31 matches found
CVE-2026-8360 Gladinet Triofox Unchecked Return Value to NULL Pointer Dereference DOS
Function calls to WOSCommonUtil.dll!WOSSysInfoGetDeviceInterface in various DLLs i.e., WOSProfileMgrModule.dll, WOSWebDavModule.dll can return a NULL pointer i.e., when no user is logged into the Triofox Server Agent Management Console. The returned NULL pointer is not checked before being...
Important: Red Hat Security Advisory: nginx security update
An update for nginx is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
NGINX: NGINX: Denial of Service or file modification via buffer overflow in ngx_http_dav_module
A flaw was found in NGINX. A remote attacker can exploit a buffer overflow vulnerability within the ngxhttpdavmodule module. This occurs when the NGINX configuration uses DAV module MOVE or COPY methods in conjunction with prefix location and alias directives. Successful exploitation may lead to...
nginx security update
2:1.26.3-2.0.1.1 - Reference oracle-indexhtml within Requires Orabug: 33802044 2:1.26.3-6 - Resolves: RHEL-157874 CVE-2026-32647 nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files 2:1.26.3-5 - Resolves: RHEL-159433 CVE-2026-27651 nginx: NGINX: Denial of Service via...
EUVD-2018-0143
Malware in sbrugna...
EUVD-2007-6655
Malware in sbrugna...
PT-2023-7493 · Asus · Asus Rt-Ax92U
Name of the Vulnerable Software and Affected Versions: ASUS RT-AX92U affected versions not specified Description: This issue allows network-adjacent attackers to disclose sensitive information on affected ASUS RT-AX92U routers. The flaw exists within the mod webdav.so module, where the process do...
PT-2023-26803 · Papercut · Papercut Ng +1
Name of the Vulnerable Software and Affected Versions: PaperCut NG and PaperCut MF versions prior to 22.1.3 Description: The issue allows path traversal, enabling attackers to upload, read, or delete arbitrary files, leading to remote code execution when external device integration is enabled. Th...
Security Bulletin: Vulnerability in Apache HTTP Server affect Cloud Pak System (CVE-2006-20001)
Summary Denial of service vulnerability in moddav module of Apache HTTP Server affects Cloud Pak System. Vulnerability Details CVEID:CVE-2006-20001 DESCRIPTION: Apache HTTP Server is vulnerable to a denial of service, caused by an out-of-bounds read or write of zero in moddav. By sending a...
Tryton vulnerable to arbitrary command execution
The safeeval function in trytond in Tryton before 2.4.15, 2.6.x before 2.6.14, 2.8.x before 2.8.11, 3.0.x before 3.0.7, and 3.2.x before 3.2.3 allows remote authenticated users to execute arbitrary commands via shell metacharacters in 1 the collection.domain in the webdav module or 2 the formula...
GHSA-M9JJ-5QVJ-5FHX Tryton vulnerable to arbitrary command execution
The safeeval function in trytond in Tryton before 2.4.15, 2.6.x before 2.6.14, 2.8.x before 2.8.11, 3.0.x before 3.0.7, and 3.2.x before 3.2.3 allows remote authenticated users to execute arbitrary commands via shell metacharacters in 1 the collection.domain in the webdav module or 2 the formula...
CVE-2007-6691
Multiple unspecified vulnerabilities in Menalto Gallery before 2.2.4 have unknown impact, related to 1 "hotlink protection" in the URL rewrite module, 2 a WebDAV view in the WebDAV module, 3 a comment view in the Comment module, 4 unspecified "item information disclosure attacks" in the Core modu...
Arbitrary Code Execution
trytond is vulnerable to arbitrary code execution. Since it uses safeeval function, it allows the attacker to inject malicious code via the shell metacharacters in 1 the collection.domain in the webdav module or 2 the formula field in the pricelist module...
CVE-2014-6633
The safeeval function in trytond in Tryton before 2.4.15, 2.6.x before 2.6.14, 2.8.x before 2.8.11, 3.0.x before 3.0.7, and 3.2.x before 3.2.3 allows remote authenticated users to execute arbitrary commands via shell metacharacters in 1 the collection.domain in the webdav module or 2 the formula...
Code injection
The safeeval function in trytond in Tryton before 2.4.15, 2.6.x before 2.6.14, 2.8.x before 2.8.11, 3.0.x before 3.0.7, and 3.2.x before 3.2.3 allows remote authenticated users to execute arbitrary commands via shell metacharacters in 1 the collection.domain in the webdav module or 2 the formula...
CVE-2014-6633
The safeeval function in trytond in Tryton before 2.4.15, 2.6.x before 2.6.14, 2.8.x before 2.8.11, 3.0.x before 3.0.7, and 3.2.x before 3.2.3 allows remote authenticated users to execute arbitrary commands via shell metacharacters in 1 the collection.domain in the webdav module or 2 the formula...
CVE-2014-6633
The safeeval function in trytond in Tryton before 2.4.15, 2.6.x before 2.6.14, 2.8.x before 2.8.11, 3.0.x before 3.0.7, and 3.2.x before 3.2.3 allows remote authenticated users to execute arbitrary commands via shell metacharacters in 1 the collection.domain in the webdav module or 2 the formula...
PYSEC-2018-59
The safeeval function in trytond in Tryton before 2.4.15, 2.6.x before 2.6.14, 2.8.x before 2.8.11, 3.0.x before 3.0.7, and 3.2.x before 3.2.3 allows remote authenticated users to execute arbitrary commands via shell metacharacters in 1 the collection.domain in the webdav module or 2 the formula...
CVE-2014-6633
The safeeval function in trytond in Tryton before 2.4.15, 2.6.x before 2.6.14, 2.8.x before 2.8.11, 3.0.x before 3.0.7, and 3.2.x before 3.2.3 allows remote authenticated users to execute arbitrary commands via shell metacharacters in 1 the collection.domain in the webdav module or 2 the formula...
DLA-629-1 jackrabbit - security update
Bulletin has no description...