Lucene search
K

76 matches found

OSV
OSV
added 2020/09/19 9:15 p.m.3 views

UBUNTU-CVE-2020-25788

An issue was discovered in Tiny Tiny RSS aka tt-rss before 2020-09-16. imgproxy in plugins/afproxyhttp/init.php mishandles $REQUEST"url" in an error message...

8.1CVSS7.3AI score0.01193EPSS
Exploits0References4
Cvelist
Cvelist
added 2020/09/19 8:18 p.m.39 views

CVE-2020-25787

An issue was discovered in Tiny Tiny RSS aka tt-rss before 2020-09-16. It does not validate all URLs before requesting them...

9.5AI score0.18417EPSS
Exploits4References4
CVE
CVE
added 2020/09/19 8:18 p.m.85 views

CVE-2020-25787

CVE-2020-25787 affects Tiny Tiny RSS (tt-rss) prior to 2020-09-16. The issue is that tt-rss does not validate all URLs before requesting them, enabling potential remote code execution as described by multiple sources. A number of connected documents provide concrete details: a known remote code e...

10CVSS9.3AI score0.18417EPSS
Exploits4References4Affected Software1
Debian CVE
Debian CVE
added 2020/09/19 8:18 p.m.20 views

CVE-2020-25787

An issue was discovered in Tiny Tiny RSS aka tt-rss before 2020-09-16. It does not validate all URLs before requesting them...

10CVSS9.5AI score0.18417EPSS
Exploits4
CVE
CVE
added 2020/09/19 8:18 p.m.57 views

CVE-2020-25788

Tiny Tiny RSS (tt-rss) before 2020-09-16 contains a vulnerability in imgproxy (plugins/af_proxy_http/init.php) where $_REQUEST["url"] is mishandled in an error message. Root cause: improper handling of the URL parameter in error output. Impact indicators in the provided data show high severity (C...

8.1CVSS7.9AI score0.01193EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2020/09/19 8:18 p.m.20 views

CVE-2020-25788

An issue was discovered in Tiny Tiny RSS aka tt-rss before 2020-09-16. imgproxy in plugins/afproxyhttp/init.php mishandles $REQUEST"url" in an error message...

8AI score0.01193EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2020/09/19 8:18 p.m.15 views

CVE-2020-25788

An issue was discovered in Tiny Tiny RSS aka tt-rss before 2020-09-16. imgproxy in plugins/afproxyhttp/init.php mishandles $REQUEST"url" in an error message...

8.1CVSS8AI score0.01193EPSS
Exploits0
CVE
CVE
added 2020/09/19 8:17 p.m.53 views

CVE-2020-25789

CVE-2020-25789 concerns Tiny Tiny RSS (tt-rss) before 2020-09-16. The issue, described across connected sources, is that the cached_url feature mishandles JavaScript inside an SVG document. The available documents denote this as the root cause but do not provide explicit exploit paths, affected v...

6.1CVSS6.3AI score0.00883EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2020/09/19 8:17 p.m.17 views

CVE-2020-25789

An issue was discovered in Tiny Tiny RSS aka tt-rss before 2020-09-16. The cachedurl feature mishandles JavaScript inside an SVG document...

6.5AI score0.00883EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2020/09/19 8:17 p.m.23 views

CVE-2020-25789

An issue was discovered in Tiny Tiny RSS aka tt-rss before 2020-09-16. The cachedurl feature mishandles JavaScript inside an SVG document...

6.1CVSS6.4AI score0.00883EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2020/09/19 12:0 a.m.4 views

PT-2020-16209

Name of the Vulnerable Software and Affected Versions Tiny Tiny RSS versions prior to 2020-09-16 Description An issue was discovered in the cached url feature, which mishandles JavaScript inside an SVG document. This issue affects Tiny Tiny RSS. Recommendations For versions prior to 2020-09-16,...

6.1CVSS6.9AI score0.00883EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2020/09/19 12:0 a.m.4 views

PT-2020-16208

Name of the Vulnerable Software and Affected Versions Tiny Tiny RSS versions prior to 2020-09-16 Description A problem was discovered in Tiny Tiny RSS where the imgproxy function in the plugins/af proxy http/init.php file mishandles the url variable in an error message. Recommendations For versio...

8.1CVSS6.6AI score0.01193EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2020/09/19 12:0 a.m.1 views

PT-2020-16207

Name of the Vulnerable Software and Affected Versions Tiny Tiny RSS tt-rss versions prior to 2020-09-16 Description The issue is related to the failure of Tiny Tiny RSS to validate all URLs before requesting them. This could potentially lead to unauthorized access or other security issues...

10CVSS6.6AI score0.18417EPSS
Exploits4References15
CNVD
CNVD
added 2017/11/21 12:0 a.m.3 views

Tiny Tiny RSS SQL Injection Vulnerability

Tiny Tiny RSS is an open source RSS Really Simple Syndication reader written in PHP. forgotpass component is one of the password recovery component. A SQL injection vulnerability exists in the classes/handler/public.php file of the forgotpass component in Tiny Tiny RSS version 17.4. A remote...

9.8CVSS8.4AI score0.01478EPSS
Exploits0References1
NVD
NVD
added 2017/11/20 4:29 p.m.23 views

CVE-2017-16896

A SQL injection in classes/handler/public.php in the forgotpass component of Tiny Tiny RSS 17.4 exists via the login parameter...

9.8CVSS9.9AI score0.01478EPSS
Exploits0References2
OSV
OSV
added 2017/11/20 4:29 p.m.3 views

DEBIAN-CVE-2017-16896

A SQL injection in classes/handler/public.php in the forgotpass component of Tiny Tiny RSS 17.4 exists via the login parameter...

9.8CVSS8.1AI score0.01478EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2017/11/20 4:29 p.m.25 views

CVE-2017-16896

A SQL injection in classes/handler/public.php in the forgotpass component of Tiny Tiny RSS 17.4 exists via the login parameter...

9.8CVSS7.2AI score0.01478EPSS
Exploits0References3
Prion
Prion
added 2017/11/20 4:29 p.m.13 views

Sql injection

A SQL injection in classes/handler/public.php in the forgotpass component of Tiny Tiny RSS 17.4 exists via the login parameter...

7.5CVSS9.8AI score0.01478EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2017/11/20 4:29 p.m.3 views

UBUNTU-CVE-2017-16896

A SQL injection in classes/handler/public.php in the forgotpass component of Tiny Tiny RSS 17.4 exists via the login parameter...

9.8CVSS5.9AI score0.01478EPSS
Exploits0References4
OSV
OSV
added 2017/11/20 4:29 p.m.5 views

CVE-2017-16896

A SQL injection in classes/handler/public.php in the forgotpass component of Tiny Tiny RSS 17.4 exists via the login parameter...

9.8CVSS9.9AI score
Exploits0References2
Rows per page
Query Builder