReserved": "2008-09-15T00:00:00.000Z",
    "dateUpdated": "2024-08-07T10:00:42.863Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2008-4078 (GCVE-0-2008-4078)

Vulnerability from cvelistv5 – Published: 2008-09-15 15:00 – Updated: 2024-08-07 10:00

Summary

SQL injection vulnerability in the AR/AP transaction report in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

Severity

No CVSS data available.

CWE

n/a

Assigner

mitre

References

6 references

URL	Tags
http://sourceforge.net/project/shownotes.php?grou…	x_refsource_CONFIRM
http://secunia.com/advisories/31843	third-party-advisoryx_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
http://www.securityfocus.com/bid/31109	vdb-entryx_refsource_BID
http://www.securityfocus.com/archive/1/496181/100…	mailing-listx_refsource_BUGTRAQ
http://securityreason.com/securityalert/4250	third-party-advisoryx_refsource_SREASON

Date Public

2008-09-10 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T10:00:42.806Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sourceforge.net/project/shownotes.php?group_id=175965\u0026release_id=624978"
          },
          {
            "name": "31843",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31843"
          },
          {
            "name": "ledgersmb-aptransactionreport-sql-injection(45034)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45034"
          },
          {
            "name": "31109",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/31109"
          },
          {
            "name": "20080910 Multiple Vulnerabilities: LedgerSMB \u003c 1.2.15",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/496181/100/0/threaded"
          },
          {
            "name": "4250",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/4250"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-09-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "SQL injection vulnerability in the AR/AP transaction report in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-11T19:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sourceforge.net/project/shownotes.php?group_id=175965\u0026release_id=624978"
        },
        {
          "name": "31843",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31843"
        },
        {
          "name": "ledgersmb-aptransactionreport-sql-injection(45034)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45034"
        },
        {
          "name": "31109",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/31109"
        },
        {
          "name": "20080910 Multiple Vulnerabilities: LedgerSMB \u003c 1.2.15",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/496181/100/0/threaded"
        },
        {
          "name": "4250",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/4250"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-4078",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SQL injection vulnerability in the AR/AP transaction report in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://sourceforge.net/project/shownotes.php?group_id=175965\u0026release_id=624978",
              "refsource": "CONFIRM",
              "url": "http://sourceforge.net/project/shownotes.php?group_id=175965\u0026release_id=624978"
            },
            {
              "name": "31843",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31843"
            },
            {
              "name": "ledgersmb-aptransactionreport-sql-injection(45034)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45034"
            },
            {
              "name": "31109",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/31109"
            },
            {
              "name": "20080910 Multiple Vulnerabilities: LedgerSMB \u003c 1.2.15",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/496181/100/0/threaded"
            },
            {
              "name": "4250",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/4250"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-4078",
    "datePublished": "2008-09-15T15:00:00.000Z",
    "dateReserved": "2008-09-15T00:00:00.000Z",
    "dateUpdated": "2024-08-07T10:00:42.806Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2007-5372 (GCVE-0-2007-5372)

Vulnerability from cvelistv5 – Published: 2007-10-11 10:00 – Updated: 2024-08-07 15:31

Summary

Multiple SQL injection vulnerabilities in (a) LedgerSMB 1.0.0 through 1.2.7 and (b) DWS Systems SQL-Ledger 2.x allow remote attackers to execute arbitrary SQL commands via (1) the invoice quantity field or (2) the sort field.

Severity

No CVSS data available.

