Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:06.04.2007
Source:
SecurityVulns ID:7540
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.
Affected:LEDGERSMB : LedgerSMB 1.1
 LEDGERSMB : LedgerSMB 1.2
 GAZILOGO : Gazi Okul Sitesi 2007
CVE:CVE-2007-1971 (SQL injection vulnerability in fotokategori.asp in Gazi Okul Sitesi 2007 allows remote attackers to execute arbitrary SQL commands via the query string.)
 CVE-2007-1923 ((1) LedgerSMB and (2) DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direct requests.)
 CVE-2006-5589 (Multiple SQL injection vulnerabilities in LedgerSMB (LSMB) 1.1.0 and earlier allow remote attackers to execute arbitrary SQL commands via unspecified vectors in (1) OE.pm, (2) AM.pm, and (3) Form.pm.)
Original documentdocumentr00t-balance_(at)_hotmail.com, Gazi Okul Sitesi 2007(tr)(fotokategori.asp) Remote SQL Injection (06.04.2007)
 documentChris Travers, ACLS ineffective in SQL-Ledger and LedgerSMB (06.04.2007)
 documentChris Travers, LedgerSMB 1.2.0 finally released, fixes CVE-2006-5589 (06.04.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod