Search criteria

18 vulnerabilities found for sql-ledger by dws_systems_inc.

CVE-2008-4077 (GCVE-0-2008-4077)

Vulnerability from cvelistv5 – Published: 2008-09-15 15:00 – Updated: 2024-08-07 10:00
VLAI?
Summary
The CGI scripts in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allow remote attackers to cause a denial of service (resource exhaustion) via an HTTP POST request with a large Content-Length.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://secunia.com/advisories/31843 third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/31109 vdb-entryx_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://www.securityfocus.com/archive/1/496181/100… mailing-listx_refsource_BUGTRAQ
http://www.ledgersmb.org/node/70 x_refsource_CONFIRM
http://securityreason.com/securityalert/4250 third-party-advisoryx_refsource_SREASON
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T10:00:42.863Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "31843",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31843"
          },
          {
            "name": "31109",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/31109"
          },
          {
            "name": "ledgersmb-contentlength-dos(45033)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45033"
          },
          {
            "name": "20080910 Multiple Vulnerabilities: LedgerSMB \u003c 1.2.15",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/496181/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ledgersmb.org/node/70"
          },
          {
            "name": "4250",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/4250"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-09-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The CGI scripts in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allow remote attackers to cause a denial of service (resource exhaustion) via an HTTP POST request with a large Content-Length."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-11T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "31843",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31843"
        },
        {
          "name": "31109",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/31109"
        },
        {
          "name": "ledgersmb-contentlength-dos(45033)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45033"
        },
        {
          "name": "20080910 Multiple Vulnerabilities: LedgerSMB \u003c 1.2.15",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/496181/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ledgersmb.org/node/70"
        },
        {
          "name": "4250",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/4250"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-4077",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The CGI scripts in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allow remote attackers to cause a denial of service (resource exhaustion) via an HTTP POST request with a large Content-Length."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "31843",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31843"
            },
            {
              "name": "31109",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/31109"
            },
            {
              "name": "ledgersmb-contentlength-dos(45033)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45033"
            },
            {
              "name": "20080910 Multiple Vulnerabilities: LedgerSMB \u003c 1.2.15",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/496181/100/0/threaded"
            },
            {
              "name": "http://www.ledgersmb.org/node/70",
              "refsource": "CONFIRM",
              "url": "http://www.ledgersmb.org/node/70"
            },
            {
              "name": "4250",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/4250"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-4077",
    "datePublished": "2008-09-15T15:00:00",
    "dateReserved": "2008-09-15T00:00:00",
    "dateUpdated": "2024-08-07T10:00:42.863Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2008-4078 (GCVE-0-2008-4078)

Vulnerability from cvelistv5 – Published: 2008-09-15 15:00 – Updated: 2024-08-07 10:00
VLAI?
Summary
SQL injection vulnerability in the AR/AP transaction report in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://sourceforge.net/project/shownotes.php?grou… x_refsource_CONFIRM
http://secunia.com/advisories/31843 third-party-advisoryx_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://www.securityfocus.com/bid/31109 vdb-entryx_refsource_BID
http://www.securityfocus.com/archive/1/496181/100… mailing-listx_refsource_BUGTRAQ
http://securityreason.com/securityalert/4250 third-party-advisoryx_refsource_SREASON
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T10:00:42.806Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sourceforge.net/project/shownotes.php?group_id=175965\u0026release_id=624978"
          },
          {
            "name": "31843",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31843"
          },
          {
            "name": "ledgersmb-aptransactionreport-sql-injection(45034)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45034"
          },
          {
            "name": "31109",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/31109"
          },
          {
            "name": "20080910 Multiple Vulnerabilities: LedgerSMB \u003c 1.2.15",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/496181/100/0/threaded"
          },
          {
            "name": "4250",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/4250"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-09-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "SQL injection vulnerability in the AR/AP transaction report in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-11T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sourceforge.net/project/shownotes.php?group_id=175965\u0026release_id=624978"
        },
        {
          "name": "31843",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31843"
        },
        {
          "name": "ledgersmb-aptransactionreport-sql-injection(45034)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45034"
        },
        {
          "name": "31109",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/31109"
        },
        {
          "name": "20080910 Multiple Vulnerabilities: LedgerSMB \u003c 1.2.15",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/496181/100/0/threaded"
        },
        {
          "name": "4250",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/4250"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-4078",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SQL injection vulnerability in the AR/AP transaction report in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://sourceforge.net/project/shownotes.php?group_id=175965\u0026release_id=624978",
              "refsource": "CONFIRM",
              "url": "http://sourceforge.net/project/shownotes.php?group_id=175965\u0026release_id=624978"
            },
            {
              "name": "31843",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31843"
            },
            {
              "name": "ledgersmb-aptransactionreport-sql-injection(45034)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45034"
            },
            {
              "name": "31109",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/31109"
            },
            {
              "name": "20080910 Multiple Vulnerabilities: LedgerSMB \u003c 1.2.15",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/496181/100/0/threaded"
            },
            {
              "name": "4250",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/4250"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-4078",
    "datePublished": "2008-09-15T15:00:00",
    "dateReserved": "2008-09-15T00:00:00",
    "dateUpdated": "2024-08-07T10:00:42.806Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2007-5372 (GCVE-0-2007-5372)

Vulnerability from cvelistv5 – Published: 2007-10-11 10:00 – Updated: 2024-08-07 15:31
VLAI?
Summary
Multiple SQL injection vulnerabilities in (a) LedgerSMB 1.0.0 through 1.2.7 and (b) DWS Systems SQL-Ledger 2.x allow remote attackers to execute arbitrary SQL commands via (1) the invoice quantity field or (2) the sort field.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://secunia.com/advisories/27159 third-party-advisoryx_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://www.securityfocus.com/archive/1/481866/100… mailing-listx_refsource_BUGTRAQ
http://osvdb.org/37865 vdb-entryx_refsource_OSVDB
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://www.vupen.com/english/advisories/2007/3453 vdb-entryx_refsource_VUPEN
http://securityreason.com/securityalert/3209 third-party-advisoryx_refsource_SREASON
http://www.securityfocus.com/bid/25979 vdb-entryx_refsource_BID
http://osvdb.org/37866 vdb-entryx_refsource_OSVDB
http://www.ledgersmb.org/node/54 x_refsource_CONFIRM
http://secunia.com/advisories/27171 third-party-advisoryx_refsource_SECUNIA
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T15:31:57.153Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "27159",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27159"
          },
          {
            "name": "ledgersmb-unspecified-sql-injection(37032)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37032"
          },
          {
            "name": "20071009 LedgerSMB \u003c 1.2.8, SQL-Ledger 2.x Multiple SQL Injection Issues",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/481866/100/0/threaded"
          },
          {
            "name": "37865",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/37865"
          },
          {
            "name": "sqlledger-unspecified-sql-injection(37033)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37033"
          },
          {
            "name": "ADV-2007-3453",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/3453"
          },
          {
            "name": "3209",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/3209"
          },
          {
            "name": "25979",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/25979"
          },
          {
            "name": "37866",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/37866"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ledgersmb.org/node/54"
          },
          {
            "name": "27171",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27171"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-10-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple SQL injection vulnerabilities in (a) LedgerSMB 1.0.0 through 1.2.7 and (b) DWS Systems SQL-Ledger 2.x allow remote attackers to execute arbitrary SQL commands via (1) the invoice quantity field or (2) the sort field."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-15T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "27159",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27159"
        },
        {
          "name": "ledgersmb-unspecified-sql-injection(37032)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37032"
        },
        {
          "name": "20071009 LedgerSMB \u003c 1.2.8, SQL-Ledger 2.x Multiple SQL Injection Issues",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/481866/100/0/threaded"
        },
        {
          "name": "37865",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/37865"
        },
        {
          "name": "sqlledger-unspecified-sql-injection(37033)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37033"
        },
        {
          "name": "ADV-2007-3453",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/3453"
        },
        {
          "name": "3209",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/3209"
        },
        {
          "name": "25979",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/25979"
        },
        {
          "name": "37866",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/37866"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ledgersmb.org/node/54"
        },
        {
          "name": "27171",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27171"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-5372",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple SQL injection vulnerabilities in (a) LedgerSMB 1.0.0 through 1.2.7 and (b) DWS Systems SQL-Ledger 2.x allow remote attackers to execute arbitrary SQL commands via (1) the invoice quantity field or (2) the sort field."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "27159",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27159"
            },
            {
              "name": "ledgersmb-unspecified-sql-injection(37032)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37032"
            },
            {
              "name": "20071009 LedgerSMB \u003c 1.2.8, SQL-Ledger 2.x Multiple SQL Injection Issues",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/481866/100/0/threaded"
            },
            {
              "name": "37865",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/37865"
            },
            {
              "name": "sqlledger-unspecified-sql-injection(37033)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37033"
            },
            {
              "name": "ADV-2007-3453",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/3453"
            },
            {
              "name": "3209",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/3209"
            },
            {
              "name": "25979",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/25979"
            },
            {
              "name": "37866",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/37866"
            },
            {
              "name": "http://www.ledgersmb.org/node/54",
              "refsource": "CONFIRM",
              "url": "http://www.ledgersmb.org/node/54"
            },
            {
              "name": "27171",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27171"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-5372",
    "datePublished": "2007-10-11T10:00:00",
    "dateReserved": "2007-10-10T00:00:00",
    "dateUpdated": "2024-08-07T15:31:57.153Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2007-1923 (GCVE-0-2007-1923)

