Lucene search
SecurityvulnsSECURITYVULNS:DOC:15912HistoryJan 30, 2007 - 12:00 a.m.
Arbitrary Code Execution in SQL-Ledger and LedgerSMB through redirects
2007-01-3000:00:00
vulners.com
27
Separate from CVE-2006-5872, there is a possibility of causing arbitrary
code execution during redirects. This requires a valid login to exploit
and was discovered and brought to the attention of both the SQL-Ledger
and LedgerSMB team in November. LedgerSMB 1.1.5 corred the problem, but
it is still not corrected in SQL-Ledger.
There is no workaround to prevent the problem except to hope that those
who are using vulnerable software can be trusted.
I will be sending a full disclosure of the problem, as well as an
unofficial patch to SQL-Ledger in a week.
Best Wishes,
Chris Travers
Metatron Technology Consulting
Related
nessus
nessus
FreeBSD : sql-ledger -- multiple vulnerabilities (0679deeb-8eaf-11db-abc9-0003476f14d3)
2006-12-30 00:00:00
Debian DSA-1239-1 : sql-ledger - several vulnerabilities
2006-12-18 00:00:00
debiancve
debiancve
CVE-2006-5872
2006-12-18 00:28:00
CVE-2007-0667
2007-02-02 21:28:00
securityvulns
securityvulns
cve
cve
CVE-2006-5872
2006-12-18 00:28:00
CVE-2007-0667
2007-02-02 21:28:00
prion
prion
Design/Logic Flaw
2007-02-02 21:28:00
ubuntucve
ubuntucve
CVE-2007-0667
2007-02-02 00:00:00
osv
osv
sql-ledger
2006-12-17 00:00:00
openvas
openvas
Debian Security Advisory DSA 1239-1 (sql-ledger)
2008-01-17 00:00:00
FreeBSD Ports: sql-ledger
2008-09-04 00:00:00
Debian: Security Advisory (DSA-1239-1)
2008-01-17 00:00:00
freebsd
freebsd
sql-ledger -- multiple vulnerabilities
2006-12-17 00:00:00
debian
debian
[SECURITY] [DSA 1239-1] New sql-ledger packages fix arbitrary code execution
2006-12-17 15:21:18
Related for SECURITYVULNS:DOC:15912