Computer Security
[EN] no-pyccku

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
SecurityVulns ID:7540
Threat Level:
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:LEDGERSMB : LedgerSMB 1.1
 LEDGERSMB : LedgerSMB 1.2
 GAZILOGO : Gazi Okul Sitesi 2007
CVE:CVE-2007-1971 (SQL injection vulnerability in fotokategori.asp in Gazi Okul Sitesi 2007 allows remote attackers to execute arbitrary SQL commands via the query string.)
 CVE-2007-1923 ((1) LedgerSMB and (2) DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direct requests.)
 CVE-2006-5589 (Multiple SQL injection vulnerabilities in LedgerSMB (LSMB) 1.1.0 and earlier allow remote attackers to execute arbitrary SQL commands via unspecified vectors in (1), (2), and (3)
Original documentdocumentr00t-balance_(at), Gazi Okul Sitesi 2007(tr)(fotokategori.asp) Remote SQL Injection (06.04.2007)
 documentChris Travers, ACLS ineffective in SQL-Ledger and LedgerSMB (06.04.2007)
 documentChris Travers, LedgerSMB 1.2.0 finally released, fixes CVE-2006-5589 (06.04.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod