Proof-of-concept exploit for the Ledger Nano S that hides the non-genuine user interface confirmation. Intentionally unreliable to avoid weaponization. It should be trivial to adapt to the Ledger Blue.
6cfcc12e16811027480ebacc4a36f5fcc88bbc466900a68ce5c618f75206bf74
Ubuntu Security Notice 5097-1 - It was discovered that LedgerSMB incorrectly handled certain inputs. An attacker could use this to leak sensitive information, cause a DoS, or execute arbitrary code.
984bebbc6bedc09a3c18d8fba143a8afaaa1de6d468b180259e8a08b5cd6f8f7
Debian Linux Security Advisory 4962-1 - The update for ledgersmb released as DSA 4862-1 introduced a regression in the display of some search results. Updated ledgersmb packages are now available to correct this issue.
4f9d4bf6b0e20a288cb975a798832a4dc31c818f95dace609059a514d2777a32
Gentoo Linux Security Advisory 202004-5 - Multiple vulnerabilities have been found in ledger, the worst of which could result in the arbitrary execution of code. Versions less than 3.1.2 are affected.
92a7a64a66bbe3d36df9adb6bcb9292019eeb3ecf20074f31f1d4a3d1e906355
LedgerSMB versions prior to 1.3.36 suffer from an improper logout vulnerability that can allow for replay attacks.
aebd76ca1473ca0c35d7b7dbc17da3b164760cd470cacb9812093262becbfd72
Secunia Security Advisory - A vulnerability has been reported in LedgerSMB, which can be exploited by malicious users to bypass certain security restrictions.
fd192c27c1a662c3c39472fc60c7ce046c6de1f5d8d69b9e0bf62ba894f90934
A security oversight has been discovered in LedgerSMB 1.3 which could allow a malicious user to cause a denial of service against LedgerSMB or otherwise affect the way in which certain forms of data would get entered.
4cd2f77e1b66b8024507a17ff8fd9246978a15c4237dcc46026b9a96ef1a1227
SQL-Ledger versions 2.8.33 and below and LedgerSMB versions 1.2.24 and below suffer from a remote SQL injection vulnerability.
74ae2dd9a5dbeecf672c223648b93cc3b3ea5aeb23766d4edca33c4cbbb332c1
Secunia Security Advisory - A vulnerability has been reported in SQL-Ledger, which can be exploited by malicious users to conduct SQL injection attacks.
50c22ea6d08f57de3b5a5ba9d7683f54168b57651f4742c5b952bfdee832893a
The LedgerSMB development team has found an SQL injection issue in LedgerSMB version 1.2.24. Because this issue stems from their common SQL-Ledger heritage, it affects all versions of LedgerSMB and has been confirmed in SQL-Ledger version 2.8.33.
d46a40d761ab4f653c338833304f4974937256b45896dba52e8970d226b6ce1c
Secunia Security Advisory - A vulnerability has been reported in LedgerSMB, which can be exploited by malicious people to conduct SQL injection attacks.
3cd05460eeb11474d202475d1463c79e7182b3807092cd0b77dd837d328f00f1
Secunia Security Advisory - Two vulnerabilities have been discovered in SQL-Ledger, which can be exploited by malicious users to disclose sensitive information, manipulate certain data, and compromise a vulnerable system.
882ad86f863ebf84ff299af59404a063623ceb45d812d3497c8f7c837dc857ed
SQL-Ledger versions 2.8.33 and below suffer from a post-authentication local file inclusion vulnerability.
d496bd5127052681237e5a8a52806489423cb1aec3e9d326887a4e4dbc8804b1
Secunia Security Advisory - A security issue has been discovered in Knowledgeroot Knowledgebase, which can be exploited by malicious people to bypass certain security restrictions.
4a3f17b9c71416cd9d02cc9f612c9cf08ff15047b3b86f3f09d42d43c0823233
Secunia Security Advisory - Some vulnerabilities have been reported in LedgerSMB, which can be exploited by malicious people to conduct cross-site request forgery attacks and by malicious users to conduct SQL injection attacks or bypass certain security restrictions.
597e279a83f4947a3dce5f574a463ad120e35e708ac96c42a9cad078476d58fc
SQL-Ledger has been patched to address cross site request forgery, local file inclusion, no secure flag on cookie, default administrator password and remote SQL injection vulnerabilities.
285bfdfd6459c517b7d7fdad4e66f894515d9a97b2c09fb44c8c4036cdd19c20
Secunia Security Advisory - Alexander Klink has reported some vulnerabilities in SQL-Ledger, which can be exploited by malicious people to conduct cross-site request forgery attacks and by malicious users to conduct script insertion and SQL injection attacks, or bypass certain security restrictions.
d4c003e38d3a0115a0cc0833fd7b098f524d48ddd7590d1a60b957d59299a22e
SQL-Ledger suffers from cross site scripting, cross site request forgery, local file inclusion, SQL injection, and various other security vulnerabilities.
3829bdb05149d1bc7598b7a78e6ebb24bc4dda65fe6aa1226850034c3332a707
Secunia Security Advisory - Some vulnerabilities have been reported in LedgerSMB, which can be exploited by malicious users to conduct SQL injection attacks and malicious people to cause a DoS (Denial of Service).
76902667716363b96aa38145a41b62fcbcb27fb5cc6504ac02f347e3aa7572ce
LedgerSMB versions below 1.2.15 suffer from resource exhaustion and SQL injection vulnerabilities.
f91654fa49ad54ba3de6a606be0531eadae8156cfd640392ec62c9142e9d9e6d
Secunia Security Advisory - Some vulnerabilities have been reported in SQL-Ledger, which can be exploited by malicious people to conduct SQL injection attacks.
591aa67bd412a383f98da7f1d61e365ca3cbe2ad6a89f8df2093eec23157af71
Secunia Security Advisory - A vulnerability has been reported in Knowledgeroot Knowledgebase, which potentially can be exploited by malicious people to compromise a vulnerable system.
7bfd5f5974ddc6715dbae13a92f3b09be3d8ac938525e84d5c7277ea23aff4ca
Secunia Security Advisory - Some vulnerabilities have been reported in LedgerSMB, which can be exploited by malicious people to conduct SQL injection attacks.
afd3e2458d2fe8922d7259386758d3bd36de88a66b7d38701dadbbb797eb64a1
LedgerSMB versions 1.0.0 through 1.2.7 and SQL-Ledger version 2.x are susceptible to SQL injection vulnerabilities.
eda42bf7f295bb93c14358c74c7fcb4333fb8f63d7b699a043b52c7b3368a891
Secunia Security Advisory - A vulnerability has been reported in LedgerSMB, which can be exploited by malicious people to bypass certain security restrictions.
26df226a9f54b84138410faac52ae4462c13bd4cf62ac382d1909ca5c7d4ce06
LedgerSMB versions 1.2.0 through 1.2.6 suffer from an authentication bypass.
095c2dbf209d876105110d06020263404fc91e57fbd9e2597f5c50ee7e4d301b