{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-09-11T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple directory traversal vulnerabilities in (1) login.pl and (2) admin.pl in (a) SQL-Ledger before 2.6.19 and (b) LedgerSMB before 1.0.0p1 allow remote attackers to execute arbitrary Perl code via an unspecified terminal parameter value containing ../ (dot dot slash)."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-17T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "19960", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/19960"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.sql-ledger.org/cgi-bin/nav.pl?page=news.html&title=What%27s%20New"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://sourceforge.net/project/shownotes.php?group_id=175965&release_id=446778"}, {"name": "1553", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/1553"}, {"name": "21886", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/21886"}, {"name": "ADV-2006-3555", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/3555"}, {"name": "sqlledger-ledgersmb-terminal-file-include(28885)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28885"}, {"tags": ["x_refsource_MISC"], "url": "http://svn.sourceforge.net/viewvc/ledger-smb/trunk/login.pl?r1=53&r2=69"}, {"name": "20060912 LedgerSMB 1.0.0 and SQL-Ledger 2.6.18 and earler arbitrary code execution", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/445817/100/0/threaded"}, {"name": "ADV-2006-3554", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/3554"}, {"name": "21824", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/21824"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-4731", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple directory traversal vulnerabilities in (1) login.pl and (2) admin.pl in (a) SQL-Ledger before 2.6.19 and (b) LedgerSMB before 1.0.0p1 allow remote attackers to execute arbitrary Perl code via an unspecified terminal parameter value containing ../ (dot dot slash)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "19960", "refsource": "BID", "url": "http://www.securityfocus.com/bid/19960"}, {"name": "http://www.sql-ledger.org/cgi-bin/nav.pl?page=news.html&title=What's%20New", "refsource": "CONFIRM", "url": "http://www.sql-ledger.org/cgi-bin/nav.pl?page=news.html&title=What's%20New"}, {"name": "http://sourceforge.net/project/shownotes.php?group_id=175965&release_id=446778", "refsource": "CONFIRM", "url": "http://sourceforge.net/project/shownotes.php?group_id=175965&release_id=446778"}, {"name": "1553", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/1553"}, {"name": "21886", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21886"}, {"name": "ADV-2006-3555", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/3555"}, {"name": "sqlledger-ledgersmb-terminal-file-include(28885)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28885"}, {"name": "http://svn.sourceforge.net/viewvc/ledger-smb/trunk/login.pl?r1=53&r2=69", "refsource": "MISC", "url": "http://svn.sourceforge.net/viewvc/ledger-smb/trunk/login.pl?r1=53&r2=69"}, {"name": "20060912 LedgerSMB 1.0.0 and SQL-Ledger 2.6.18 and earler arbitrary code execution", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/445817/100/0/threaded"}, {"name": "ADV-2006-3554", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/3554"}, {"name": "21824", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21824"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T19:23:40.501Z"}, "title": "CVE Program Container", "references": [{"name": "19960", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/19960"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.sql-ledger.org/cgi-bin/nav.pl?page=news.html&title=What%27s%20New"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://sourceforge.net/project/shownotes.php?group_id=175965&release_id=446778"}, {"name": "1553", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/1553"}, {"name": "21886", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/21886"}, {"name": "ADV-2006-3555", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/3555"}, {"name": "sqlledger-ledgersmb-terminal-file-include(28885)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28885"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://svn.sourceforge.net/viewvc/ledger-smb/trunk/login.pl?r1=53&r2=69"}, {"name": "20060912 LedgerSMB 1.0.0 and SQL-Ledger 2.6.18 and earler arbitrary code