Vulnerabilities > DWS Systems INC

DATE	CVE	VULNERABILITY TITLE	RISK
2007-10-11	CVE-2007-5372	SQL Injection vulnerability in multiple products Multiple SQL injection vulnerabilities in (a) LedgerSMB 1.0.0 through 1.2.7 and (b) DWS Systems SQL-Ledger 2.x allow remote attackers to execute arbitrary SQL commands via (1) the invoice quantity field or (2) the sort field. network low complexity dws-systems-inc ledgersmb CWE-89 critical	10.0
2006-12-18	CVE-2006-5872	Improper Input Validation vulnerability in DWS Systems Inc. Sql-Ledger 2.6.27 login.pl in SQL-Ledger before 2.6.21 and LedgerSMB before 1.1.5 allows remote attackers to execute arbitrary Perl code via the "-e" flag in the script parameter, which is used as an argument to the perl program. network low complexity dws-systems-inc CWE-20	7.5
2006-09-14	CVE-2006-4798	Remote Security vulnerability in Sql-Ledger SQL-Ledger before 2.4.4 stores a password in a query string, which might allow context-dependent attackers to obtain the password via a Referer field or browser history. network low complexity dws-systems-inc	5.0

Vulnerabilities > DWS Systems INC {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"DWS Systems INC"}]}