CWE

n/a

Assigner

mitre

References

11 references

URL	Tags
http://secunia.com/advisories/27159	third-party-advisoryx_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
http://www.securityfocus.com/archive/1/481866/100…	mailing-listx_refsource_BUGTRAQ
http://osvdb.org/37865	vdb-entryx_refsource_OSVDB
https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
http://www.vupen.com/english/advisories/2007/3453	vdb-entryx_refsource_VUPEN
http://securityreason.com/securityalert/3209	third-party-advisoryx_refsource_SREASON
http://www.securityfocus.com/bid/25979	vdb-entryx_refsource_BID
http://osvdb.org/37866	vdb-entryx_refsource_OSVDB
http://www.ledgersmb.org/node/54	x_refsource_CONFIRM
http://secunia.com/advisories/27171	third-party-advisoryx_refsource_SECUNIA

Date Public

2007-10-09 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T15:31:57.153Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "27159",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27159"
          },
          {
            "name": "ledgersmb-unspecified-sql-injection(37032)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37032"
          },
          {
            "name": "20071009 LedgerSMB \u003c 1.2.8, SQL-Ledger 2.x Multiple SQL Injection Issues",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/481866/100/0/threaded"
          },
          {
            "name": "37865",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/37865"
          },
          {
            "name": "sqlledger-unspecified-sql-injection(37033)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37033"
          },
          {
            "name": "ADV-2007-3453",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/3453"
          },
          {
            "name": "3209",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/3209"
          },
          {
            "name": "25979",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/25979"
          },
          {
            "name": "37866",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/37866"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ledgersmb.org/node/54"
          },
          {
            "name": "27171",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27171"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-10-09T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple SQL injection vulnerabilities in (a) LedgerSMB 1.0.0 through 1.2.7 and (b) DWS Systems SQL-Ledger 2.x allow remote attackers to execute arbitrary SQL commands via (1) the invoice quantity field or (2) the sort field."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-15T20:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "27159",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27159"
        },
        {
          "name": "ledgersmb-unspecified-sql-injection(37032)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37032"
        },
        {
          "name": "20071009 LedgerSMB \u003c 1.2.8, SQL-Ledger 2.x Multiple SQL Injection Issues",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/481866/100/0/threaded"
        },
        {
          "name": "37865",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/37865"
        },
        {
          "name": "sqlledger-unspecified-sql-injection(37033)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37033"
        },
        {
          "name": "ADV-2007-3453",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/3453"
        },
        {
          "name": "3209",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/3209"
        },
        {
          "name": "25979",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/25979"
        },
        {
          "name": "37866",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/37866"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ledgersmb.org/node/54"
        },
        {
          "name": "27171",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27171"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-5372",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple SQL injection vulnerabilities in (a) LedgerSMB 1.0.0 through 1.2.7 and (b) DWS Systems SQL-Ledger 2.x allow remote attackers to execute arbitrary SQL commands via (1) the invoice quantity field or (2) the sort field."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "27159",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27159"
            },
            {
              "name": "ledgersmb-unspecified-sql-injection(37032)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37032"
            },
            {
              "name": "20071009 LedgerSMB \u003c 1.2.8, SQL-Ledger 2.x Multiple SQL Injection Issues",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/481866/100/0/threaded"
            },
            {
              "name": "37865",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/37865"
            },
            {
              "name": "sqlledger-unspecified-sql-injection(37033)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37033"
            },
            {
              "name": "ADV-2007-3453",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/3453"
            },
            {
              "name": "3209",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/3209"
            },
            {
              "name": "25979",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/25979"
            },
            {
              "name": "37866",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/37866"
            },
            {
              "name": "http://www.ledgersmb.org/node/54",
              "refsource": "CONFIRM",
              "url": "http://www.ledgersmb.org/node/54"
            },
            {
              "name": "27171",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27171"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-5372",
    "datePublished": "2007-10-11T10:00:00.000Z",
    "dateReserved": "2007-10-10T00:00:00.000Z",
    "dateUpdated": "2024-08-07T15:31:57.153Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2007-1923 (GCVE-0-2007-1923)

Vulnerability from cvelistv5 – Published: 2007-04-10 00:00 – Updated: 2024-08-07 13:13

Summary

(1) LedgerSMB and (2) DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direct requests. The LedgerSMB affected versions are before 1.3.0.