execution", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/445817/100/0/threaded"}, {"name": "ADV-2006-3554", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/3554"}, {"name": "21824", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/21824"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-4731", "datePublished": "2006-09-13T00:00:00", "dateReserved": "2006-09-12T00:00:00", "dateUpdated": "2024-08-07T19:23:40.501Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "2BB9C66B-1984-4947-909B-E3F54DF06909", "vulnerable": true}, {"criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "3F0D5853-2982-48B7-B269-481C4144E213", "vulnerable": true}, {"criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "E1353122-B4C2-4153-AD4C-9B6D9CD2B2B7", "vulnerable": true}, {"criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "48CFD8FA-F9E4-48BF-A9BA-9C32153A68BB", "vulnerable": true}, {"criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "EE9C0C77-B7F3-4532-8A5C-6DCFEB449F59", "vulnerable": true}, {"criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "E83ECB29-1821-4ED3-A9BD-3E4FF4693407", "vulnerable": true}, {"criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "54A2DCBE-6D0F-4BE5-8554-31119A33B9AE", "vulnerable": true}, {"criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.2.7:*:*:*:*:*:*:*", "matchCriteriaId": "038721B9-C41E-4F5B-824E-7C0FB45B5C05", "vulnerable": true}, {"criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "0BFD4D31-1454-47DC-BFB5-8BE12F81A055", "vulnerable": true}, {"criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "D208EAF0-B935-4429-A9B6-E5C442DA00C6", "vulnerable": true}, {"criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "EE9A1223-6E76-44C8-A8DF-80A4721DDB07", "vulnerable": true}, {"criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "73906EC6-6AED-4E00-B878-E14E145C63C8", "vulnerable": true}, {"criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "8E3142D8-A208-4663-9DE5-E2C850E545DE", "vulnerable": true}, {"criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.5:*:*:*:*:*:*:*", "matchCriteriaId": "9D6E6DF4-7B05-4C37-BF82-E912D768750C", "vulnerable": true}, {"criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.6:*:*:*:*:*:*:*", "matchCriteriaId": "4A7F2842-997F-4403-8DD0-C5A0D506ADB1", "vulnerable": true}, {"criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.7:*:*:*:*:*:*:*", "matchCriteriaId": "EE971DD9-81A9-49F3-B332-C29643325DFD", "vulnerable": true}, {"criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.8:*:*:*:*:*:*:*", "matchCriteriaId": "836E17BD-E968-449C-AB48-9226617DAAF1", "vulnerable": true}, {"criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.9:*:*:*:*:*:*:*", "matchCriteriaId": "2C821D81-A9F8-4CA2-8930-603191F88DC2", "vulnerable": true}, {"criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.10:*:*:*:*:*:*:*", "matchCriteriaId": "DCC10542-1473-4A25-A0C0-EAA1E8C724D0", "vulnerable": true}, {"criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.11:*:*:*:*:*:*:*", "matchCriteriaId": "51AC444F-F1F4-44E1-892E-9D195D04B082", "vulnerable": true}, {"criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.12:*:*:*:*:*:*:*", "matchCriteriaId": "3735244D-DC20-4713-9117-B838E1743A7D", "vulnerable": true}, {"criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.13:*:*:*:*:*:*:*", "matchCriteriaId": "40C9F399-BDC3-4635-AFD0-B23C8655327E", "vulnerable": true}, {"criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.14:*:*:*:*:*:*:*", "matchCriteriaId": "858502CB-8AB6-4FD2-AA98-BB6336CCE1D7", "vulnerable": true}, {"criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.15:*:*:*:*:*:*:*", "matchCriteriaId": "06D0A870-71C4-4E67-9377-EE2B67052DF9", "vulnerable": true}, {"criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.4.16:*:*:*:*:*:*:*", "matchCriteriaId": "1CF31178-1F21-4F04-8BC5-59CE908673D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "034006A3-F6B7-4E41-86E1-FBA11F78BCA7", "vulnerable": true}, {"criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "EBC1EF7F-B2EF-459D-A2A1-EFF90B093E28", "vulnerable": true}, {"criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "9A763C2E-DBE3-4ECD-9B01-994A8247D60A", "vulnerable": true}, {"criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.4:*:*:*:*:*:*:*", "matchCriteriaId": "7F52FC67-7F9C-47E1-831F-EE8BB81ADAA3", "vulnerable": true}, {"criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.5:*:*:*:*:*:*:*", "matchCriteriaId": "1911B88B-2C1B-494C-95B8-47C7FFB6248C", "vulnerable": true}, {"criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.6:*:*:*:*:*:*:*", "matchCriteriaId": "B08FB320-0E34-40B6-9BFA-DD21F65F99E7", "vulnerable": true}, {"criