[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

SQL-Ledger patch update for SQL injection

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: SQL-Ledger patch update for SQL injection
From: Chris Travers <chris@xxxxxxxxxxxxxxxx>
Date: Wed, 24 Aug 2011 07:45:23 -0700

Hi all;

We have been informed that SQL-Ledger 2.8.34 has in fact been released
patching the security hole previously reported in LedgerSMB 1.2.24 and
Lower.  This is an SQL injection issue.

I haven't been been able to find a CVE listing for this yet.  Secunia
has assigned this the id of SA45649 for LedgerSMB.  I expect to send a
full disclosure email discussing the vulnerability in a week.

Best Wishes,
Chris Travers

Prev by Date: Cross-Site Scripting (XSS) in Microsoft ReportViewer Controls
Next by Date: ZDI-11-273: EMC Autostart Domain Name Logging Remote Code Execution Vulnerability
Previous by thread: Cross-Site Scripting (XSS) in Microsoft ReportViewer Controls
Next by thread: ZDI-11-273: EMC Autostart Domain Name Logging Remote Code Execution Vulnerability
Index(es):
- Date
- Thread