11 matches found
EUVD-2012-0030
Malware in sbrugna...
CVE-2012-0215
model/modelstorage.py in the Tryton application framework trytond before 2.4.0 for Python does not properly restrict access to the Many2Many field in the relation model, which allows remote authenticated users to modify the privileges of arbitrary users via a 1 create, 2 write, 3 delete, or 4 cop...
CVE-2012-0215
model/modelstorage.py in the Tryton application framework trytond before 2.4.0 for Python does not properly restrict access to the Many2Many field in the relation model, which allows remote authenticated users to modify the privileges of arbitrary users via a 1 create, 2 write, 3 delete, or 4 cop...
DEBIAN-CVE-2012-0215
model/modelstorage.py in the Tryton application framework trytond before 2.4.0 for Python does not properly restrict access to the Many2Many field in the relation model, which allows remote authenticated users to modify the privileges of arbitrary users via a 1 create, 2 write, 3 delete, or 4 cop...
Code injection
model/modelstorage.py in the Tryton application framework trytond before 2.4.0 for Python does not properly restrict access to the Many2Many field in the relation model, which allows remote authenticated users to modify the privileges of arbitrary users via a 1 create, 2 write, 3 delete, or 4 cop...
CVE-2012-0215
model/modelstorage.py in the Tryton application framework trytond before 2.4.0 for Python does not properly restrict access to the Many2Many field in the relation model, which allows remote authenticated users to modify the privileges of arbitrary users via a 1 create, 2 write, 3 delete, or 4 cop...
CVE-2012-0215
model/modelstorage.py in the Tryton application framework trytond before 2.4.0 for Python does not properly restrict access to the Many2Many field in the relation model, which allows remote authenticated users to modify the privileges of arbitrary users via a 1 create, 2 write, 3 delete, or 4 cop...
Debian Security Advisory DSA 2444-1 (tryton-server)
The remote host is missing an update to tryton-server announced via advisory DSA 2444-1. OpenVAS Vulnerability Test $Id: deb24441.nasl 6612 2017-07-07 12:08:03Z cfischer $ Description: Auto-generated from advisory DSA 2444-1 tryton-server Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft...
Python 'trytond'模块'Many2Many'字段安全限制绕过漏洞
BUGTRAQ ID: 52804 CVE ID: CVE-2012-0215 Python是一种面向对象、直译式计算机程序设计语言,也是一种功能强大的通用型语言。 Python在trytond模块验证访问关系模型中的"Many2Many"字段的权限时,在实现上存在安全漏洞,可被利用添加用户到其他组并获取其他权限。 0 Debian Linux 6.0 x Python trytond 2.2.1 厂商补丁: Python ------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: www.python.org...
Debian DSA-2444-1 : tryton-server - privilege escalation
It was discovered that the Tryton application framework for Python allows authenticated users to escalate their privileges by editing the Many2Many field. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Securit...
[SECURITY] [DSA 2444-1] tryton-server security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2444-1 [email protected] http://www.debian.org/security/ Florian Weimer March 29, 2012 http://www.debian.org/security/faq -...