Vulnerabilities > CVE-2007-3907 - Unspecified vulnerability in Ledgersmb
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Unspecified vulnerability in login.pl in LedgerSMB 1.2.0 through 1.2.6 allows remote attackers to bypass authentication and perform certain actions as an arbitrary user via unspecified vectors involving a URL with a redirect parameter value, along with a callback parameter containing an escaped URL that specifies the action.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 7 |
References
- http://secunia.com/advisories/26121
- http://secunia.com/advisories/26121
- http://sourceforge.net/project/shownotes.php?release_id=523576&group_id=175965
- http://sourceforge.net/project/shownotes.php?release_id=523576&group_id=175965
- http://www.ledgersmb.org/node/52
- http://www.ledgersmb.org/node/52
- http://www.securityfocus.com/archive/1/473987/100/0/threaded
- http://www.securityfocus.com/archive/1/473987/100/0/threaded
- http://www.securityfocus.com/archive/1/473993/100/0/threaded
- http://www.securityfocus.com/archive/1/473993/100/0/threaded
- http://www.securityfocus.com/bid/24940
- http://www.securityfocus.com/bid/24940
- http://www.vupen.com/english/advisories/2007/2576
- http://www.vupen.com/english/advisories/2007/2576
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35507
- https://exchange.xforce.ibmcloud.com/vulnerabilities/35507