Severity

No CVSS data available.

CWE

n/a

Assigner

mitre

References

7 references

URL	Tags
http://osvdb.org/38218	vdb-entry
https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entry
http://securityreason.com/securityalert/2552	third-party-advisory
http://osvdb.org/38217	vdb-entry
http://www.securityfocus.com/bid/23352	vdb-entry
http://www.securityfocus.com/archive/1/464880/100…	mailing-list
https://github.com/ledgersmb/LedgerSMB/blob/maste…

Date Public

2007-04-06 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T13:13:41.559Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "38218",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://osvdb.org/38218"
          },
          {
            "name": "sqlledger-acl-weak-security(33494)",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33494"
          },
          {
            "name": "2552",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/2552"
          },
          {
            "name": "38217",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://osvdb.org/38217"
          },
          {
            "name": "23352",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/23352"
          },
          {
            "name": "20070406 ACLS ineffective in SQL-Ledger and LedgerSMB",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/464880/100/0/threaded"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/ledgersmb/LedgerSMB/blob/master/Changelog"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-04-06T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "(1) LedgerSMB and (2) DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direct requests. The LedgerSMB affected versions are before 1.3.0."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-25T04:58:55.612Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "38218",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://osvdb.org/38218"
        },
        {
          "name": "sqlledger-acl-weak-security(33494)",
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33494"
        },
        {
          "name": "2552",
          "tags": [
            "third-party-advisory"
          ],
          "url": "http://securityreason.com/securityalert/2552"
        },
        {
          "name": "38217",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://osvdb.org/38217"
        },
        {
          "name": "23352",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/23352"
        },
        {
          "name": "20070406 ACLS ineffective in SQL-Ledger and LedgerSMB",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.securityfocus.com/archive/1/464880/100/0/threaded"
        },
        {
          "url": "https://github.com/ledgersmb/LedgerSMB/blob/master/Changelog"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-1923",
    "datePublished": "2007-04-10T00:00:00.000Z",
    "dateReserved": "2007-04-10T00:00:00.000Z",
    "dateUpdated": "2024-08-07T13:13:41.559Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2006-5872 (GCVE-0-2006-5872)

Vulnerability from cvelistv5 – Published: 2006-12-18 00:00 – Updated: 2024-08-07 20:04

Summary

login.pl in SQL-Ledger before 2.6.21 and LedgerSMB before 1.1.5 allows remote attackers to execute arbitrary Perl code via the "-e" flag in the script parameter, which is used as an argument to the perl program.

Severity

No CVSS data available.

CWE

n/a

Assigner

mitre

References

8 references

URL	Tags
http://securitytracker.com/id?1017391	vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/21634	vdb-entryx_refsource_BID
http://secunia.com/advisories/23375	third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/23419	third-party-advisoryx_refsource_SECUNIA
http://www.vupen.com/english/advisories/2006/5043	vdb-entryx_refsource_VUPEN
http://www.debian.org/security/2006/dsa-1239	vendor-advisoryx_refsource_DEBIAN
http://www.vupen.com/english/advisories/2007/0407	vdb-entryx_refsource_VUPEN
http://www.securityfocus.com/archive/1/458300/100…	mailing-listx_refsource_BUGTRAQ