Vulnerability from cvelistv5 – Published: 2007-04-10 00:00 – Updated: 2024-08-07 13:13
VLAI?
Summary
(1) LedgerSMB and (2) DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direct requests. The LedgerSMB affected versions are before 1.3.0.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T13:13:41.559Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "38218",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://osvdb.org/38218"
          },
          {
            "name": "sqlledger-acl-weak-security(33494)",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33494"
          },
          {
            "name": "2552",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/2552"
          },
          {
            "name": "38217",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://osvdb.org/38217"
          },
          {
            "name": "23352",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/23352"
          },
          {
            "name": "20070406 ACLS ineffective in SQL-Ledger and LedgerSMB",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/464880/100/0/threaded"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/ledgersmb/LedgerSMB/blob/master/Changelog"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-04-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "(1) LedgerSMB and (2) DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direct requests. The LedgerSMB affected versions are before 1.3.0."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-25T04:58:55.612724",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "38218",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://osvdb.org/38218"
        },
        {
          "name": "sqlledger-acl-weak-security(33494)",
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33494"
        },
        {
          "name": "2552",
          "tags": [
            "third-party-advisory"
          ],
          "url": "http://securityreason.com/securityalert/2552"
        },
        {
          "name": "38217",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://osvdb.org/38217"
        },
        {
          "name": "23352",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/23352"
        },
        {
          "name": "20070406 ACLS ineffective in SQL-Ledger and LedgerSMB",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.securityfocus.com/archive/1/464880/100/0/threaded"
        },
        {
          "url": "https://github.com/ledgersmb/LedgerSMB/blob/master/Changelog"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-1923",
    "datePublished": "2007-04-10T00:00:00",
    "dateReserved": "2007-04-10T00:00:00",
    "dateUpdated": "2024-08-07T13:13:41.559Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2006-5872 (GCVE-0-2006-5872)

Vulnerability from cvelistv5 – Published: 2006-12-18 00:00 – Updated: 2024-08-07 20:04
VLAI?
Summary
login.pl in SQL-Ledger before 2.6.21 and LedgerSMB before 1.1.5 allows remote attackers to execute arbitrary Perl code via the "-e" flag in the script parameter, which is used as an argument to the perl program.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://securitytracker.com/id?1017391 vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/21634 vdb-entryx_refsource_BID
http://secunia.com/advisories/23375 third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/23419 third-party-advisoryx_refsource_SECUNIA
http://www.vupen.com/english/advisories/2006/5043 vdb-entryx_refsource_VUPEN
http://www.debian.org/security/2006/dsa-1239 vendor-advisoryx_refsource_DEBIAN
http://www.vupen.com/english/advisories/2007/0407 vdb-entryx_refsource_VUPEN
http://www.securityfocus.com/archive/1/458300/100… mailing-listx_refsource_BUGTRAQ
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T20:04:55.662Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1017391",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1017391"
          },
          {
            "name": "21634",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/21634"
          },
          {
            "name": "23375",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23375"
          },
          {
            "name": "23419",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23419"
          },
          {
            "name": "ADV-2006-5043",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/5043"
          },
          {
            "name": "DSA-1239",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2006/dsa-1239"
          },
          {
            "name": "ADV-2007-0407",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/0407"
          },
          {
            "name": "20070127 Full Disclosure: Arbitrary Code Execution in LedgerSMB CVE-2006-5872",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/458300/100/0/threaded"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-12-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "login.pl in SQL-Ledger before 2.6.21 and LedgerSMB before 1.1.5 allows remote attackers to execute arbitrary Perl code via the \"-e\" flag in the script parameter, which is used as an argument to the perl program."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-17T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1017391",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1017391"
        },
        {
          "name": "21634",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/21634"
        },
        {
          "name": "23375",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23375"
        },
        {
          "name": "23419",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23419"
        },
        {
          "name": "ADV-2006-5043",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/5043"
        },
        {
          "name": "DSA-1239",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2006/dsa-1239"
        },
        {
          "name": "ADV-2007-0407",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/0407"
        },
        {
          "name": "20070127 Full Disclosure: Arbitrary Code Execution in LedgerSMB CVE-2006-5872",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/458300/100/0/threaded"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-5872",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "login.pl in SQL-Ledger before 2.6.21 and LedgerSMB before 1.1.5 allows remote attackers to execute arbitrary Perl code via the \"-e\" flag in the script parameter, which is used as an argument to the perl program."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1017391",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1017391"
            },
            {
              "name": "21634",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/21634"
            },
            {
              "name": "23375",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/23375"
            },
            {
              "name": "23419",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/23419"
            },
            {
              "name": "ADV-2006-5043",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/5043"
            },
            {
              "name": "DSA-1239",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2006/dsa-1239"
            },
            {
              "name": "ADV-2007-0407",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/0407"
            },
            {
              "name": "20070127 Full Disclosure: Arbitrary Code Execution in LedgerSMB CVE-2006-5872",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/458300/100/0/threaded"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-5872",
    "datePublished": "2006-12-18T00:00:00",
    "dateReserved": "2006-11-14T00:00:00",
    "dateUpdated": "2024-08-07T20:04:55.662Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2006-4798 (GCVE-0-2006-4798)

Vulnerability from cvelistv5 – Published: 2006-09-14 21:00 – Updated: 2024-08-07 19:23
VLAI?
Summary
SQL-Ledger before 2.4.4 stores a password in a query string, which might allow context-dependent attackers to obtain the password via a Referer field or browser history.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://securityreason.com/securityalert/1579 third-party-advisoryx_refsource_SREASON
http://www.securityfocus.com/archive/1/445512 mailing-listx_refsource_BUGTRAQ
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T19:23:41.231Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "sql-ledger-session-unauth-access(28671)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28671"
          },
          {
            "name": "1579",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/1579"
          },
          {
            "name": "20060907 Full Disclosure for SQL-Ledger vulnerability CVE-2006-4244",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/445512"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-09-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "SQL-Ledger before 2.4.4 stores a password in a query string, which might allow context-dependent attackers to obtain the password via a Referer field or browser history."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-19T15:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "sql-ledger-session-unauth-access(28671)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28671"
        },
        {
          "name": "1579",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/1579"
        },
        {
          "name": "20060907 Full Disclosure for SQL-Ledger vulnerability CVE-2006-4244",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/445512"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-4798",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SQL-Ledger before 2.4.4 stores a password in a query string, which might allow context-dependent attackers to obtain the password via a Referer field or browser history."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "sql-ledger-session-unauth-access(28671)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28671"
            },
            {
              "name": "1579",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/1579"
            },
            {
              "name": "20060907 Full Disclosure for SQL-Ledger vulnerability CVE-2006-4244",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/445512"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-4798",
    "datePublished": "2006-09-14T21:00:00",
    "dateReserved": "2006-09-14T00:00:00",
    "dateUpdated": "2024-08-07T19:23:41.231Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2006-4731 (GCVE-0-2006-4731)

