77 matches found
CVE-2021-28373
The authinternal plugin in Tiny Tiny RSS aka tt-rss before 2021-03-12 allows an attacker to log in via the OTP code without a valid password. NOTE: this issue only affected the git master branch for a short time. However, all end users are explicitly directed to use the git master branch in...
EUVD-2017-1362
Malware in sbrugna...
EUVD-2017-8067
Malware in sbrugna...
EUVD-2020-18438
Malware in sbrugna...
EUVD-2021-15056
Malware in sbrugna...
EUVD-2020-18439
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2017-16896
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A SQL injection in classes/handler/public.php in the forgotpass component of Tiny Tiny RSS 17.4 exists via the login parameter. CVE-2017-16896 Note that Nessus...
Linux Distros Unpatched Vulnerability : CVE-2020-25788
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Tiny Tiny RSS aka tt-rss before 2020-09-16. imgproxy in plugins/afproxyhttp/init.php mishandles $REQUESTurl in an error message...
Linux Distros Unpatched Vulnerability : CVE-2020-25789
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Tiny Tiny RSS aka tt-rss before 2020-09-16. The cachedurl feature mishandles JavaScript inside an SVG document. CVE-2020-25789 Note...
Linux Distros Unpatched Vulnerability : CVE-2017-1000035
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Tiny Tiny RSS before 829d478f is vulnerable to XSS window.opener attack CVE-2017-1000035 Note that Nessus relies on the presence of the package as reported by t...
CVE-2020-25787
An issue was discovered in Tiny Tiny RSS aka tt-rss before 2020-09-16. It does not validate all URLs before requesting them...
CVE-2020-25789
An issue was discovered in Tiny Tiny RSS aka tt-rss before 2020-09-16. The cachedurl feature mishandles JavaScript inside an SVG document...
CVE-2020-25788
An issue was discovered in Tiny Tiny RSS aka tt-rss before 2020-09-16. imgproxy in plugins/afproxyhttp/init.php mishandles $REQUEST"url" in an error message...
CVE-2017-16896
A SQL injection in classes/handler/public.php in the forgotpass component of Tiny Tiny RSS 17.4 exists via the login parameter...
TTRSS-Auth-LDAP 注入漏洞
TTRSS-Auth-LDAP is a GitHub repository for the authldap plugin for Tiny Tiny RSS from the individual developer Ben Tyger. An injection vulnerability exists in TTRSS-Auth-LDAP. An attacker could exploit this vulnerability to cause LDAP injection...
Tiny Tiny RSS Remote Code Execution (CVE-2020-25787)
A remote code execution vulnerability exists in Tiny Tiny RSS. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
CVE-2021-28373
The authinternal plugin in Tiny Tiny RSS aka tt-rss before 2021-03-12 allows an attacker to log in via the OTP code without a valid password. NOTE: this issue only affected the git master branch for a short time. However, all end users are explicitly directed to use the git master branch in...
CVE-2021-28373
The authinternal plugin in Tiny Tiny RSS aka tt-rss before 2021-03-12 allows an attacker to log in via the OTP code without a valid password. NOTE: this issue only affected the git master branch for a short time. However, all end users are explicitly directed to use the git master branch in...
Design/Logic Flaw
The authinternal plugin in Tiny Tiny RSS aka tt-rss before 2021-03-12 allows an attacker to log in via the OTP code without a valid password. NOTE: this issue only affected the git master branch for a short time. However, all end users are explicitly directed to use the git master branch in...
CVE-2021-28373
The authinternal plugin in Tiny Tiny RSS aka tt-rss before 2021-03-12 allows an attacker to log in via the OTP code without a valid password. NOTE: this issue only affected the git master branch for a short time. However, all end users are explicitly directed to use the git master branch in...