21 matches found
Linux Distros Unpatched Vulnerability : CVE-2025-66423
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Tryton trytond 6.0 before 7.6.11 does not enforce access rights for the route of the HTML editor. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70...
UBUNTU-CVE-2025-66422
Tryton trytond before 7.6.11 allows remote attackers to obtain sensitive trace-back server setup information. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70...
EUVD-2018-0143
Malware in sbrugna...
EUVD-2017-0137
Malware in sbrugna...
EUVD-2018-0142
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2019-10868
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In trytond/model/modelstorage.py in Tryton 4.2 before 4.2.21, 4.4 before 4.4.19, 4.6 before 4.6.14, 4.8 before 4.8.10, and 5.0 before 5.0.6, an authenticated us...
Linux Distros Unpatched Vulnerability : CVE-2016-1241
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Tryton 3.x before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allow remote authenticated users to discover user...
SUSE CVE-2016-1241
Tryton 3.x before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allow remote authenticated users to discover user password hashes via unspecified vectors...
GHSA-QJMC-WWMW-CQ9R Tryton Directory Traversal vulnerability
Directory traversal vulnerability in the client in Tryton 3.0.0, as distributed before 20131104 and earlier, allows remote servers to write arbitrary files via path separators in the extension of a report...
GHSA-JPR7-8RXM-4VGX Tryton allow authenticated users with certain permissions to read arbitrary files via the name parameter
fileopen in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allows remote authenticated users with certain permissions to read arbitrary files via the name parameter or unspecified other vectors...
GHSA-M9JJ-5QVJ-5FHX Tryton vulnerable to arbitrary command execution
The safeeval function in trytond in Tryton before 2.4.15, 2.6.x before 2.6.14, 2.8.x before 2.8.11, 3.0.x before 3.0.7, and 3.2.x before 3.2.3 allows remote authenticated users to execute arbitrary commands via shell metacharacters in 1 the collection.domain in the webdav module or 2 the formula...
Tryton 代码问题漏洞
Tryton is a content management system. Tryton Application Platform Server versions 5.x through 5.0.45, 6.x through 6.0.15, 6.1.x, 6.2.x through 6.2.5 and Tryton Application Platform Command Line An attacker can utilize an XML SEPA file to access arbitrary files on the system...
DEBIAN-CVE-2019-10868
In trytond/model/modelstorage.py in Tryton 4.2 before 4.2.21, 4.4 before 4.4.19, 4.6 before 4.6.14, 4.8 before 4.8.10, and 5.0 before 5.0.6, an authenticated user can order records based on a field for which he has no access right. This may allow the user to guess values...
PYSEC-2018-77
The client in Tryton 5.x before 5.0.1 tries to make a connection to the bus in cleartext instead of encrypted under certain circumstances in bus.py and jsonrpc.py. This connection attempt fails, but it contains in the header the current session of the user. This session could then be stolen by a...
Tryton Arbitrary File Read Vulnerability
Tryton is a set of general-purpose application platform based on Python and PostgreSQL. It is an independent branch project of OpenERP Enterprise Resource Planning ERP and Customer Relationship Management CRM system, which contains modules for financial management, marketing management, customer...
CVE-2017-0360
fileopen in Tryton 3.x and 4.x through 4.2.2 allows remote authenticated users with certain permissions to read arbitrary files via a "same root name but with a suffix" attack. NOTE: This vulnerability exists because of an incomplete fix for CVE-2016-1242...
CVE-2016-1242
fileopen in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allows remote authenticated users with certain permissions to read arbitrary files via the name parameter or unspecified other vectors...
PYSEC-2016-40
Tryton 3.x before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allow remote authenticated users to discover user password hashes via unspecified vectors...
PYSEC-2016-41
fileopen in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allows remote authenticated users with certain permissions to read arbitrary files via the name parameter or unspecified other vectors...
CVE-2013-4510
Directory traversal vulnerability in the client in Tryton 3.0.0, as distributed before 20131104 and earlier, allows remote servers to write arbitrary files via path separators in the extension of a report...