Vulnerability from cvelistv5 – Published: 2006-09-13 00:00 – Updated: 2024-08-07 19:23
VLAI?
Summary
Multiple directory traversal vulnerabilities in (1) login.pl and (2) admin.pl in (a) SQL-Ledger before 2.6.19 and (b) LedgerSMB before 1.0.0p1 allow remote attackers to execute arbitrary Perl code via an unspecified terminal parameter value containing ../ (dot dot slash).
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T19:23:40.501Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "19960",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/19960"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.sql-ledger.org/cgi-bin/nav.pl?page=news.html\u0026title=What%27s%20New"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sourceforge.net/project/shownotes.php?group_id=175965\u0026release_id=446778"
          },
          {
            "name": "1553",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/1553"
          },
          {
            "name": "21886",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21886"
          },
          {
            "name": "ADV-2006-3555",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3555"
          },
          {
            "name": "sqlledger-ledgersmb-terminal-file-include(28885)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28885"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://svn.sourceforge.net/viewvc/ledger-smb/trunk/login.pl?r1=53\u0026r2=69"
          },
          {
            "name": "20060912 LedgerSMB 1.0.0 and SQL-Ledger 2.6.18 and earler arbitrary code execution",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/445817/100/0/threaded"
          },
          {
            "name": "ADV-2006-3554",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3554"
          },
          {
            "name": "21824",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21824"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-09-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple directory traversal vulnerabilities in (1) login.pl and (2) admin.pl in (a) SQL-Ledger before 2.6.19 and (b) LedgerSMB before 1.0.0p1 allow remote attackers to execute arbitrary Perl code via an unspecified terminal parameter value containing ../ (dot dot slash)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-17T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "19960",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/19960"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.sql-ledger.org/cgi-bin/nav.pl?page=news.html\u0026title=What%27s%20New"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sourceforge.net/project/shownotes.php?group_id=175965\u0026release_id=446778"
        },
        {
          "name": "1553",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/1553"
        },
        {
          "name": "21886",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21886"
        },
        {
          "name": "ADV-2006-3555",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3555"
        },
        {
          "name": "sqlledger-ledgersmb-terminal-file-include(28885)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28885"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://svn.sourceforge.net/viewvc/ledger-smb/trunk/login.pl?r1=53\u0026r2=69"
        },
        {
          "name": "20060912 LedgerSMB 1.0.0 and SQL-Ledger 2.6.18 and earler arbitrary code execution",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/445817/100/0/threaded"
        },
        {
          "name": "ADV-2006-3554",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3554"
        },
        {
          "name": "21824",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21824"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-4731",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple directory traversal vulnerabilities in (1) login.pl and (2) admin.pl in (a) SQL-Ledger before 2.6.19 and (b) LedgerSMB before 1.0.0p1 allow remote attackers to execute arbitrary Perl code via an unspecified terminal parameter value containing ../ (dot dot slash)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "19960",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/19960"
            },
            {
              "name": "http://www.sql-ledger.org/cgi-bin/nav.pl?page=news.html\u0026title=What\u0027s%20New",
              "refsource": "CONFIRM",
              "url": "http://www.sql-ledger.org/cgi-bin/nav.pl?page=news.html\u0026title=What\u0027s%20New"
            },
            {
              "name": "http://sourceforge.net/project/shownotes.php?group_id=175965\u0026release_id=446778",
              "refsource": "CONFIRM",
              "url": "http://sourceforge.net/project/shownotes.php?group_id=175965\u0026release_id=446778"
            },
            {
              "name": "1553",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/1553"
            },
            {
              "name": "21886",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21886"
            },
            {
              "name": "ADV-2006-3555",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/3555"
            },
            {
              "name": "sqlledger-ledgersmb-terminal-file-include(28885)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28885"
            },
            {
              "name": "http://svn.sourceforge.net/viewvc/ledger-smb/trunk/login.pl?r1=53\u0026r2=69",
              "refsource": "MISC",
              "url": "http://svn.sourceforge.net/viewvc/ledger-smb/trunk/login.pl?r1=53\u0026r2=69"
            },
            {
              "name": "20060912 LedgerSMB 1.0.0 and SQL-Ledger 2.6.18 and earler arbitrary code execution",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/445817/100/0/threaded"
            },
            {
              "name": "ADV-2006-3554",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/3554"
            },
            {
              "name": "21824",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21824"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-4731",
    "datePublished": "2006-09-13T00:00:00",
    "dateReserved": "2006-09-12T00:00:00",
    "dateUpdated": "2024-08-07T19:23:40.501Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2008-4077 (GCVE-0-2008-4077)

Vulnerability from nvd – Published: 2008-09-15 15:00 – Updated: 2024-08-07 10:00
VLAI?
Summary
The CGI scripts in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allow remote attackers to cause a denial of service (resource exhaustion) via an HTTP POST request with a large Content-Length.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://secunia.com/advisories/31843 third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/31109 vdb-entryx_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://www.securityfocus.com/archive/1/496181/100… mailing-listx_refsource_BUGTRAQ
http://www.ledgersmb.org/node/70 x_refsource_CONFIRM
http://securityreason.com/securityalert/4250 third-party-advisoryx_refsource_SREASON
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T10:00:42.863Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "31843",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31843"
          },
          {
            "name": "31109",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/31109"
          },
          {
            "name": "ledgersmb-contentlength-dos(45033)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45033"
          },
          {
            "name": "20080910 Multiple Vulnerabilities: LedgerSMB \u003c 1.2.15",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/496181/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ledgersmb.org/node/70"
          },
          {
            "name": "4250",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/4250"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-09-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The CGI scripts in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allow remote attackers to cause a denial of service (resource exhaustion) via an HTTP POST request with a large Content-Length."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-11T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "31843",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31843"
        },
        {
          "name": "31109",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/31109"
        },
        {
          "name": "ledgersmb-contentlength-dos(45033)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45033"
        },
        {
          "name": "20080910 Multiple Vulnerabilities: LedgerSMB \u003c 1.2.15",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/496181/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ledgersmb.org/node/70"
        },
        {
          "name": "4250",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/4250"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-4077",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The CGI scripts in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allow remote attackers to cause a denial of service (resource exhaustion) via an HTTP POST request with a large Content-Length."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "31843",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31843"
            },
            {
              "name": "31109",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/31109"
            },
            {
              "name": "ledgersmb-contentlength-dos(45033)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45033"
            },
            {
              "name": "20080910 Multiple Vulnerabilities: LedgerSMB \u003c 1.2.15",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/496181/100/0/threaded"
            },
            {
              "name": "http://www.ledgersmb.org/node/70",
              "refsource": "CONFIRM",
              "url": "http://www.ledgersmb.org/node/70"
            },
            {
              "name": "4250",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/4250"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-4077",
    "datePublished": "2008-09-15T15:00:00",
    "dateReserved": "2008-09-15T00:00:00",
    "dateUpdated": "2024-08-07T10:00:42.863Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2008-4078 (GCVE-0-2008-4078)

