14 matches found
Linux Distros Unpatched Vulnerability : CVE-2017-16896
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A SQL injection in classes/handler/public.php in the forgotpass component of Tiny Tiny RSS 17.4 exists via the login parameter. CVE-2017-16896 Note that Nessus...
CVE-2017-16896
A SQL injection in classes/handler/public.php in the forgotpass component of Tiny Tiny RSS 17.4 exists via the login parameter...
Sql injection
DISPUTED Nagios XI 5.6.1 allows SQL injection via the username parameter to login.php?forgotpass aka the reset password form. NOTE: The vendor disputes this issues as not being a vulnerability because the issue does not seem to be a legitimate SQL Injection. The POC does not show any valid...
CVE-2019-12279
Nagios XI 5.6.1 allows SQL injection via the username parameter to login.php?forgotpass aka the reset password form. NOTE: The vendor disputes this issues as not being a vulnerability because the issue does not seem to be a legitimate SQL Injection. The POC does not show any valid injection that...
Tiny Tiny RSS SQL Injection Vulnerability
Tiny Tiny RSS is an open source RSS Really Simple Syndication reader written in PHP. forgotpass component is one of the password recovery component. A SQL injection vulnerability exists in the classes/handler/public.php file of the forgotpass component in Tiny Tiny RSS version 17.4. A remote...
CVE-2017-16896
A SQL injection in classes/handler/public.php in the forgotpass component of Tiny Tiny RSS 17.4 exists via the login parameter...
CVE-2017-16896
A SQL injection in classes/handler/public.php in the forgotpass component of Tiny Tiny RSS 17.4 exists via the login parameter...
Sql injection
A SQL injection in classes/handler/public.php in the forgotpass component of Tiny Tiny RSS 17.4 exists via the login parameter...
UBUNTU-CVE-2017-16896
A SQL injection in classes/handler/public.php in the forgotpass component of Tiny Tiny RSS 17.4 exists via the login parameter...
CVE-2017-16896
CVE-2017-16896 affects Tiny Tiny RSS 17.4, specifically the forgotpass component’s login parameter. Multiple connected entries confirm a SQL injection in classes/handler/public.php, producing high/severe impact (NVD metrics: CVSSv2 7.5 MED/ HIGH; CVSSv3 9.8 CRITICAL) with network reach and no aut...
CVE-2017-16896
A SQL injection in classes/handler/public.php in the forgotpass component of Tiny Tiny RSS 17.4 exists via the login parameter...
CVE-2017-16896
A SQL injection in classes/handler/public.php in the forgotpass component of Tiny Tiny RSS 17.4 exists via the login parameter...
CVE-2012-1825
Multiple cross-site scripting XSS vulnerabilities in the status program on the ForeScout CounterACT appliance with software 6.3.3.2 through 6.3.4.10 allow remote attackers to inject arbitrary web script or HTML via 1 the loginname parameter in a forgotpass action or 2 the username parameter...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Smarter Scripts IntelliLink Pro 5.06 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 url parameter in addlinklwp.cgi and the 2 id, 3 forgotid, and 4 forgotpass parameters in edit.cgi...