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.7:*:*:*:*:*:*:*", "matchCriteriaId": "4B9DEAD0-E077-4FC9-9BE6-6CD2F2729BF1", "vulnerable": true}, {"criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.8:*:*:*:*:*:*:*", "matchCriteriaId": "6F413591-7937-408E-AD77-67F6BF4E204A", "vulnerable": true}, {"criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.9:*:*:*:*:*:*:*", "matchCriteriaId": "A419EBB7-F076-412A-B6EC-AE6A551F21FE", "vulnerable": true}, {"criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.10:*:*:*:*:*:*:*", "matchCriteriaId": "0359C86B-003A-446C-B880-575300B53C99", "vulnerable": true}, {"criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.11:*:*:*:*:*:*:*", "matchCriteriaId": "71E696FB-F432-4022-A868-4151B1DF2517", "vulnerable": true}, {"criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.12:*:*:*:*:*:*:*", "matchCriteriaId": "F272D642-B132-480B-A235-6A990FEF47E2", "vulnerable": true}, {"criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.13:*:*:*:*:*:*:*", "matchCriteriaId": "F710BFC3-F5DE-498C-9669-A87F16ADCA2C", "vulnerable": true}, {"criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.14:*:*:*:*:*:*:*", "matchCriteriaId": "05ADA7EF-DC67-4830-97C7-EFF14FD2F327", "vulnerable": true}, {"criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.15:*:*:*:*:*:*:*", "matchCriteriaId": "1D594BCB-7FF8-417D-AC6D-B38881A075E8", "vulnerable": true}, {"criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.16:*:*:*:*:*:*:*", "matchCriteriaId": "EBC86CC6-C3E2-497D-8E81-9B10C97AA008", "vulnerable": true}, {"criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.17:*:*:*:*:*:*:*", "matchCriteriaId": "71C41DD4-4E0C-42A1-9D57-D89BEC35A6A9", "vulnerable": true}, {"criteria": "cpe:2.3:a:dws_systems_inc.:sql-ledger:2.6.18:*:*:*:*:*:*:*", "matchCriteriaId": "8D54002D-D37E-4730-A8B9-5164F8426E04", "vulnerable": true}, {"criteria": "cpe:2.3:a:ledgersmb:ledgersmb:*:*:*:*:*:*:*:*", "matchCriteriaId": "6DB75703-655A-48FB-AE4A-69BE7E2D9112", "versionEndIncluding": "1.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple directory traversal vulnerabilities in (1) login.pl and (2) admin.pl in (a) SQL-Ledger before 2.6.19 and (b) LedgerSMB before 1.0.0p1 allow remote attackers to execute arbitrary Perl code via an unspecified terminal parameter value containing ../ (dot dot slash)."}, {"lang": "es", "value": "Vulnerabilidad de atravesamiento de directorios en (1) login.pl y (2) admin.pl en (a) SQL-Ledger anterior a 2.6.19 y (b) LedgerSMB anterior a 1.0.0p1 , permite a un atacante remoto ejecutar c\u00f3digo Perl de su elecci\u00f3n a trav\u00e9s de un valor de par\u00e1metro terminal no especificado que contiene ../ (punto punto barra)."}], "id": "CVE-2006-4731", "lastModified": "2025-04-03T01:03:51.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-09-13T00:07:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/21824"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/21886"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/1553"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://sourceforge.net/project/shownotes.php?group_id=175965&release_id=446778"}, {"source": "cve@mitre.org", "url": "http://svn.sourceforge.net/viewvc/ledger-smb/trunk/login.pl?r1=53&r2=69"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/445817/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/19960"}, {"source": "cve@mitre.org", "url": "http://www.sql-ledger.org/cgi-bin/nav.pl?page=news.html&title=What%27s%20New"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/3554"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/3555"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28885"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/21824"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/21886"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/1553"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://sourceforge.net/project/shownotes.php?group_id=175965&release_id=446778"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://svn.sourceforge.net/viewvc/ledger-smb/trunk/login.pl?r1=53&r2=69"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/445817/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/19960"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.sql-ledger.org/cgi-bin/nav.pl?page=news.html&title=What%27s%20New"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/3554"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/3555"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/28885"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}