Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

  1. Reconshell
  2. Vulnerabilities (CVE)
Filtered by vendor Dws Systems Inc. Subscribe
Filtered by product Sql-ledger
Total 7 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-5872 1 Dws Systems Inc. 1 Sql-ledger 2018-10-17 7.5 HIGH N/A
login.pl in SQL-Ledger before 2.6.21 and LedgerSMB before 1.1.5 allows remote attackers to execute arbitrary Perl code via the "-e" flag in the script parameter, which is used as an argument to the perl program.
CVE-2006-4731 2 Dws Systems Inc., Ledgersmb 2 Sql-ledger, Ledgersmb 2018-10-17 5.0 MEDIUM N/A
Multiple directory traversal vulnerabilities in (1) login.pl and (2) admin.pl in (a) SQL-Ledger before 2.6.19 and (b) LedgerSMB before 1.0.0p1 allow remote attackers to execute arbitrary Perl code via an unspecified terminal parameter value containing ../ (dot dot slash).
CVE-2007-1923 2 Dws Systems Inc., Ledgersmb 2 Sql-ledger, Ledgersmb 2018-10-16 7.5 HIGH N/A
(1) LedgerSMB and (2) DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direct requests.
CVE-2007-5372 2 Dws Systems Inc., Ledgersmb 2 Sql-ledger, Ledgersmb 2018-10-15 10.0 HIGH N/A
Multiple SQL injection vulnerabilities in (a) LedgerSMB 1.0.0 through 1.2.7 and (b) DWS Systems SQL-Ledger 2.x allow remote attackers to execute arbitrary SQL commands via (1) the invoice quantity field or (2) the sort field.
CVE-2008-4077 3 Dws Systems Inc., Ledgersmb, Sql-ledger 3 Sql-ledger, Ledgersmb, Sql-ledger 2018-10-11 7.8 HIGH N/A
The CGI scripts in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allow remote attackers to cause a denial of service (resource exhaustion) via an HTTP POST request with a large Content-Length.
CVE-2008-4078 3 Dws Systems Inc., Ledgersmb, Sql-ledger 3 Sql-ledger, Ledgersmb, Sql-ledger 2018-10-11 6.5 MEDIUM N/A
SQL injection vulnerability in the AR/AP transaction report in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVE-2006-4798 1 Dws Systems Inc. 1 Sql-ledger 2017-07-19 5.0 MEDIUM N/A
SQL-Ledger before 2.4.4 stores a password in a query string, which might allow context-dependent attackers to obtain the password via a Referer field or browser history.