ubuntu · CVE-2007-1329

Quick triage

Priority: medium Published: 2007-03-07 21:19:00 UTC Updated: 2024-07-24 15:57:39 UTC

View at Official ubuntu advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2007-1329 medium priority: Ubuntu including 1 source packages (sql-ledger), 34 status rows across 34 suites (artful, bionic, cosmic, dapper, disco, edgy, eoan, feisty, focal, groovy, gutsy, hardy, hirsute, impish, intrepid, jammy, jaunty, karmic, lucid, maverick, natty, oneiric, precise, quantal, raring, saucy, trusty, upstream, utopic, vivid, wily, xenial, yakkety, zesty): ignored 22, DNE 11, needs-triage 1.

Description:

Directory traversal vulnerability in SQL-Ledger, and LedgerSMB before 1.1.5, allows remote attackers to read and overwrite arbitrary files, and execute arbitrary code, via . (dot) characters adjacent to (1) users and (2) users/members strings, which are removed by blacklisting functions that filter these strings and collapse into .. (dot dot) sequences.

cvelogic Threat Intelligence