LedgerSMB versions prior to 1.3.36 suffer from an improper logout vulnerability that can allow for replay attacks.
aebd76ca1473ca0c35d7b7dbc17da3b164760cd470cacb9812093262becbfd72
A security oversight has been discovered in LedgerSMB 1.3 which could allow a malicious user to cause a denial of service against LedgerSMB or otherwise affect the way in which certain forms of data would get entered.
4cd2f77e1b66b8024507a17ff8fd9246978a15c4237dcc46026b9a96ef1a1227
SQL-Ledger versions 2.8.33 and below and LedgerSMB versions 1.2.24 and below suffer from a remote SQL injection vulnerability.
74ae2dd9a5dbeecf672c223648b93cc3b3ea5aeb23766d4edca33c4cbbb332c1
The LedgerSMB development team has found an SQL injection issue in LedgerSMB version 1.2.24. Because this issue stems from their common SQL-Ledger heritage, it affects all versions of LedgerSMB and has been confirmed in SQL-Ledger version 2.8.33.
d46a40d761ab4f653c338833304f4974937256b45896dba52e8970d226b6ce1c
SQL-Ledger has been patched to address cross site request forgery, local file inclusion, no secure flag on cookie, default administrator password and remote SQL injection vulnerabilities.
285bfdfd6459c517b7d7fdad4e66f894515d9a97b2c09fb44c8c4036cdd19c20
LedgerSMB versions 1.0.0 through 1.2.7 and SQL-Ledger version 2.x are susceptible to SQL injection vulnerabilities.
eda42bf7f295bb93c14358c74c7fcb4333fb8f63d7b699a043b52c7b3368a891
LedgerSMB versions 1.2.0 through 1.2.6 suffer from an authentication bypass.
095c2dbf209d876105110d06020263404fc91e57fbd9e2597f5c50ee7e4d301b
LedgerSMB versions below 1.1.10 and SQL-Ledger versions below 2.6.27 suffer from arbitrary code execution flaws. SQL-Ledger also suffers from an authentication bypass vulnerability. Details provided.
b02d142d543c4e1b63e89850d09320c110d56c8a7b6b58ce6ea7b5cc79a90ff8
Another security issue has been found in LedgerSMB versions 1.1.5 and below and all versions of SQL-Ledger which allows an attacker to engage in directory transversal, retrieval of sensitive information, user account fabrication, or even arbitrary code execution.
92c29f7115d1ad3119189f3c9d9a8812b23ba13320ea31a997a5207f3c9403f2
SQL-Ledger uses a fundamentally flawed approach to session authentication. All versions of SQL-Ledger from 2.4.4 to the present (2.6.17 as of this writing) are vulnerable.
37e1d7c4d55623267b9bade8f69db530dbaa4628327b91a0dec29a95800e68df
FWReport 1.0.0 is a log parser and reporter for IPTables. It generates daily and monthly summaries of the log files, allowing admins to free up substantial time, maintain better control over security of the network, and reduce the likelihood that attacks will go unnoticed.
4733e349da3d5359a1ead6e850b3715845498392bf612582792c369c45bcd4cd