Date Public

2006-12-17 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T20:04:55.662Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1017391",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1017391"
          },
          {
            "name": "21634",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/21634"
          },
          {
            "name": "23375",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23375"
          },
          {
            "name": "23419",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23419"
          },
          {
            "name": "ADV-2006-5043",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/5043"
          },
          {
            "name": "DSA-1239",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2006/dsa-1239"
          },
          {
            "name": "ADV-2007-0407",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/0407"
          },
          {
            "name": "20070127 Full Disclosure: Arbitrary Code Execution in LedgerSMB CVE-2006-5872",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/458300/100/0/threaded"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-12-17T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "login.pl in SQL-Ledger before 2.6.21 and LedgerSMB before 1.1.5 allows remote attackers to execute arbitrary Perl code via the \"-e\" flag in the script parameter, which is used as an argument to the perl program."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-17T20:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1017391",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1017391"
        },
        {
          "name": "21634",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/21634"
        },
        {
          "name": "23375",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23375"
        },
        {
          "name": "23419",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23419"
        },
        {
          "name": "ADV-2006-5043",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/5043"
        },
        {
          "name": "DSA-1239",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2006/dsa-1239"
        },
        {
          "name": "ADV-2007-0407",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/0407"
        },
        {
          "name": "20070127 Full Disclosure: Arbitrary Code Execution in LedgerSMB CVE-2006-5872",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/458300/100/0/threaded"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-5872",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "login.pl in SQL-Ledger before 2.6.21 and LedgerSMB before 1.1.5 allows remote attackers to execute arbitrary Perl code via the \"-e\" flag in the script parameter, which is used as an argument to the perl program."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1017391",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1017391"
            },
            {
              "name": "21634",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/21634"
            },
            {
              "name": "23375",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/23375"
            },
            {
              "name": "23419",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/23419"
            },
            {
              "name": "ADV-2006-5043",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/5043"
            },
            {
              "name": "DSA-1239",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2006/dsa-1239"
            },
            {
              "name": "ADV-2007-0407",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/0407"
            },
            {
              "name": "20070127 Full Disclosure: Arbitrary Code Execution in LedgerSMB CVE-2006-5872",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/458300/100/0/threaded"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-5872",
    "datePublished": "2006-12-18T00:00:00.000Z",
    "dateReserved": "2006-11-14T00:00:00.000Z",
    "dateUpdated": "2024-08-07T20:04:55.662Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2006-4798 (GCVE-0-2006-4798)

Vulnerability from cvelistv5 – Published: 2006-09-14 21:00 – Updated: 2024-08-07 19:23

Summary

SQL-Ledger before 2.4.4 stores a password in a query string, which might allow context-dependent attackers to obtain the password via a Referer field or browser history.

Severity

No CVSS data available.

CWE

n/a

Assigner

mitre

References

3 references

URL	Tags
https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
http://securityreason.com/securityalert/1579	third-party-advisoryx_refsource_SREASON
http://www.securityfocus.com/archive/1/445512	mailing-listx_refsource_BUGTRAQ

Date Public

2006-09-07 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T19:23:41.231Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "sql-ledger-session-unauth-access(28671)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28671"
          },
          {
            "name": "1579",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/1579"
          },
          {
            "name": "20060907 Full Disclosure for SQL-Ledger vulnerability CVE-2006-4244",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/445512"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-09-07T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "SQL-Ledger before 2.4.4 stores a password in a query string, which might allow context-dependent attackers to obtain the password via a Referer field or browser history."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-19T15:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "sql-ledger-session-unauth-access(28671)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28671"
        },
        {
          "name": "1579",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/1579"
        },
        {
          "name": "20060907 Full Disclosure for SQL-Ledger vulnerability CVE-2006-4244",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/445512"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-4798",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SQL-Ledger before 2.4.4 stores a password in a query string, which might allow context-dependent attackers to obtain the password via a Referer field or browser history."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "sql-ledger-session-unauth-access(28671)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28671"
            },
            {
              "name": "1579",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/1579"
            },
            {
              "name": "20060907 Full Disclosure for SQL-Ledger vulnerability CVE-2006-4244",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/445512"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-4798",
    "datePublished": "2006-09-14T21:00:00.000Z",
    "dateReserved": "2006-09-14T00:00:00.000Z",
    "dateUpdated": "2024-08-07T19:23:41.231Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2006-4731 (GCVE-0-2006-4731)

Vulnerability from cvelistv5 – Published: 2006-09-13 00:00 – Updated: 2024-08-07 19:23

Summary

Multiple directory traversal vulnerabilities in (1) login.pl and (2) admin.pl in (a) SQL-Ledger before 2.6.19 and (b) LedgerSMB before 1.0.0p1 allow remote attackers to execute arbitrary Perl code via an unspecified terminal parameter value containing ../ (dot dot slash).

