Information on source package sql-ledger

Available versions

ReleaseVersion
squeeze2.8.30-1
wheezy3.0.3-1
jessie3.0.6-2
stretch3.0.8-1
sid3.0.8-1

Open unimportant issues

BugsqueezewheezyjessiestretchsidDescription
CVE-2009-4402vulnerablevulnerablevulnerablevulnerablevulnerableThe default configuration of SQL-Ledger 2.8.24 allows remote attackers ...
CVE-2009-3584vulnerablevulnerablevulnerablevulnerablevulnerableSQL-Ledger 2.8.24 does not set the secure flag for the session cookie ...
CVE-2009-3583vulnerablevulnerablevulnerablevulnerablevulnerableDirectory traversal vulnerability in the Preferences menu item in ...
CVE-2009-3582vulnerablevulnerablevulnerablevulnerablevulnerableMultiple SQL injection vulnerabilities in the delete subroutine in ...
CVE-2009-3581vulnerablevulnerablevulnerablevulnerablevulnerableMultiple cross-site scripting (XSS) vulnerabilities in SQL-Ledger ...
CVE-2009-3580vulnerablevulnerablevulnerablevulnerablevulnerableCross-site request forgery (CSRF) vulnerability in am.pl in SQL-Ledger ...
CVE-2008-4078vulnerablevulnerablevulnerablevulnerablevulnerableSQL injection vulnerability in the AR/AP transaction report in (1) ...
CVE-2008-4077vulnerablevulnerablevulnerablevulnerablevulnerableThe CGI scripts in (1) LedgerSMB (LSMB) before 1.2.15 and (2) ...
CVE-2007-5372vulnerablevulnerablevulnerablevulnerablevulnerableMultiple SQL injection vulnerabilities in (a) LedgerSMB 1.0.0 through ...
CVE-2007-1923vulnerablevulnerablevulnerablevulnerablevulnerable(1) LedgerSMB and (2) DWS Systems SQL-Ledger implement access control ...
CVE-2007-1329vulnerablevulnerablevulnerablevulnerablevulnerableDirectory traversal vulnerability in SQL-Ledger, and LedgerSMB before ...
CVE-2007-0667vulnerablevulnerablevulnerablevulnerablevulnerableThe redirect function in Form.pm for (1) LedgerSMB before 1.1.5 and ...

Resolved issues

BugDescription
CVE-2007-1541Directory traversal vulnerability in am.pl in SQL-Ledger 2.6.27 only ...
CVE-2007-1540Directory traversal vulnerability in am.pl in (1) SQL-Ledger 2.6.27 ...
CVE-2007-1437Unspecified vulnerability in LedgerSMB before 1.1.5 and SQL-Ledger ...
CVE-2007-1436Unspecified vulnerability in admin.pl in SQL-Ledger before 2.6.26 and ...
CVE-2006-5872login.pl in SQL-Ledger before 2.6.21 and LedgerSMB before 1.1.5 allows ...
CVE-2006-4798SQL-Ledger before 2.4.4 stores a password in a query string, which ...
CVE-2006-4731Multiple directory traversal vulnerabilities in (1) login.pl and (2) ...
CVE-2006-4244SQL-Ledger 2.4.4 through 2.6.17 authenticates users by verifying that ...

Security announcements

DSA / DLADescription
DSA-1239-1sql-ledger

Search for package or bug name: Reporting problems