Download
| Alert*
oval:org.secpod.oval:def:602601
Two vulnerabilities have been discovered in the server for the Tryton application platform, which may result in information disclosure of password hashes or file contents. oval:org.secpod.oval:def:1900543 file_open in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allows remote authenticated users with certain permissions to read arbitrary files via the name parameter or unspecified other vectors. oval:org.secpod.oval:def:602845 It was discovered that the original patch to address CVE-2016-1242 did not cover all cases, which may result in information disclosure of file contents. |