Search
Search Results (9 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-8362 | 1 Gladinet | 1 Triofox | 2026-05-28 | 9.8 Critical |
| A stack-based buffer overflow condition exists in WOSDefaultHttpModule.dll when processing a long URL path starting with /woshome | ||||
| CVE-2026-8364 | 1 Gladinet | 1 Triofox | 2026-05-28 | 9.8 Critical |
| Gladinet Triofox Cloud Server Agent Access Service (GladServerAgentService.exe) listens on TCP port 7878 and processes remote HTTP messages with URL paths starting with /resources, /status, /sysinfo, /woshome, /Settings, /schedule, or /DavCache. | ||||
| CVE-2026-8360 | 1 Gladinet | 1 Triofox | 2026-05-28 | 7.5 High |
| Function calls to WOSCommonUtil.dll!WOSSysInfoGetDeviceInterface() in various DLLs (i.e., WOSProfileMgrModule.dll, WOSWebDavModule.dll) can return a NULL pointer (i.e., when no user is logged into the Triofox Server Agent Management Console). The returned NULL pointer is not checked before being dereferenced. | ||||
| CVE-2026-8363 | 1 Gladinet | 1 Triofox | 2026-05-28 | 9.8 Critical |
| A stack-based buffer overflow condition exists in WOSDeviceDropFolder.dll when processing a long URL path starting with /resources: | ||||
| CVE-2026-8361 | 1 Gladinet | 1 Triofox | 2026-05-28 | 7.5 High |
| A path traversal vulnerability exists in WOSDefaultHttpModule.dll when processing a URL path starting with /woshome | ||||
| CVE-2026-8359 | 1 Gladinet | 1 Triofox | 2026-05-28 | 7.5 High |
| When processing a request with a URL path starting with /status or /sysinfo, WOSHttpStatusModule.dll is to be loaded to handle such URL patterns. The WOSBin_LoadHttpModule function in the dll would be called to set up a "module" object for that module. However, WOSHttpStatusModule.dll is not present in the installation. As a result, a function pointer to WOSBin_LoadHttpModule (which would have been in the export table in WOSHttpStatusModule.dll) is set to NULL, resulting in calling a function at address 0. | ||||
| CVE-2025-11371 | 1 Gladinet | 2 Centrestack, Triofox | 2026-02-26 | 7.5 High |
| In the default installation and configuration of Gladinet CentreStack and TrioFox, there is an unauthenticated Local File Inclusion Flaw that allows unintended disclosure of system files. Exploitation of this vulnerability has been observed in the wild. This issue impacts Gladinet CentreStack and Triofox: All versions prior to and including 16.7.10368.56560 | ||||
| CVE-2025-12480 | 1 Gladinet | 1 Triofox | 2026-02-26 | 9.1 Critical |
| Triofox versions prior to 16.7.10368.56560, are vulnerable to an Improper Access Control flaw that allows access to initial setup pages even after setup is complete. | ||||
| CVE-2025-14611 | 1 Gladinet | 2 Centrestack, Triofox | 2026-02-26 | 9.8 Critical |
| Gladinet CentreStack and Triofox prior to version 16.12.10420.56791 used hardcoded values for their implementation of the AES cryptoscheme. This degrades security for public exposed endpoints that may make use of it and may offer arbitrary local file inclusion when provided a specially crafted request without authentication. This opens the door for future exploitation and can be leveraged with previous vulnerabilities to gain a full system compromise. | ||||
Page 1 of 1.