Vulnerabilities > CVE-2007-1329

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

sql-ledger

ledgersmb

NVD

Published: 2007-03-07

Updated: 2024-11-21

Summary

Directory traversal vulnerability in SQL-Ledger, and LedgerSMB before 1.1.5, allows remote attackers to read and overwrite arbitrary files, and execute arbitrary code, via . (dot) characters adjacent to (1) users and (2) users/members strings, which are removed by blacklisting functions that filter these strings and collapse into .. (dot dot) sequences.

Vulnerable Configurations

Part	Description	Count
Application	Sql-Ledger SQL Ledger SQL Ledger 2.6.25	1
Application	Ledgersmb Ledgersmb Ledgersmb 1.0.0 Ledgersmb Ledgersmb 1.1 Ledgersmb Ledgersmb 1.1.1	3

References

http://osvdb.org/33619
http://osvdb.org/33619
http://osvdb.org/33621
http://osvdb.org/33621
http://secunia.com/advisories/24363
http://secunia.com/advisories/24363
http://secunia.com/advisories/24366
http://secunia.com/advisories/24366
http://securityreason.com/securityalert/2381
http://securityreason.com/securityalert/2381
http://securitytracker.com/id?1017715
http://securitytracker.com/id?1017715
http://www.securityfocus.com/archive/1/461630/100/0/threaded
http://www.securityfocus.com/archive/1/461630/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/32776
https://exchange.xforce.ibmcloud.com/vulnerabilities/32776

Vulnerabilities > CVE-2007-1329 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2007-1329"}]}

Summary

Vulnerable Configurations

References

Vulnerabilities > CVE-2007-1329