FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-24 21:00:48 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
8e02441d-d39c-11db-a6da-0003476f14d3	sql-ledger -- security bypass vulnerability Chris Travers reports: George Theall of Tenable Security notified the LedgerSMB core team today of an authentication bypass vulnerability allowing full access to the administrator interface of LedgerSMB 1.1 and SQL-Ledger 2.x. The problem is caused by the password checking routine failing to enforce a password check under certain circumstances. The user can then create accounts or effect denial of service attacks. This is not related to any previous CVE. We have coordinated with the SQL-Ledger vendor and today both of us released security patches correcting the problem. SQL-Ledger users who can upgrade to 2.6.26 should do so, and LedgerSMB 1.1 or 1.0 users should upgrade to 1.1.9. Users who cannot upgrade should configure their web servers to use http authentication for the admin.pl script in the main root directory. Discovery 2007-03-09 Entry 2007-03-16 sql-ledger < 2.6.26 ports/110350 http://www.securityfocus.com/archive/1/462375
0679deeb-8eaf-11db-abc9-0003476f14d3	sql-ledger -- multiple vulnerabilities The Debian security Team reports: Several remote vulnerabilities have been discovered in SQL Ledger, a web based double-entry accounting program, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems: Chris Travers discovered that the session management can be tricked into hijacking existing sessions. Chris Travers discovered that directory traversal vulnerabilities can be exploited to execute arbitrary Perl code. It was discovered that missing input sanitising allows execution of arbitrary Perl code. Discovery 2006-12-17 Entry 2006-12-18 sql-ledger < 2.6.22 CVE-2006-4244 CVE-2006-4731 CVE-2006-5872 http://www.us.debian.org/security/2006/dsa-1239

VuXML ID

Description

8e02441d-d39c-11db-a6da-0003476f14d3

sql-ledger -- security bypass vulnerability

Chris Travers reports:

George Theall of Tenable Security notified the LedgerSMB core team today of an authentication bypass vulnerability allowing full access to the administrator interface of LedgerSMB 1.1 and SQL-Ledger 2.x. The problem is caused by the password checking routine failing to enforce a password check under certain circumstances. The user can then create accounts or effect denial of service attacks.

This is not related to any previous CVE.

We have coordinated with the SQL-Ledger vendor and today both of us released security patches correcting the problem. SQL-Ledger users who can upgrade to 2.6.26 should do so, and LedgerSMB 1.1 or 1.0 users should upgrade to 1.1.9. Users who cannot upgrade should configure their web servers to use http authentication for the admin.pl script in the main root directory.

Discovery 2007-03-09
Entry 2007-03-16
sql-ledger

< 2.6.26

ports/110350
http://www.securityfocus.com/archive/1/462375

0679deeb-8eaf-11db-abc9-0003476f14d3

sql-ledger -- multiple vulnerabilities

The Debian security Team reports:

Several remote vulnerabilities have been discovered in SQL Ledger, a web based double-entry accounting program, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems:

Chris Travers discovered that the session management can be tricked into hijacking existing sessions.

Chris Travers discovered that directory traversal vulnerabilities can be exploited to execute arbitrary Perl code.

It was discovered that missing input sanitising allows execution of arbitrary Perl code.

Discovery 2006-12-17
Entry 2006-12-18
sql-ledger

< 2.6.22

CVE-2006-4244
CVE-2006-4731
CVE-2006-5872
http://www.us.debian.org/security/2006/dsa-1239