what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 11 of 11 RSS Feed

Files from Chris Travers

Email addresschris.travers at gmail.com
First Active2003-02-02
Last Active2014-02-03
LedgerSMB Improper Logout
Posted Feb 3, 2014
Authored by Chris Travers

LedgerSMB versions prior to 1.3.36 suffer from an improper logout vulnerability that can allow for replay attacks.

tags | exploit
SHA-256 | aebd76ca1473ca0c35d7b7dbc17da3b164760cd470cacb9812093262becbfd72
LedgerSMB 1.3 Denial Of Service
Posted Jul 31, 2012
Authored by Chris Travers

A security oversight has been discovered in LedgerSMB 1.3 which could allow a malicious user to cause a denial of service against LedgerSMB or otherwise affect the way in which certain forms of data would get entered.

tags | advisory, denial of service
SHA-256 | 4cd2f77e1b66b8024507a17ff8fd9246978a15c4237dcc46026b9a96ef1a1227
SQL-Ledger 2.8.33 / LedgerSMB 1.2.24 SQL Injection
Posted Aug 31, 2011
Authored by Chris Travers

SQL-Ledger versions 2.8.33 and below and LedgerSMB versions 1.2.24 and below suffer from a remote SQL injection vulnerability.

tags | advisory, remote, sql injection
SHA-256 | 74ae2dd9a5dbeecf672c223648b93cc3b3ea5aeb23766d4edca33c4cbbb332c1
LedgerSMB 1.2.24 SQL Injection
Posted Aug 25, 2011
Authored by Chris Travers

The LedgerSMB development team has found an SQL injection issue in LedgerSMB version 1.2.24. Because this issue stems from their common SQL-Ledger heritage, it affects all versions of LedgerSMB and has been confirmed in SQL-Ledger version 2.8.33.

tags | advisory, sql injection
SHA-256 | d46a40d761ab4f653c338833304f4974937256b45896dba52e8970d226b6ce1c
SQL-Ledger Cross Site Request Forgery / Local File Inclusion / SQL Injection
Posted Jan 26, 2010
Authored by Chris Travers

SQL-Ledger has been patched to address cross site request forgery, local file inclusion, no secure flag on cookie, default administrator password and remote SQL injection vulnerabilities.

tags | advisory, remote, local, vulnerability, sql injection, file inclusion, csrf
advisories | CVE-2009-3580, CVE-2009-3582, CVE-2009-3583, CVE-2009-4402, CVE-2009-3584
SHA-256 | 285bfdfd6459c517b7d7fdad4e66f894515d9a97b2c09fb44c8c4036cdd19c20
ledgersmb-sql.txt
Posted Oct 10, 2007
Authored by Chris Travers

LedgerSMB versions 1.0.0 through 1.2.7 and SQL-Ledger version 2.x are susceptible to SQL injection vulnerabilities.

tags | advisory, vulnerability, sql injection
SHA-256 | eda42bf7f295bb93c14358c74c7fcb4333fb8f63d7b699a043b52c7b3368a891
ledgersmb-bypass.txt
Posted Jul 19, 2007
Authored by Chris Travers

LedgerSMB versions 1.2.0 through 1.2.6 suffer from an authentication bypass.

tags | advisory, bypass
SHA-256 | 095c2dbf209d876105110d06020263404fc91e57fbd9e2597f5c50ee7e4d301b
overtheledger.txt
Posted Mar 20, 2007
Authored by Chris Travers

LedgerSMB versions below 1.1.10 and SQL-Ledger versions below 2.6.27 suffer from arbitrary code execution flaws. SQL-Ledger also suffers from an authentication bypass vulnerability. Details provided.

tags | exploit, arbitrary, code execution, bypass
SHA-256 | b02d142d543c4e1b63e89850d09320c110d56c8a7b6b58ce6ea7b5cc79a90ff8
ledger-multi.txt
Posted Mar 6, 2007
Authored by Chris Travers

Another security issue has been found in LedgerSMB versions 1.1.5 and below and all versions of SQL-Ledger which allows an attacker to engage in directory transversal, retrieval of sensitive information, user account fabrication, or even arbitrary code execution.

tags | advisory, arbitrary, code execution
SHA-256 | 92c29f7115d1ad3119189f3c9d9a8812b23ba13320ea31a997a5207f3c9403f2
sqlledger.txt
Posted Sep 8, 2006
Authored by Chris Travers

SQL-Ledger uses a fundamentally flawed approach to session authentication. All versions of SQL-Ledger from 2.4.4 to the present (2.6.17 as of this writing) are vulnerable.

tags | exploit
SHA-256 | 37e1d7c4d55623267b9bade8f69db530dbaa4628327b91a0dec29a95800e68df
fwreport-1.0.1.tar
Posted Feb 2, 2003
Authored by Chris Travers | Site sourceforge.net

FWReport 1.0.0 is a log parser and reporter for IPTables. It generates daily and monthly summaries of the log files, allowing admins to free up substantial time, maintain better control over security of the network, and reduce the likelihood that attacks will go unnoticed.

systems | unix
SHA-256 | 4733e349da3d5359a1ead6e850b3715845498392bf612582792c369c45bcd4cd
Page 1 of 1
Back1Next

File Archive:

June 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    19 Files
  • 2
    Jun 2nd
    16 Files
  • 3
    Jun 3rd
    28 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    19 Files
  • 7
    Jun 7th
    23 Files
  • 8
    Jun 8th
    11 Files
  • 9
    Jun 9th
    10 Files
  • 10
    Jun 10th
    4 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    27 Files
  • 20
    Jun 20th
    65 Files
  • 21
    Jun 21st
    10 Files
  • 22
    Jun 22nd
    8 Files
  • 23
    Jun 23rd
    6 Files
  • 24
    Jun 24th
    6 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    15 Files
  • 28
    Jun 28th
    14 Files
  • 29
    Jun 29th
    11 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close