Severity

No CVSS data available.

CWE

n/a

Assigner

mitre

References

11 references

URL	Tags
http://www.securityfocus.com/bid/19960	vdb-entryx_refsource_BID
http://www.sql-ledger.org/cgi-bin/nav.pl?page=new…	x_refsource_CONFIRM
http://sourceforge.net/project/shownotes.php?grou…	x_refsource_CONFIRM
http://securityreason.com/securityalert/1553	third-party-advisoryx_refsource_SREASON
http://secunia.com/advisories/21886	third-party-advisoryx_refsource_SECUNIA
http://www.vupen.com/english/advisories/2006/3555	vdb-entryx_refsource_VUPEN
https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
http://svn.sourceforge.net/viewvc/ledger-smb/trun…	x_refsource_MISC
http://www.securityfocus.com/archive/1/445817/100…	mailing-listx_refsource_BUGTRAQ
http://www.vupen.com/english/advisories/2006/3554	vdb-entryx_refsource_VUPEN
http://secunia.com/advisories/21824	third-party-advisoryx_refsource_SECUNIA

Date Public

2006-09-11 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T19:23:40.501Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "19960",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/19960"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.sql-ledger.org/cgi-bin/nav.pl?page=news.html\u0026title=What%27s%20New"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sourceforge.net/project/shownotes.php?group_id=175965\u0026release_id=446778"
          },
          {
            "name": "1553",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/1553"
          },
          {
            "name": "21886",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21886"
          },
          {
            "name": "ADV-2006-3555",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3555"
          },
          {
            "name": "sqlledger-ledgersmb-terminal-file-include(28885)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28885"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://svn.sourceforge.net/viewvc/ledger-smb/trunk/login.pl?r1=53\u0026r2=69"
          },
          {
            "name": "20060912 LedgerSMB 1.0.0 and SQL-Ledger 2.6.18 and earler arbitrary code execution",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/445817/100/0/threaded"
          },
          {
            "name": "ADV-2006-3554",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3554"
          },
          {
            "name": "21824",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21824"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-09-11T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple directory traversal vulnerabilities in (1) login.pl and (2) admin.pl in (a) SQL-Ledger before 2.6.19 and (b) LedgerSMB before 1.0.0p1 allow remote attackers to execute arbitrary Perl code via an unspecified terminal parameter value containing ../ (dot dot slash)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-17T20:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "19960",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/19960"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.sql-ledger.org/cgi-bin/nav.pl?page=news.html\u0026title=What%27s%20New"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sourceforge.net/project/shownotes.php?group_id=175965\u0026release_id=446778"
        },
        {
          "name": "1553",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/1553"
        },
        {
          "name": "21886",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21886"
        },
        {
          "name": "ADV-2006-3555",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3555"
        },
        {
          "name": "sqlledger-ledgersmb-terminal-file-include(28885)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28885"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://svn.sourceforge.net/viewvc/ledger-smb/trunk/login.pl?r1=53\u0026r2=69"
        },
        {
          "name": "20060912 LedgerSMB 1.0.0 and SQL-Ledger 2.6.18 and earler arbitrary code execution",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/445817/100/0/threaded"
        },
        {
          "name": "ADV-2006-3554",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3554"
        },
        {
          "name": "21824",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21824"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-4731",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple directory traversal vulnerabilities in (1) login.pl and (2) admin.pl in (a) SQL-Ledger before 2.6.19 and (b) LedgerSMB before 1.0.0p1 allow remote attackers to execute arbitrary Perl code via an unspecified terminal parameter value containing ../ (dot dot slash)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "19960",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/19960"
            },
            {
              "name": "http://www.sql-ledger.org/cgi-bin/nav.pl?page=news.html\u0026title=What\u0027s%20New",
              "refsource": "CONFIRM",
              "url": "http://www.sql-ledger.org/cgi-bin/nav.pl?page=news.html\u0026title=What\u0027s%20New"
            },
            {
              "name": "http://sourceforge.net/project/shownotes.php?group_id=175965\u0026release_id=446778",
              "refsource": "CONFIRM",
              "url": "http://sourceforge.net/project/shownotes.php?group_id=175965\u0026release_id=446778"
            },
            {
              "name": "1553",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/1553"
            },
            {
              "name": "21886",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21886"
            },
            {
              "name": "ADV-2006-3555",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/3555"
            },
            {
              "name": "sqlledger-ledgersmb-terminal-file-include(28885)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28885"
            },
            {
              "name": "http://svn.sourceforge.net/viewvc/ledger-smb/trunk/login.pl?r1=53\u0026r2=69",
              "refsource": "MISC",
              "url": "http://svn.sourceforge.net/viewvc/ledger-smb/trunk/login.pl?r1=53\u0026r2=69"
            },
            {
              "name": "20060912 LedgerSMB 1.0.0 and SQL-Ledger 2.6.18 and earler arbitrary code execution",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/445817/100/0/threaded"
            },
            {
              "name": "ADV-2006-3554",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/3554"
            },
            {
              "name": "21824",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21824"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-4731",
    "datePublished": "2006-09-13T00:00:00.000Z",
    "dateReserved": "2006-09-12T00:00:00.000Z",
    "dateUpdated": "2024-08-07T19:23:40.501Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Find a vulnerability

