100 matches found
CVE-2019-14537
YOURLS through 1.7.3 is affected by a type juggling vulnerability in the api component that can result in login bypass...
CVE-2019-14537
YOURLS (up to version 1.7.3) API exposes a type juggling vulnerability that can lead to authentication/login bypass. The issue is documented as CVE-2019-14537 with a fix in YOURLS 1.7.4 (patches and related PRs are available in the YOURLS repository). An advisory exists describing the impact and ...
Exploit for Type Confusion in Yourls
YOURLS: CVE-2019-14537 PoC !alt texthttps://raw.githubuser...
Fedora Update for yourls FEDORA-2015-5965
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 21 : yourls-1.7-3.20150410gitabc7d6c.fc21 (2015-6002)
Update to the latest master from git Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 703...
Fedora 22 : yourls-1.7-3.20150410gitabc7d6c.fc22 (2015-5965)
Update to the latest master from git Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 703...
Fedora 20 : yourls-1.7-3.20150410gitabc7d6c.fc20 (2015-5972)
Update to the latest master from git Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 703...
Fedora Update for yourls FEDORA-2015-6002
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for yourls FEDORA-2015-5972
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 22 Update: yourls-1.7-3.20150410gitabc7d6c.fc22
YOURLS is a small set of PHP scripts that will allow you to run your own URL shortening service a la TinyURL. You can make it private or public, you can pick custom keyword URLs, it comes with its own API...
[SECURITY] Fedora 21 Update: yourls-1.7-3.20150410gitabc7d6c.fc21
YOURLS is a small set of PHP scripts that will allow you to run your own URL shortening service a la TinyURL. You can make it private or public, you can pick custom keyword URLs, it comes with its own API...
[SECURITY] Fedora 20 Update: yourls-1.7-3.20150410gitabc7d6c.fc20
YOURLS is a small set of PHP scripts that will allow you to run your own URL shortening service a la TinyURL. You can make it private or public, you can pick custom keyword URLs, it comes with its own API...
CVE-2014-8488
Cross-site scripting XSS vulnerability in the administrator panel in Yourls 1.7 allows remote attackers to inject arbitrary web script or HTML via a URL that is processed by the Shorten functionality...
Cross site scripting
Cross-site scripting XSS vulnerability in the administrator panel in Yourls 1.7 allows remote attackers to inject arbitrary web script or HTML via a URL that is processed by the Shorten functionality...
CVE-2014-8488
Cross-site scripting XSS vulnerability in the administrator panel in Yourls 1.7 allows remote attackers to inject arbitrary web script or HTML via a URL that is processed by the Shorten functionality...
CVE-2014-8488
The CVE-2014-8488 entry is corroborated by connected advisories showing Fedora updates for yourls 1.7 (e.g., FEDORA-2015-5965/5972) addressing an XSS in the administrator panel via the Shorten functionality. Affected product: YOURLS (PHP-based URL shortening) software package 1.7; vulnerability t...
Yourls 1.7 Cross Site Scripting
Hello, I found a xss stored vulnerability in Yourls 1.7 script latest version. The attacker can steal the admin's cookies and login in the admin panel. Note: Only the admin can see this. Steps to perform the vulnerability: 1. Create a new url to shorten -- In the inputs you need write this payloa...
Information disclosure
Your Own URL Shortener YOURLS 1.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/auth.php and certain other files...
CVE-2011-3824
Your Own URL Shortener YOURLS 1.5 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/auth.php and certain other files...
CVE-2011-3824
The CVE-2011-3824 issue affects Your Own URL Shortener (YOURLS) 1.5, where a direct request to a PHP file can disclose installation path information via an error message (e.g., includes/auth.php and similar files). Root cause: error disclosure leaking path details through PHP error handling. Impa...