Vulnerability from nvd – Published: 2008-09-15 15:00 – Updated: 2024-08-07 10:00
VLAI?
Summary
SQL injection vulnerability in the AR/AP transaction report in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://sourceforge.net/project/shownotes.php?grou… x_refsource_CONFIRM
http://secunia.com/advisories/31843 third-party-advisoryx_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://www.securityfocus.com/bid/31109 vdb-entryx_refsource_BID
http://www.securityfocus.com/archive/1/496181/100… mailing-listx_refsource_BUGTRAQ
http://securityreason.com/securityalert/4250 third-party-advisoryx_refsource_SREASON
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T10:00:42.806Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sourceforge.net/project/shownotes.php?group_id=175965\u0026release_id=624978"
          },
          {
            "name": "31843",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31843"
          },
          {
            "name": "ledgersmb-aptransactionreport-sql-injection(45034)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45034"
          },
          {
            "name": "31109",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/31109"
          },
          {
            "name": "20080910 Multiple Vulnerabilities: LedgerSMB \u003c 1.2.15",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/496181/100/0/threaded"
          },
          {
            "name": "4250",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/4250"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-09-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "SQL injection vulnerability in the AR/AP transaction report in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-11T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sourceforge.net/project/shownotes.php?group_id=175965\u0026release_id=624978"
        },
        {
          "name": "31843",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31843"
        },
        {
          "name": "ledgersmb-aptransactionreport-sql-injection(45034)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45034"
        },
        {
          "name": "31109",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/31109"
        },
        {
          "name": "20080910 Multiple Vulnerabilities: LedgerSMB \u003c 1.2.15",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/496181/100/0/threaded"
        },
        {
          "name": "4250",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/4250"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-4078",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SQL injection vulnerability in the AR/AP transaction report in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://sourceforge.net/project/shownotes.php?group_id=175965\u0026release_id=624978",
              "refsource": "CONFIRM",
              "url": "http://sourceforge.net/project/shownotes.php?group_id=175965\u0026release_id=624978"
            },
            {
              "name": "31843",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31843"
            },
            {
              "name": "ledgersmb-aptransactionreport-sql-injection(45034)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45034"
            },
            {
              "name": "31109",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/31109"
            },
            {
              "name": "20080910 Multiple Vulnerabilities: LedgerSMB \u003c 1.2.15",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/496181/100/0/threaded"
            },
            {
              "name": "4250",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/4250"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-4078",
    "datePublished": "2008-09-15T15:00:00",
    "dateReserved": "2008-09-15T00:00:00",
    "dateUpdated": "2024-08-07T10:00:42.806Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2007-5372 (GCVE-0-2007-5372)

Vulnerability from nvd – Published: 2007-10-11 10:00 – Updated: 2024-08-07 15:31
VLAI?
Summary
Multiple SQL injection vulnerabilities in (a) LedgerSMB 1.0.0 through 1.2.7 and (b) DWS Systems SQL-Ledger 2.x allow remote attackers to execute arbitrary SQL commands via (1) the invoice quantity field or (2) the sort field.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://secunia.com/advisories/27159 third-party-advisoryx_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://www.securityfocus.com/archive/1/481866/100… mailing-listx_refsource_BUGTRAQ
http://osvdb.org/37865 vdb-entryx_refsource_OSVDB
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://www.vupen.com/english/advisories/2007/3453 vdb-entryx_refsource_VUPEN
http://securityreason.com/securityalert/3209 third-party-advisoryx_refsource_SREASON
http://www.securityfocus.com/bid/25979 vdb-entryx_refsource_BID
http://osvdb.org/37866 vdb-entryx_refsource_OSVDB
http://www.ledgersmb.org/node/54 x_refsource_CONFIRM
http://secunia.com/advisories/27171 third-party-advisoryx_refsource_SECUNIA
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T15:31:57.153Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "27159",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27159"
          },
          {
            "name": "ledgersmb-unspecified-sql-injection(37032)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37032"
          },
          {
            "name": "20071009 LedgerSMB \u003c 1.2.8, SQL-Ledger 2.x Multiple SQL Injection Issues",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/481866/100/0/threaded"
          },
          {
            "name": "37865",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/37865"
          },
          {
            "name": "sqlledger-unspecified-sql-injection(37033)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37033"
          },
          {
            "name": "ADV-2007-3453",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/3453"
          },
          {
            "name": "3209",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/3209"
          },
          {
            "name": "25979",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/25979"
          },
          {
            "name": "37866",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/37866"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.ledgersmb.org/node/54"
          },
          {
            "name": "27171",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27171"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-10-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple SQL injection vulnerabilities in (a) LedgerSMB 1.0.0 through 1.2.7 and (b) DWS Systems SQL-Ledger 2.x allow remote attackers to execute arbitrary SQL commands via (1) the invoice quantity field or (2) the sort field."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-15T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "27159",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27159"
        },
        {
          "name": "ledgersmb-unspecified-sql-injection(37032)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37032"
        },
        {
          "name": "20071009 LedgerSMB \u003c 1.2.8, SQL-Ledger 2.x Multiple SQL Injection Issues",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/481866/100/0/threaded"
        },
        {
          "name": "37865",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/37865"
        },
        {
          "name": "sqlledger-unspecified-sql-injection(37033)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37033"
        },
        {
          "name": "ADV-2007-3453",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/3453"
        },
        {
          "name": "3209",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/3209"
        },
        {
          "name": "25979",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/25979"
        },
        {
          "name": "37866",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/37866"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.ledgersmb.org/node/54"
        },
        {
          "name": "27171",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27171"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-5372",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple SQL injection vulnerabilities in (a) LedgerSMB 1.0.0 through 1.2.7 and (b) DWS Systems SQL-Ledger 2.x allow remote attackers to execute arbitrary SQL commands via (1) the invoice quantity field or (2) the sort field."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "27159",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27159"
            },
            {
              "name": "ledgersmb-unspecified-sql-injection(37032)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37032"
            },
            {
              "name": "20071009 LedgerSMB \u003c 1.2.8, SQL-Ledger 2.x Multiple SQL Injection Issues",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/481866/100/0/threaded"
            },
            {
              "name": "37865",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/37865"
            },
            {
              "name": "sqlledger-unspecified-sql-injection(37033)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37033"
            },
            {
              "name": "ADV-2007-3453",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/3453"
            },
            {
              "name": "3209",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/3209"
            },
            {
              "name": "25979",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/25979"
            },
            {
              "name": "37866",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/37866"
            },
            {
              "name": "http://www.ledgersmb.org/node/54",
              "refsource": "CONFIRM",
              "url": "http://www.ledgersmb.org/node/54"
            },
            {
              "name": "27171",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27171"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-5372",
    "datePublished": "2007-10-11T10:00:00",
    "dateReserved": "2007-10-10T00:00:00",
    "dateUpdated": "2024-08-07T15:31:57.153Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2007-1923 (GCVE-0-2007-1923)

Vulnerability from nvd – Published: 2007-04-10 00:00 – Updated: 2024-08-07 13:13
VLAI?
Summary
(1) LedgerSMB and (2) DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direct requests. The LedgerSMB affected versions are before 1.3.0.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T13:13:41.559Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "38218",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://osvdb.org/38218"
          },
          {
            "name": "sqlledger-acl-weak-security(33494)",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33494"
          },
          {
            "name": "2552",
            "tags": [
              "third-party-advisory",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/2552"
          },
          {
            "name": "38217",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://osvdb.org/38217"
          },
          {
            "name": "23352",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/23352"
          },
          {
            "name": "20070406 ACLS ineffective in SQL-Ledger and LedgerSMB",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/464880/100/0/threaded"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/ledgersmb/LedgerSMB/blob/master/Changelog"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-04-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "(1) LedgerSMB and (2) DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direct requests. The LedgerSMB affected versions are before 1.3.0."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-09-25T04:58:55.612724",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "38218",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://osvdb.org/38218"
        },
        {
          "name": "sqlledger-acl-weak-security(33494)",
          "tags": [
            "vdb-entry"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33494"
        },
        {
          "name": "2552",
          "tags": [
            "third-party-advisory"
          ],
          "url": "http://securityreason.com/securityalert/2552"
        },
        {
          "name": "38217",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://osvdb.org/38217"
        },
        {
          "name": "23352",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/23352"
        },
        {
          "name": "20070406 ACLS ineffective in SQL-Ledger and LedgerSMB",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.securityfocus.com/archive/1/464880/100/0/threaded"
        },
        {
          "url": "https://github.com/ledgersmb/LedgerSMB/blob/master/Changelog"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-1923",
    "datePublished": "2007-04-10T00:00:00",
    "dateReserved": "2007-04-10T00:00:00",
    "dateUpdated": "2024-08-07T13:13:41.559Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2006-5872 (GCVE-0-2006-5872)

