Information on source package sql-ledger

Available versions

ReleaseVersion
squeeze2.8.30-1
wheezy3.0.3-1
jessie, sid3.0.5-1

Open issues

Open unimportant issues

BugsqueezewheezyjessiesidDescription
CVE-2007-0667vulnerablevulnerablevulnerablevulnerableThe redirect function in Form.pm for (1) LedgerSMB before 1.1.5 and ...
CVE-2007-1329vulnerablevulnerablevulnerablevulnerableDirectory traversal vulnerability in SQL-Ledger, and LedgerSMB before ...
CVE-2007-1923vulnerablevulnerablevulnerablevulnerable(1) LedgerSMB and (2) DWS Systems SQL-Ledger implement access control ...
CVE-2007-5372vulnerablevulnerablevulnerablevulnerableMultiple SQL injection vulnerabilities in (a) LedgerSMB 1.0.0 through ...
CVE-2008-4077vulnerablevulnerablevulnerablevulnerableThe CGI scripts in (1) LedgerSMB (LSMB) before 1.2.15 and (2) ...
CVE-2008-4078vulnerablevulnerablevulnerablevulnerableSQL injection vulnerability in the AR/AP transaction report in (1) ...
CVE-2009-3580vulnerablevulnerablevulnerablevulnerableCross-site request forgery (CSRF) vulnerability in am.pl in SQL-Ledger ...
CVE-2009-3581vulnerablevulnerablevulnerablevulnerableMultiple cross-site scripting (XSS) vulnerabilities in SQL-Ledger ...
CVE-2009-3582vulnerablevulnerablevulnerablevulnerableMultiple SQL injection vulnerabilities in the delete subroutine in ...
CVE-2009-3583vulnerablevulnerablevulnerablevulnerableDirectory traversal vulnerability in the Preferences menu item in ...
CVE-2009-3584vulnerablevulnerablevulnerablevulnerableSQL-Ledger 2.8.24 does not set the secure flag for the session cookie ...
CVE-2009-4402vulnerablevulnerablevulnerablevulnerableThe default configuration of SQL-Ledger 2.8.24 allows remote attackers ...

Resolved issues

BugDescription
CVE-2006-4244SQL-Ledger 2.4.4 through 2.6.17 authenticates users by verifying that ...
CVE-2006-4731Multiple directory traversal vulnerabilities in (1) login.pl and (2) ...
CVE-2006-4798SQL-Ledger before 2.4.4 stores a password in a query string, which ...
CVE-2006-5872login.pl in SQL-Ledger before 2.6.21 and LedgerSMB before 1.1.5 allows ...
CVE-2007-1436Unspecified vulnerability in admin.pl in SQL-Ledger before 2.6.26 and ...
CVE-2007-1437Unspecified vulnerability in LedgerSMB before 1.1.5 and SQL-Ledger ...
CVE-2007-1540Directory traversal vulnerability in am.pl in (1) SQL-Ledger 2.6.27 ...
CVE-2007-1541Directory traversal vulnerability in am.pl in SQL-Ledger 2.6.27 only ...

Security announcements

DSADescription
DSA-1239-1sql-ledger

Search for package or bug name: Reporting problems

Home - Testing Security Team - Debian Security - Source (SVN)