33 matches found
EUVD-2018-20262
Malware in sbrugna...
EUVD-2019-9230
Malware in sbrugna...
EUVD-2022-44370
Malicious code in bioql PyPI...
CVE-2019-19616
An Insecure Direct Object Reference IDOR vulnerability in the Xtivia Web Time and Expense WebTE interface used for Microsoft Dynamics NAV before 2017 allows an attacker to download arbitrary files by specifying arbitrary values for the recId and filename parameters of the /Home/GetAttachment...
Security Updates for Microsoft Dynamics NAV (Dec 2022)
The Microsoft Dynamics NAV install is missing a security update. It is, therefore, affected by a remote code execution vulnerability. Note that Nessus has not attempted to exploit this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C...
CVE-2022-41127
CVE-2022-41127 affects Microsoft Dynamics NAV and Microsoft Dynamics 365 Business Central On‑Premises. Descriptions in connected docs confirm a remote code execution vulnerability and that Microsoft released updates to fix it (e.g., Update 16.19 for BC 2020 Wave 1, Update 17.17 for BC 2020 Wave 2...
Security Updates for Microsoft Dynamics NAV (August 2021)
The Microsoft Dynamics NAV install is missing a security update. It is, therefore, affected by a Cross-site Scripting Vulnerability. Note that Nessus has not attempted to exploit this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 70300 C Tenabl...
Security Updates for Microsoft Dynamics NAV (Dec 2020)
The Microsoft Dynamics NAV install is missing a security update. It is, therefore, affected by an information disclosure vulnerability in the Document Service table due to the Password field not being masked. An authenticated, remote attacker can exploit this, by inspecting as a system user, to...
Security Updates for Microsoft Dynamics NAV (Feb 2021)
The Microsoft Dynamics NAV install is missing a security update. It is, therefore, affected by a cross site scripting XSS vulnerability due to improper validation of user-supplied input. An authenticated attacker can exploit this, by entering specially crafted URLs in the Links and Notes feature,...
XSS attack in Links and Notes feature in Microsoft Dynamics NAV (KB4602915)
XSS attack in Links and Notes feature in Microsoft Dynamics NAV KB4602915 Symptoms If you are authenticated, and you enter URLs by using special schemes JavaScript or data in the Links and Notes feature in Microsoft Dynamics NAV, you might make yourself vulnerable to a Cross-Site Scripting XSS...
KLA12070 Multiple vulnerabilities in Microsoft Dynamics
Multiple vulnerabilities were found in Microsoft Dynamics. Malicious users can exploit these vulnerabilities to obtain sensitive information, spoof user interface. Below is a complete list of vulnerabilities: 1. An information disclosure vulnerability in Microsoft Dataverse can be exploited...
Security Updates for Microsoft Dynamics NAV (Dec 2018)
The Microsoft Dynamics NAV install is missing a security update. It is, therefore, affected by a cross-site scripting XSS vulnerability due to improper validation of user-supplied input before returning it to users. An authenticated, remote attacker can exploit this, by sending a specially crafte...
Security Updates for Microsoft Dynamics NAV (Mar 2020)
The Microsoft Dynamics NAV install is missing a security update. It is, therefore, affected by a remote code execution vulnerability due to an issue with the Role-Tailored Client. An authenticated, remote attacker can exploit this to execute arbitrary commands or elevate privileges. Note that...
Security Updates for Microsoft Dynamics NAV (Apr 2020)
The Microsoft Dynamics NAV install is missing a security update. It is, therefore, affected by the following vulnerabilities : - An information disclosure vulnerability exists in Dynamics NAV due to the application not properly hiding the value of a masked field when showing the records as a char...
Microsoft Dynamics NAV Server Installed (Windows)
Binary data microsoftdynamicsnavserverwininstalled.nbin...
CVE-2020-1018
CVE-2020-1018 concerns Microsoft Dynamics 365 Business Central/NAV on-premises where masked fields shown on a chart page are not properly hidden, exposing information that should be concealed. The info-disclosure vulnerability stems from the rendering of masked content in the Windows client; the ...
Description of the security update for Microsoft Dynamics NAV 2015: April 14, 2020
Description of the security update for Microsoft Dynamics NAV 2015: April 14, 2020 An information disclosure vulnerability exists if Microsoft Dynamics Business Central/NAV on-premises does not correctly hide the value of a masked field when it displays the records as a chart page. To learn more...
Cumulative Update 10 for Microsoft Dynamics 365 Business Central April'19 on-premises (Application Build 14.11.41204, Platform Build 14.0.41143)
Cumulative Update 10 for Microsoft Dynamics 365 Business Central April'19 on-premises Application Build 14.11.41204, Platform Build 14.0.41143 This article applies to Microsoft Dynamics 365 Business Central Spring 2019 Update on-premises deployments for all countries and all language locales.A...
Cumulative Update 40 for Microsoft Dynamics NAV 2017 (Build 30192)
Cumulative Update 40 for Microsoft Dynamics NAV 2017 Build 30192 This article applies to Microsoft Dynamics NAV 2017 for all countries and all language locales.A remote code execution vulnerability exists in Microsoft Dynamics NAV. A user who has the permission to access certain features that...
Cumulative Update 53 for Microsoft Dynamics NAV 2016 (Build 51775)
Cumulative Update 53 for Microsoft Dynamics NAV 2016 Build 51775 This article applies to Microsoft Dynamics NAV 2016 for all countries and all language locales.A remote code execution vulnerability exists in Microsoft Dynamics NAV. A user who has the permission to access certain features that...