Vulnerability from nvd – Published: 2006-12-18 00:00 – Updated: 2024-08-07 20:04
VLAI?
Summary
login.pl in SQL-Ledger before 2.6.21 and LedgerSMB before 1.1.5 allows remote attackers to execute arbitrary Perl code via the "-e" flag in the script parameter, which is used as an argument to the perl program.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://securitytracker.com/id?1017391 vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/21634 vdb-entryx_refsource_BID
http://secunia.com/advisories/23375 third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/23419 third-party-advisoryx_refsource_SECUNIA
http://www.vupen.com/english/advisories/2006/5043 vdb-entryx_refsource_VUPEN
http://www.debian.org/security/2006/dsa-1239 vendor-advisoryx_refsource_DEBIAN
http://www.vupen.com/english/advisories/2007/0407 vdb-entryx_refsource_VUPEN
http://www.securityfocus.com/archive/1/458300/100… mailing-listx_refsource_BUGTRAQ
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T20:04:55.662Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1017391",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1017391"
          },
          {
            "name": "21634",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/21634"
          },
          {
            "name": "23375",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23375"
          },
          {
            "name": "23419",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23419"
          },
          {
            "name": "ADV-2006-5043",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/5043"
          },
          {
            "name": "DSA-1239",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2006/dsa-1239"
          },
          {
            "name": "ADV-2007-0407",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/0407"
          },
          {
            "name": "20070127 Full Disclosure: Arbitrary Code Execution in LedgerSMB CVE-2006-5872",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/458300/100/0/threaded"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-12-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "login.pl in SQL-Ledger before 2.6.21 and LedgerSMB before 1.1.5 allows remote attackers to execute arbitrary Perl code via the \"-e\" flag in the script parameter, which is used as an argument to the perl program."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-17T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1017391",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1017391"
        },
        {
          "name": "21634",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/21634"
        },
        {
          "name": "23375",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23375"
        },
        {
          "name": "23419",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23419"
        },
        {
          "name": "ADV-2006-5043",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/5043"
        },
        {
          "name": "DSA-1239",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2006/dsa-1239"
        },
        {
          "name": "ADV-2007-0407",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/0407"
        },
        {
          "name": "20070127 Full Disclosure: Arbitrary Code Execution in LedgerSMB CVE-2006-5872",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/458300/100/0/threaded"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-5872",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "login.pl in SQL-Ledger before 2.6.21 and LedgerSMB before 1.1.5 allows remote attackers to execute arbitrary Perl code via the \"-e\" flag in the script parameter, which is used as an argument to the perl program."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1017391",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1017391"
            },
            {
              "name": "21634",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/21634"
            },
            {
              "name": "23375",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/23375"
            },
            {
              "name": "23419",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/23419"
            },
            {
              "name": "ADV-2006-5043",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/5043"
            },
            {
              "name": "DSA-1239",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2006/dsa-1239"
            },
            {
              "name": "ADV-2007-0407",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/0407"
            },
            {
              "name": "20070127 Full Disclosure: Arbitrary Code Execution in LedgerSMB CVE-2006-5872",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/458300/100/0/threaded"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-5872",
    "datePublished": "2006-12-18T00:00:00",
    "dateReserved": "2006-11-14T00:00:00",
    "dateUpdated": "2024-08-07T20:04:55.662Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2006-4798 (GCVE-0-2006-4798)

Vulnerability from nvd – Published: 2006-09-14 21:00 – Updated: 2024-08-07 19:23
VLAI?
Summary
SQL-Ledger before 2.4.4 stores a password in a query string, which might allow context-dependent attackers to obtain the password via a Referer field or browser history.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://securityreason.com/securityalert/1579 third-party-advisoryx_refsource_SREASON
http://www.securityfocus.com/archive/1/445512 mailing-listx_refsource_BUGTRAQ
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T19:23:41.231Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "sql-ledger-session-unauth-access(28671)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28671"
          },
          {
            "name": "1579",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/1579"
          },
          {
            "name": "20060907 Full Disclosure for SQL-Ledger vulnerability CVE-2006-4244",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/445512"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-09-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "SQL-Ledger before 2.4.4 stores a password in a query string, which might allow context-dependent attackers to obtain the password via a Referer field or browser history."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-19T15:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "sql-ledger-session-unauth-access(28671)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28671"
        },
        {
          "name": "1579",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/1579"
        },
        {
          "name": "20060907 Full Disclosure for SQL-Ledger vulnerability CVE-2006-4244",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/445512"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-4798",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SQL-Ledger before 2.4.4 stores a password in a query string, which might allow context-dependent attackers to obtain the password via a Referer field or browser history."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "sql-ledger-session-unauth-access(28671)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28671"
            },
            {
              "name": "1579",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/1579"
            },
            {
              "name": "20060907 Full Disclosure for SQL-Ledger vulnerability CVE-2006-4244",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/445512"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-4798",
    "datePublished": "2006-09-14T21:00:00",
    "dateReserved": "2006-09-14T00:00:00",
    "dateUpdated": "2024-08-07T19:23:41.231Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2006-4731 (GCVE-0-2006-4731)

Vulnerability from nvd – Published: 2006-09-13 00:00 – Updated: 2024-08-07 19:23
VLAI?
Summary
Multiple directory traversal vulnerabilities in (1) login.pl and (2) admin.pl in (a) SQL-Ledger before 2.6.19 and (b) LedgerSMB before 1.0.0p1 allow remote attackers to execute arbitrary Perl code via an unspecified terminal parameter value containing ../ (dot dot slash).
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T19:23:40.501Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "19960",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/19960"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.sql-ledger.org/cgi-bin/nav.pl?page=news.html\u0026title=What%27s%20New"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sourceforge.net/project/shownotes.php?group_id=175965\u0026release_id=446778"
          },
          {
            "name": "1553",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/1553"
          },
          {
            "name": "21886",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21886"
          },
          {
            "name": "ADV-2006-3555",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3555"
          },
          {
            "name": "sqlledger-ledgersmb-terminal-file-include(28885)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28885"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://svn.sourceforge.net/viewvc/ledger-smb/trunk/login.pl?r1=53\u0026r2=69"
          },
          {
            "name": "20060912 LedgerSMB 1.0.0 and SQL-Ledger 2.6.18 and earler arbitrary code execution",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/445817/100/0/threaded"
          },
          {
            "name": "ADV-2006-3554",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/3554"
          },
          {
            "name": "21824",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21824"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-09-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple directory traversal vulnerabilities in (1) login.pl and (2) admin.pl in (a) SQL-Ledger before 2.6.19 and (b) LedgerSMB before 1.0.0p1 allow remote attackers to execute arbitrary Perl code via an unspecified terminal parameter value containing ../ (dot dot slash)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-17T20:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "19960",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/19960"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.sql-ledger.org/cgi-bin/nav.pl?page=news.html\u0026title=What%27s%20New"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sourceforge.net/project/shownotes.php?group_id=175965\u0026release_id=446778"
        },
        {
          "name": "1553",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/1553"
        },
        {
          "name": "21886",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21886"
        },
        {
          "name": "ADV-2006-3555",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3555"
        },
        {
          "name": "sqlledger-ledgersmb-terminal-file-include(28885)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28885"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://svn.sourceforge.net/viewvc/ledger-smb/trunk/login.pl?r1=53\u0026r2=69"
        },
        {
          "name": "20060912 LedgerSMB 1.0.0 and SQL-Ledger 2.6.18 and earler arbitrary code execution",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/445817/100/0/threaded"
        },
        {
          "name": "ADV-2006-3554",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/3554"
        },
        {
          "name": "21824",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21824"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-4731",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple directory traversal vulnerabilities in (1) login.pl and (2) admin.pl in (a) SQL-Ledger before 2.6.19 and (b) LedgerSMB before 1.0.0p1 allow remote attackers to execute arbitrary Perl code via an unspecified terminal parameter value containing ../ (dot dot slash)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "19960",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/19960"
            },
            {
              "name": "http://www.sql-ledger.org/cgi-bin/nav.pl?page=news.html\u0026title=What\u0027s%20New",
              "refsource": "CONFIRM",
              "url": "http://www.sql-ledger.org/cgi-bin/nav.pl?page=news.html\u0026title=What\u0027s%20New"
            },
            {
              "name": "http://sourceforge.net/project/shownotes.php?group_id=175965\u0026release_id=446778",
              "refsource": "CONFIRM",
              "url": "http://sourceforge.net/project/shownotes.php?group_id=175965\u0026release_id=446778"
            },
            {
              "name": "1553",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/1553"
            },
            {
              "name": "21886",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21886"
            },
            {
              "name": "ADV-2006-3555",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/3555"
            },
            {
              "name": "sqlledger-ledgersmb-terminal-file-include(28885)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28885"
            },
            {
              "name": "http://svn.sourceforge.net/viewvc/ledger-smb/trunk/login.pl?r1=53\u0026r2=69",
              "refsource": "MISC",
              "url": "http://svn.sourceforge.net/viewvc/ledger-smb/trunk/login.pl?r1=53\u0026r2=69"
            },
            {
              "name": "20060912 LedgerSMB 1.0.0 and SQL-Ledger 2.6.18 and earler arbitrary code execution",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/445817/100/0/threaded"
            },
            {
              "name": "ADV-2006-3554",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/3554"
            },
            {
              "name": "21824",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21824"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-4731",
    "datePublished": "2006-09-13T00:00:00",
    "dateReserved": "2006-09-12T00:00:00",
    "dateUpdated": "2024-08-07T19:23:40.501Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

