Known Vulnerabilities for products from Ledgersmb

Listed below are 17 of the newest known vulnerabilities associated with the vendor "Ledgersmb".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2021-3882 LedgerSMB does not set the 'Secure' attribute on the session authorization cookie when the client uses HTTPS and the LedgerSM... 6.8 - MEDIUM 2021-10-14 2021-10-20
CVE-2021-3731 LedgerSMB does not sufficiently guard against being wrapped by other sites, making it vulnerable to 'clickjacking'. This allo... 4.7 - MEDIUM 2021-08-23 2021-08-27
CVE-2021-3694 LedgerSMB does not sufficiently HTML-encode error messages sent to the browser. By sending a specially crafted URL to an auth... 9.6 - CRITICAL 2021-08-23 2021-08-27
CVE-2021-3693 LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM. By sending a specially crafted URL to an... 9.6 - CRITICAL 2021-08-23 2021-08-27
CVE-2018-9246 The PGObject::Util::DBAdmin module before 0.120.0 for Perl, as used in LedgerSMB through 1.5.x, insufficiently sanitizes or e... 9.8 - CRITICAL 2018-06-08 2018-08-01
CVE-2008-4078 SQL injection vulnerability in the AR/AP transaction report in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 a... 6.5 - MEDIUM 2008-09-15 2018-10-11
CVE-2008-4077 The CGI scripts in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allow remote attackers to cause a... 7.8 - HIGH 2008-09-15 2018-10-11
CVE-2007-5372 Multiple SQL injection vulnerabilities in (a) LedgerSMB 1.0.0 through 1.2.7 and (b) DWS Systems SQL-Ledger 2.x allow remote a... 10 - HIGH 2007-10-11 2018-10-15
CVE-2007-3907 Unspecified vulnerability in login.pl in LedgerSMB 1.2.0 through 1.2.6 allows remote attackers to bypass authentication and p... 10 - HIGH 2007-07-19 2018-10-15
CVE-2007-1923 (1) LedgerSMB and (2) DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, wh... 7.5 - HIGH 2007-04-10 2018-10-16
CVE-2007-1540 Directory traversal vulnerability in am.pl in (1) SQL-Ledger 2.6.27 and earlier, and (2) LedgerSMB before 1.2.0, allows remot... 4.3 - MEDIUM 2007-03-20 2018-10-16
CVE-2007-1437 Unspecified vulnerability in LedgerSMB before 1.1.5 and SQL-Ledger before 2.6.25 allows remote attackers to overwrite files a... 9 - HIGH 2007-03-13 2018-10-16
CVE-2007-1436 Unspecified vulnerability in admin.pl in SQL-Ledger before 2.6.26 and LedgerSMB before 1.1.9 allows remote attackers to bypas... 7.5 - HIGH 2007-03-13 2018-10-16
CVE-2007-1329 Directory traversal vulnerability in SQL-Ledger, and LedgerSMB before 1.1.5, allows remote attackers to read and overwrite ar... 10 - HIGH 2007-03-07 2018-10-16
CVE-2007-0667 The redirect function in Form.pm for (1) LedgerSMB before 1.1.5 and (2) SQL-Ledger allows remote authenticated users to execu... 6.5 - MEDIUM 2007-02-02 2018-10-16
CVE-2006-5589 Multiple SQL injection vulnerabilities in LedgerSMB (LSMB) 1.1.0 and earlier allow remote attackers to execute arbitrary SQL ... 7.5 - HIGH 2006-10-27 2018-10-17
CVE-2006-4731 Multiple directory traversal vulnerabilities in (1) login.pl and (2) admin.pl in (a) SQL-Ledger before 2.6.19 and (b) LedgerS... 5 - MEDIUM 2006-09-13 2018-10-17

Popular searches for "Ledgersmb"

LedgerSMB

LedgerSMB is a free software double entry accounting and Enterprise resource planning system. Accounting data is stored in a SQL database server and a standard web browser can be used as its user interface. The system uses the Perl programming language and a Perl database interface module for processing, and PostgreSQL for data storage. LedgerSMB is a client-server application, with server access through a web browser.

Open Source ERP: accounting, invoicing and more | LedgerSMB

ledgersmb.org

? ;Open Source ERP: accounting, invoicing and more | LedgerSMB The LedgerSMB project aims to prevent small and mid-size businesses from getting locked-in by their accounting software vendor by providing free and open source accounting software, integrating invoicing, order processing, quotations and more ERP . LedgerSMB aims to provide a strong accounting basis to build your business on. Although the nature of open source projects makes it hard to know where our software is being used; however, the project is aware of installations in the US, Canada, EU Netherlands, Hungary, Estonia, United Kingdom , Indonesia, Myanmar, Philippines, Hong Kong, Malaysia, Australia, Barbados and Colombia. This release has a wide variety of improvements and code cleanups: it features faster loading of the menu, fixed migrations from 1.2, the ability to upload a logo into the database and include it in printed documents and much more...

ledgersmb.org/content/open-source-erp-accounting-invoicing-and-more freshmeat.sourceforge.net/urls/e14d3b1c9d22bc662fedbe93c07dbe34 LedgerSMB Invoice Enterprise resource planning Accounting software Accounting Open source Business Software Open-source software Free and open-source software Order processing Software company Application software Database Malaysia European Union Hong Kong Menu (computing) Indonesia Upload

© CVE.report 2021 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report