Vulnerabilities > SQL Ledger
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-12-23 | CVE-2009-4402 | Configuration vulnerability in Sql-Ledger 2.8.24 The default configuration of SQL-Ledger 2.8.24 allows remote attackers to perform unspecified administrative operations by providing an arbitrary password to the admin interface. | 7.5 |
| 2009-12-23 | CVE-2009-3584 | Configuration vulnerability in Sql-Ledger 2.8.24 SQL-Ledger 2.8.24 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | 5.0 |
| 2009-12-23 | CVE-2009-3583 | Path Traversal vulnerability in Sql-Ledger 2.8.24 Directory traversal vulnerability in the Preferences menu item in SQL-Ledger 2.8.24 allows remote attackers to include and execute arbitrary local files via a .. | 5.1 |
| 2009-12-23 | CVE-2009-3582 | SQL Injection vulnerability in Sql-Ledger 2.8.24 Multiple SQL injection vulnerabilities in the delete subroutine in SQL-Ledger 2.8.24 allow remote authenticated users to execute arbitrary SQL commands via the (1) id and possibly (2) db parameters in a Delete action to the output of a Vendors>Reports>Search search operation. | 6.5 |
| 2009-12-23 | CVE-2009-3581 | Cross-Site Scripting vulnerability in Sql-Ledger 2.8.24 Multiple cross-site scripting (XSS) vulnerabilities in SQL-Ledger 2.8.24 allow remote authenticated users to inject arbitrary web script or HTML via (1) the DCN Description field in the Accounts Receivables menu item for Add Transaction, (2) the Description field in the Accounts Payable menu item for Add Transaction, or the name field in (3) the Customers menu item for Add Customer or (4) the Vendor menu item for Add Vendor. | 3.5 |
| 2009-12-23 | CVE-2009-3580 | Cross-Site Request Forgery (CSRF) vulnerability in Sql-Ledger 2.8.24 Cross-site request forgery (CSRF) vulnerability in am.pl in SQL-Ledger 2.8.24 allows remote attackers to hijack the authentication of arbitrary users for requests that change a password via the login, new_password, and confirm_password parameters in a preferences action. | 6.8 |
| 2007-03-13 | CVE-2007-1437 | Remote Security vulnerability in LedgerSMB Unspecified vulnerability in LedgerSMB before 1.1.5 and SQL-Ledger before 2.6.25 allows remote attackers to overwrite files and possibly bypass authentication, and remote authenticated users to execute unauthorized code, by calling a custom error function that returns from execution. | 9.0 |
| 2007-03-13 | CVE-2007-1436 | Password Check vulnerability in LedgerSMB Unspecified vulnerability in admin.pl in SQL-Ledger before 2.6.26 and LedgerSMB before 1.1.9 allows remote attackers to bypass authentication via unknown vectors that prevents a password check from occurring. | 7.5 |
| 2007-03-07 | CVE-2007-1329 | Directory Traversal vulnerability in LedgerSMB Directory traversal vulnerability in SQL-Ledger, and LedgerSMB before 1.1.5, allows remote attackers to read and overwrite arbitrary files, and execute arbitrary code, via . | 10.0 |
| 2007-02-02 | CVE-2007-0667 | The redirect function in Form.pm for (1) LedgerSMB before 1.1.5 and (2) SQL-Ledger allows remote authenticated users to execute arbitrary code via redirects, related to callbacks, a different issue than CVE-2006-5872. | 6.5 |