FKIE_CVE-2007-5372

Vulnerability from fkie_nvd - Published: 2007-10-11 10:17 - Updated: 2025-04-09 00:30
Severity ?
Summary
Multiple SQL injection vulnerabilities in (a) LedgerSMB 1.0.0 through 1.2.7 and (b) DWS Systems SQL-Ledger 2.x allow remote attackers to execute arbitrary SQL commands via (1) the invoice quantity field or (2) the sort field.
References
cve@mitre.orghttp://osvdb.org/37865
cve@mitre.orghttp://osvdb.org/37866
cve@mitre.orghttp://secunia.com/advisories/27159
cve@mitre.orghttp://secunia.com/advisories/27171
cve@mitre.orghttp://securityreason.com/securityalert/3209
cve@mitre.orghttp://www.ledgersmb.org/node/54
cve@mitre.orghttp://www.securityfocus.com/archive/1/481866/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/25979
cve@mitre.orghttp://www.vupen.com/english/advisories/2007/3453
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/37032
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/37033
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/37865
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/37866
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/27159
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/27171
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/3209
af854a3a-2127-422b-91ae-364da2661108http://www.ledgersmb.org/node/54
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/481866/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/25979
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/3453
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/37032
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/37033
Impacted products
Vendor Product Version
dws_systems_inc. sql-ledger 2.2.0
dws_systems_inc. sql-ledger 2.2.1
dws_systems_inc. sql-ledger 2.2.2
dws_systems_inc. sql-ledger 2.2.3
dws_systems_inc. sql-ledger 2.2.4
dws_systems_inc. sql-ledger 2.2.5
dws_systems_inc. sql-ledger 2.2.6
dws_systems_inc. sql-ledger 2.2.7
dws_systems_inc. sql-ledger 2.4.0
dws_systems_inc. sql-ledger 2.4.1
dws_systems_inc. sql-ledger 2.4.2
dws_systems_inc. sql-ledger 2.4.3
dws_systems_inc. sql-ledger 2.4.4
dws_systems_inc. sql-ledger 2.4.5
dws_systems_inc. sql-ledger 2.4.6
dws_systems_inc. sql-ledger 2.4.7
dws_systems_inc. sql-ledger 2.4.8
dws_systems_inc. sql-ledger 2.4.9
dws_systems_inc. sql-ledger 2.4.10
dws_systems_inc. sql-ledger 2.4.11
dws_systems_inc. sql-ledger 2.4.12
dws_systems_inc. sql-ledger 2.4.13
dws_systems_inc. sql-ledger 2.4.14
dws_systems_inc. sql-ledger 2.4.15
dws_systems_inc. sql-ledger 2.4.16
dws_systems_inc. sql-ledger 2.6.1
dws_systems_inc. sql-ledger 2.6.2
dws_systems_inc. sql-ledger 2.6.3
dws_systems_inc. sql-ledger 2.6.4
dws_systems_inc. sql-ledger 2.6.5
dws_systems_inc. sql-ledger 2.6.6
dws_systems_inc. sql-ledger 2.6.7
dws_systems_inc. sql-ledger 2.6.8
dws_systems_inc. sql-ledger 2.6.9
dws_systems_inc. sql-ledger 2.6.10
dws_systems_inc. sql-ledger 2.6.11
dws_systems_inc. sql-ledger 2.6.12
dws_systems_inc. sql-ledger 2.6.13
dws_systems_inc. sql-ledger 2.6.14
dws_systems_inc. sql-ledger 2.6.15
dws_systems_inc. sql-ledger 2.6.16
dws_systems_inc. sql-ledger 2.6.17
dws_systems_inc. sql-ledger 2.6.18
dws_systems_inc. sql-ledger 2.6.27
ledgersmb ledgersmb 1.0.0
ledgersmb ledgersmb 1.1.0
ledgersmb ledgersmb 1.1.1
ledgersmb ledgersmb 1.1.5
ledgersmb ledgersmb 1.1.8
ledgersmb ledgersmb 1.2.0
ledgersmb ledgersmb 1.2.1
ledgersmb ledgersmb 1.2.2
ledgersmb ledgersmb 1.2.3
ledgersmb ledgersmb 1.2.4
ledgersmb ledgersmb 1.2.5
ledgersmb ledgersmb 1.2.6
ledgersmb ledgersmb 1.2.7
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BB9C66B-1984-4947-909B-E3F54DF06909",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F0D5853-2982-48B7-B269-481C4144E213",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1353122-B4C2-4153-AD4C-9B6D9CD2B2B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "48CFD8FA-F9E4-48BF-A9BA-9C32153A68BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE9C0C77-B7F3-4532-8A5C-6DCFEB449F59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E83ECB29-1821-4ED3-A9BD-3E4FF4693407",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "54A2DCBE-6D0F-4BE5-8554-31119A33B9AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "038721B9-C41E-4F5B-824E-7C0FB45B5C05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BFD4D31-1454-47DC-BFB5-8BE12F81A055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D208EAF0-B935-4429-A9B6-E5C442DA00C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE9A1223-6E76-44C8-A8DF-80A4721DDB07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "73906EC6-6AED-4E00-B878-E14E145C63C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E3142D8-A208-4663-9DE5-E2C850E545DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D6E6DF4-7B05-4C37-BF82-E912D768750C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A7F2842-997F-4403-8DD0-C5A0D506ADB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE971DD9-81A9-49F3-B332-C29643325DFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "836E17BD-E968-449C-AB48-9226617DAAF1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C821D81-A9F8-4CA2-8930-603191F88DC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCC10542-1473-4A25-A0C0-EAA1E8C724D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "51AC444F-F1F4-44E1-892E-9D195D04B082",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "3735244D-DC20-4713-9117-B838E1743A7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "40C9F399-BDC3-4635-AFD0-B23C8655327E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "858502CB-8AB6-4FD2-AA98-BB6336CCE1D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "06D0A870-71C4-4E67-9377-EE2B67052DF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CF31178-1F21-4F04-8BC5-59CE908673D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "034006A3-F6B7-4E41-86E1-FBA11F78BCA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBC1EF7F-B2EF-459D-A2A1-EFF90B093E28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A763C2E-DBE3-4ECD-9B01-994A8247D60A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F52FC67-7F9C-47E1-831F-EE8BB81ADAA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1911B88B-2C1B-494C-95B8-47C7FFB6248C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B08FB320-0E34-40B6-9BFA-DD21F65F99E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B9DEAD0-E077-4FC9-9BE6-6CD2F2729BF1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F413591-7937-408E-AD77-67F6BF4E204A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "A419EBB7-F076-412A-B6EC-AE6A551F21FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "0359C86B-003A-446C-B880-575300B53C99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "71E696FB-F432-4022-A868-4151B1DF2517",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "F272D642-B132-480B-A235-6A990FEF47E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "F710BFC3-F5DE-498C-9669-A87F16ADCA2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "05ADA7EF-DC67-4830-97C7-EFF14FD2F327",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D594BCB-7FF8-417D-AC6D-B38881A075E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBC86CC6-C3E2-497D-8E81-9B10C97AA008",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "71C41DD4-4E0C-42A1-9D57-D89BEC35A6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D54002D-D37E-4730-A8B9-5164F8426E04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "B434E7A6-1924-45B9-ADE2-F237B16F87ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ledgersmb:ledgersmb:1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBCE1BDC-52DF-4555-AB36-3A0AD4DF6EFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ledgersmb:ledgersmb:1.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F92E614-45B3-4744-8CFB-2F4387242B1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ledgersmb:ledgersmb:1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4E199FF-805A-4473-8E15-B712132E0BE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ledgersmb:ledgersmb:1.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEF4DD67-2815-418E-B6C8-F9ABDA1BA6DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ledgersmb:ledgersmb:1.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "57605020-DF99-4A43-973C-11E86B076360",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ledgersmb:ledgersmb:1.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD7ED5DA-88DB-4E0A-A262-B9F3BC48B4CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ledgersmb:ledgersmb:1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D335759B-9C72-4461-976A-35C9A89216A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ledgersmb:ledgersmb:1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E62585F-86AB-4CBF-B79D-14EC51DDDBAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ledgersmb:ledgersmb:1.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B0CBE0F-477A-46BC-AE59-F794861DBDAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ledgersmb:ledgersmb:1.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EC55F2F-AE95-48EF-8A0E-42472755F16F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ledgersmb:ledgersmb:1.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1A5301B-B9AE-442F-9792-574B062D3F4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ledgersmb:ledgersmb:1.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "14C4D433-BE8A-47FF-9FDA-36D532E1AAC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ledgersmb:ledgersmb:1.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B6343E0-EFE0-4B66-9B38-AC42DB32926B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple SQL injection vulnerabilities in (a) LedgerSMB 1.0.0 through 1.2.7 and (b) DWS Systems SQL-Ledger 2.x allow remote attackers to execute arbitrary SQL commands via (1) the invoice quantity field or (2) the sort field."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en (a) LedgerSMB 1.0.0 hasta la 1.2.7 y (b) DWS Systems SQL-Ledger 2.x permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de (1) el campo invoice quantity o (2) el campo sort."
    }
  ],
  "id": "CVE-2007-5372",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-10-11T10:17:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/37865"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/37866"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/27159"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/27171"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/3209"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ledgersmb.org/node/54"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/481866/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/25979"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/3453"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37032"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37033"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/37865"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/37866"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/27159"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/27171"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/3209"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ledgersmb.org/node/54"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/481866/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/25979"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/3453"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37032"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37033"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2006-5872

