6 matches found
Debian: Security Advisory (DSA-3043-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian: Security Advisory (DLA-70-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DSA-3043-1 : tryton-server - security update
Description not provided by Debian for this vulnerability. For further details on the vulnerability, contact Debian. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-3043. The text itself i...
CVE-2014-6633
The safeeval function in trytond in Tryton before 2.4.15, 2.6.x before 2.6.14, 2.8.x before 2.8.11, 3.0.x before 3.0.7, and 3.2.x before 3.2.3 allows remote authenticated users to execute arbitrary commands via shell metacharacters in 1 the collection.domain in the webdav module or 2 the formula...
CVE-2014-6633
CVE-2014-6633 affects Trytond: the safe_eval function allows remote authenticated users to execute arbitrary commands via shell metacharacters in (1) collection.domain (webdav module) or (2) the formula field (price_list module). Vulnerable versions include Tryton before 2.4.15, 2.6.x before 2.6....
Debian DLA-70-1 : tryton-server security update
duesenfranz discovered, that safeeval in trytond could be used to execute arbitrary commands, mainly via the webdav interface. The patches applied do not allow double underscores in safeeval and avoid double evaluation from inherit with a different model. NOTE: Tenable Network Security has...