MidnightBSD

Advisories for dws_systems_inc.

CVE-2006-4731 MEDIUM

Multiple directory traversal vulnerabilities in (1) login.pl and (2) admin.pl in (a) SQL-Ledger before 2.6.19 and (b) LedgerSMB before 1.0.0p1 allow remote attackers to execute arbitrary Perl code via an unspecified terminal parameter value containing ../ (dot dot slash).

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
dws_systems_inc. sql-ledger 2.2.7
dws_systems_inc. sql-ledger 2.4.6
ledgersmb ledgersmb *
dws_systems_inc. sql-ledger 2.6.6
dws_systems_inc. sql-ledger 2.4.16
dws_systems_inc. sql-ledger 2.6.7
dws_systems_inc. sql-ledger 2.2.1
dws_systems_inc. sql-ledger 2.6.5
dws_systems_inc. sql-ledger 2.6.11
dws_systems_inc. sql-ledger 2.4.14
dws_systems_inc. sql-ledger 2.6.8
dws_systems_inc. sql-ledger 2.2.3
dws_systems_inc. sql-ledger 2.4.4
dws_systems_inc. sql-ledger 2.4.15
dws_systems_inc. sql-ledger 2.6.17
dws_systems_inc. sql-ledger 2.2.6
dws_systems_inc. sql-ledger 2.4.10
dws_systems_inc. sql-ledger 2.6.12
dws_systems_inc. sql-ledger 2.4.0
dws_systems_inc. sql-ledger 2.4.2
dws_systems_inc. sql-ledger 2.6.1
dws_systems_inc. sql-ledger 2.6.9
dws_systems_inc. sql-ledger 2.6.10
dws_systems_inc. sql-ledger 2.2.0
dws_systems_inc. sql-ledger 2.6.15
dws_systems_inc. sql-ledger 2.4.9
dws_systems_inc. sql-ledger 2.4.13
dws_systems_inc. sql-ledger 2.2.4
dws_systems_inc. sql-ledger 2.6.4
dws_systems_inc. sql-ledger 2.4.12
dws_systems_inc. sql-ledger 2.6.2
dws_systems_inc. sql-ledger 2.4.11
dws_systems_inc. sql-ledger 2.4.1
dws_systems_inc. sql-ledger 2.6.14
dws_systems_inc. sql-ledger 2.6.16
dws_systems_inc. sql-ledger 2.6.3
dws_systems_inc. sql-ledger 2.4.8
dws_systems_inc. sql-ledger 2.4.3
dws_systems_inc. sql-ledger 2.2.5
dws_systems_inc. sql-ledger 2.6.13
dws_systems_inc. sql-ledger 2.4.5
dws_systems_inc. sql-ledger 2.2.2
dws_systems_inc. sql-ledger 2.6.18
dws_systems_inc. sql-ledger 2.4.7