Vulnerability from fkie_nvd - Published: 2006-12-18 00:28 - Updated: 2025-04-09 00:30
Severity ?
Summary
login.pl in SQL-Ledger before 2.6.21 and LedgerSMB before 1.1.5 allows remote attackers to execute arbitrary Perl code via the "-e" flag in the script parameter, which is used as an argument to the perl program.
References
cve@mitre.orghttp://secunia.com/advisories/23375Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/23419Vendor Advisory
cve@mitre.orghttp://securitytracker.com/id?1017391
cve@mitre.orghttp://www.debian.org/security/2006/dsa-1239Patch, Vendor Advisory
cve@mitre.orghttp://www.securityfocus.com/archive/1/458300/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/21634
cve@mitre.orghttp://www.vupen.com/english/advisories/2006/5043Vendor Advisory
cve@mitre.orghttp://www.vupen.com/english/advisories/2007/0407Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/23375Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/23419Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://securitytracker.com/id?1017391
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2006/dsa-1239Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/458300/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/21634
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/5043Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/0407Vendor Advisory
Impacted products
Vendor Product Version
dws_systems_inc. sql-ledger 2.6.27
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "B434E7A6-1924-45B9-ADE2-F237B16F87ED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "login.pl in SQL-Ledger before 2.6.21 and LedgerSMB before 1.1.5 allows remote attackers to execute arbitrary Perl code via the \"-e\" flag in the script parameter, which is used as an argument to the perl program."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad no especificada en login.pl en Ledger anterior a 2.6.21 permite a un atacante remoto ejecutar c\u00f3digo Perl de su elecci\u00f3n a trav\u00e9s de manipulaciones desconocidas de una secuencia de comandos variable."
    }
  ],
  "id": "CVE-2006-5872",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-12-18T00:28:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/23375"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/23419"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1017391"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.debian.org/security/2006/dsa-1239"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/458300/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/21634"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/5043"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/0407"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/23375"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/23419"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1017391"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.debian.org/security/2006/dsa-1239"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/458300/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/21634"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2006/5043"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2007/0407"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2006-4798

Vulnerability from fkie_nvd - Published: 2006-09-14 21:07 - Updated: 2025-04-03 01:03
Severity ?
Summary
SQL-Ledger before 2.4.4 stores a password in a query string, which might allow context-dependent attackers to obtain the password via a Referer field or browser history.
References
cve@mitre.orghttp://securityreason.com/securityalert/1579
cve@mitre.orghttp://www.securityfocus.com/archive/1/445512Exploit, Patch
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/28671
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/1579
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/445512Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/28671
Impacted products
Vendor Product Version
dws_systems_inc. sql-ledger *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D32BBDC3-E248-482D-95A4-877B0255647F",
              "versionEndIncluding": "2.4.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SQL-Ledger before 2.4.4 stores a password in a query string, which might allow context-dependent attackers to obtain the password via a Referer field or browser history."
    },
    {
      "lang": "es",
      "value": "SQL-Ledger anterior a 2.4.4 almacena una contrase\u00f1a en una cadena de petici\u00f3n, lo que puede permitir a atacantes (locales o remotos dependiendo del contexto) obtener la contrase\u00f1a a trav\u00e9s de un campo Remitente (Referer) o el historial del navegador."
    }
  ],
  "id": "CVE-2006-4798",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-09-14T21:07:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/1579"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.securityfocus.com/archive/1/445512"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28671"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/1579"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.securityfocus.com/archive/1/445512"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28671"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2006-4731