Search criteria ⓘ Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

14 vulnerabilities found for sql-ledger by dws_systems_inc.

CVE-2008-4078 (GCVE-0-2008-4078)

CVE-2008-4077 (GCVE-0-2008-4077)

CVE-2007-5372 (GCVE-0-2007-5372)

CVE-2007-1923 (GCVE-0-2007-1923)

CVE-2006-5872 (GCVE-0-2006-5872)

CVE-2006-4798 (GCVE-0-2006-4798)

CVE-2006-4731 (GCVE-0-2006-4731)

CVE-2008-4077 (GCVE-0-2008-4077)

CVE-2008-4078 (GCVE-0-2008-4078)

CVE-2007-5372 (GCVE-0-2007-5372)

CVE-2007-1923 (GCVE-0-2007-1923)

CVE-2006-5872 (GCVE-0-2006-5872)

CVE-2006-4798 (GCVE-0-2006-4798)

CVE-2006-4731 (GCVE-0-2006-4731)

Find a vulnerability

Search criteria ⓘ Use this form to refine search results. Full-text search supports keyword queries with ranking and filtering. You can combine vendor, product, and sources to narrow results. Enable “Apply ordering” to sort by date instead of relevance.

14 vulnerabilities found for sql-ledger by dws_systems_inc.

CVE-2008-4078 (GCVE-0-2008-4078)

CVE-2008-4077 (GCVE-0-2008-4077)

CVE-2007-5372 (GCVE-0-2007-5372)

CVE-2007-1923 (GCVE-0-2007-1923)

CVE-2006-5872 (GCVE-0-2006-5872)

CVE-2006-4798 (GCVE-0-2006-4798)

CVE-2006-4731 (GCVE-0-2006-4731)

CVE-2008-4077 (GCVE-0-2008-4077)

CVE-2008-4078 (GCVE-0-2008-4078)

CVE-2007-5372 (GCVE-0-2007-5372)

CVE-2007-1923 (GCVE-0-2007-1923)

CVE-2006-5872 (GCVE-0-2006-5872)

CVE-2006-4798 (GCVE-0-2006-4798)

CVE-2006-4731 (GCVE-0-2006-4731)

Search criteria ⓘ Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.