SQL-Ledger/LedgerSMB Terminal Parameter Directory Traversal Vulnerability

Bugtraq ID: 19960
Class: Input Validation Error
CVE: CVE-2006-4731
Remote: Yes
Local: No
Published: Sep 12 2006 12:00AM
Updated: Jan 25 2007 04:26PM
Credit: Chris Murtagh and Richard Patterson of Quickhelp are credited with the discovery of this vulnerability.
Vulnerable: SQL-Ledger SQL-Ledger 2.6.18
SQL-Ledger SQL-Ledger 2.6.17
LedgerSMB LedgerSMB 1.0
Debian Linux 3.1
Not Vulnerable: SQL-Ledger SQL-Ledger 2.6.19
LedgerSMB LedgerSMB 1.0 p1


Privacy Statement
Copyright 2010, SecurityFocus