Vulnerability from fkie_nvd - Published: 2006-09-13 00:07 - Updated: 2025-04-03 01:03
Severity ?
Summary
Multiple directory traversal vulnerabilities in (1) login.pl and (2) admin.pl in (a) SQL-Ledger before 2.6.19 and (b) LedgerSMB before 1.0.0p1 allow remote attackers to execute arbitrary Perl code via an unspecified terminal parameter value containing ../ (dot dot slash).
References
cve@mitre.orghttp://secunia.com/advisories/21824Patch, Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/21886Patch, Vendor Advisory
cve@mitre.orghttp://securityreason.com/securityalert/1553
cve@mitre.orghttp://sourceforge.net/project/shownotes.php?group_id=175965&release_id=446778Patch
cve@mitre.orghttp://svn.sourceforge.net/viewvc/ledger-smb/trunk/login.pl?r1=53&r2=69
cve@mitre.orghttp://www.securityfocus.com/archive/1/445817/100/0/threaded
cve@mitre.orghttp://www.securityfocus.com/bid/19960
cve@mitre.orghttp://www.sql-ledger.org/cgi-bin/nav.pl?page=news.html&title=What%27s%20New
cve@mitre.orghttp://www.vupen.com/english/advisories/2006/3554
cve@mitre.orghttp://www.vupen.com/english/advisories/2006/3555
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/28885
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/21824Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/21886Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://securityreason.com/securityalert/1553
af854a3a-2127-422b-91ae-364da2661108http://sourceforge.net/project/shownotes.php?group_id=175965&release_id=446778Patch
af854a3a-2127-422b-91ae-364da2661108http://svn.sourceforge.net/viewvc/ledger-smb/trunk/login.pl?r1=53&r2=69
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/archive/1/445817/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/19960
af854a3a-2127-422b-91ae-364da2661108http://www.sql-ledger.org/cgi-bin/nav.pl?page=news.html&title=What%27s%20New
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/3554
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2006/3555
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/28885
Impacted products
Vendor Product Version
dws_systems_inc. sql-ledger 2.2.0
dws_systems_inc. sql-ledger 2.2.1
dws_systems_inc. sql-ledger 2.2.2
dws_systems_inc. sql-ledger 2.2.3
dws_systems_inc. sql-ledger 2.2.4
dws_systems_inc. sql-ledger 2.2.5
dws_systems_inc. sql-ledger 2.2.6
dws_systems_inc. sql-ledger 2.2.7
dws_systems_inc. sql-ledger 2.4.0
dws_systems_inc. sql-ledger 2.4.1
dws_systems_inc. sql-ledger 2.4.2
dws_systems_inc. sql-ledger 2.4.3
dws_systems_inc. sql-ledger 2.4.4
dws_systems_inc. sql-ledger 2.4.5
dws_systems_inc. sql-ledger 2.4.6
dws_systems_inc. sql-ledger 2.4.7
dws_systems_inc. sql-ledger 2.4.8
dws_systems_inc. sql-ledger 2.4.9
dws_systems_inc. sql-ledger 2.4.10
dws_systems_inc. sql-ledger 2.4.11
dws_systems_inc. sql-ledger 2.4.12
dws_systems_inc. sql-ledger 2.4.13
dws_systems_inc. sql-ledger 2.4.14
dws_systems_inc. sql-ledger 2.4.15
dws_systems_inc. sql-ledger 2.4.16
dws_systems_inc. sql-ledger 2.6.1
dws_systems_inc. sql-ledger 2.6.2
dws_systems_inc. sql-ledger 2.6.3
dws_systems_inc. sql-ledger 2.6.4
dws_systems_inc. sql-ledger 2.6.5
dws_systems_inc. sql-ledger 2.6.6
dws_systems_inc. sql-ledger 2.6.7
dws_systems_inc. sql-ledger 2.6.8
dws_systems_inc. sql-ledger 2.6.9
dws_systems_inc. sql-ledger 2.6.10
dws_systems_inc. sql-ledger 2.6.11
dws_systems_inc. sql-ledger 2.6.12
dws_systems_inc. sql-ledger 2.6.13
dws_systems_inc. sql-ledger 2.6.14
dws_systems_inc. sql-ledger 2.6.15
dws_systems_inc. sql-ledger 2.6.16
dws_systems_inc. sql-ledger 2.6.17
dws_systems_inc. sql-ledger 2.6.18
ledgersmb ledgersmb *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BB9C66B-1984-4947-909B-E3F54DF06909",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F0D5853-2982-48B7-B269-481C4144E213",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1353122-B4C2-4153-AD4C-9B6D9CD2B2B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "48CFD8FA-F9E4-48BF-A9BA-9C32153A68BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE9C0C77-B7F3-4532-8A5C-6DCFEB449F59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E83ECB29-1821-4ED3-A9BD-3E4FF4693407",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "54A2DCBE-6D0F-4BE5-8554-31119A33B9AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "038721B9-C41E-4F5B-824E-7C0FB45B5C05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BFD4D31-1454-47DC-BFB5-8BE12F81A055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D208EAF0-B935-4429-A9B6-E5C442DA00C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE9A1223-6E76-44C8-A8DF-80A4721DDB07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "73906EC6-6AED-4E00-B878-E14E145C63C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E3142D8-A208-4663-9DE5-E2C850E545DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D6E6DF4-7B05-4C37-BF82-E912D768750C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A7F2842-997F-4403-8DD0-C5A0D506ADB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE971DD9-81A9-49F3-B332-C29643325DFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "836E17BD-E968-449C-AB48-9226617DAAF1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C821D81-A9F8-4CA2-8930-603191F88DC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCC10542-1473-4A25-A0C0-EAA1E8C724D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "51AC444F-F1F4-44E1-892E-9D195D04B082",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "3735244D-DC20-4713-9117-B838E1743A7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "40C9F399-BDC3-4635-AFD0-B23C8655327E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "858502CB-8AB6-4FD2-AA98-BB6336CCE1D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "06D0A870-71C4-4E67-9377-EE2B67052DF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CF31178-1F21-4F04-8BC5-59CE908673D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "034006A3-F6B7-4E41-86E1-FBA11F78BCA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBC1EF7F-B2EF-459D-A2A1-EFF90B093E28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A763C2E-DBE3-4ECD-9B01-994A8247D60A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F52FC67-7F9C-47E1-831F-EE8BB81ADAA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1911B88B-2C1B-494C-95B8-47C7FFB6248C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B08FB320-0E34-40B6-9BFA-DD21F65F99E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B9DEAD0-E077-4FC9-9BE6-6CD2F2729BF1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F413591-7937-408E-AD77-67F6BF4E204A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "A419EBB7-F076-412A-B6EC-AE6A551F21FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "0359C86B-003A-446C-B880-575300B53C99",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "71E696FB-F432-4022-A868-4151B1DF2517",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "F272D642-B132-480B-A235-6A990FEF47E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "F710BFC3-F5DE-498C-9669-A87F16ADCA2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "05ADA7EF-DC67-4830-97C7-EFF14FD2F327",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D594BCB-7FF8-417D-AC6D-B38881A075E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBC86CC6-C3E2-497D-8E81-9B10C97AA008",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "71C41DD4-4E0C-42A1-9D57-D89BEC35A6A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D54002D-D37E-4730-A8B9-5164F8426E04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ledgersmb:ledgersmb:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DB75703-655A-48FB-AE4A-69BE7E2D9112",
              "versionEndIncluding": "1.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple directory traversal vulnerabilities in (1) login.pl and (2) admin.pl in (a) SQL-Ledger before 2.6.19 and (b) LedgerSMB before 1.0.0p1 allow remote attackers to execute arbitrary Perl code via an unspecified terminal parameter value containing ../ (dot dot slash)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de atravesamiento de directorios en (1) login.pl y (2) admin.pl en (a) SQL-Ledger anterior a 2.6.19 y (b) LedgerSMB anterior a 1.0.0p1 , permite a un atacante remoto ejecutar c\u00f3digo Perl de su elecci\u00f3n a trav\u00e9s de un valor de par\u00e1metro terminal no especificado que contiene ../ (punto punto barra)."
    }
  ],
  "id": "CVE-2006-4731",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-09-13T00:07:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21824"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21886"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/1553"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://sourceforge.net/project/shownotes.php?group_id=175965\u0026release_id=446778"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://svn.sourceforge.net/viewvc/ledger-smb/trunk/login.pl?r1=53\u0026r2=69"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/445817/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/19960"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.sql-ledger.org/cgi-bin/nav.pl?page=news.html\u0026title=What%27s%20New"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/3554"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/3555"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28885"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21824"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/21886"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/1553"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://sourceforge.net/project/shownotes.php?group_id=175965\u0026release_id=446778"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://svn.sourceforge.net/viewvc/ledger-smb/trunk/login.pl?r1=53\u0026r2=69"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/445817/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/19960"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.sql-ledger.org/cgi-bin/nav.pl?page=news.html\u0026title=What%27s%20New"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/3554"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/3555"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28885"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}