76 matches found
UBUNTU-CVE-2020-25788
An issue was discovered in Tiny Tiny RSS aka tt-rss before 2020-09-16. imgproxy in plugins/afproxyhttp/init.php mishandles $REQUEST"url" in an error message...
CVE-2020-25787
An issue was discovered in Tiny Tiny RSS aka tt-rss before 2020-09-16. It does not validate all URLs before requesting them...
CVE-2020-25787
CVE-2020-25787 affects Tiny Tiny RSS (tt-rss) prior to 2020-09-16. The issue is that tt-rss does not validate all URLs before requesting them, enabling potential remote code execution as described by multiple sources. A number of connected documents provide concrete details: a known remote code e...
CVE-2020-25787
An issue was discovered in Tiny Tiny RSS aka tt-rss before 2020-09-16. It does not validate all URLs before requesting them...
CVE-2020-25788
Tiny Tiny RSS (tt-rss) before 2020-09-16 contains a vulnerability in imgproxy (plugins/af_proxy_http/init.php) where $_REQUEST["url"] is mishandled in an error message. Root cause: improper handling of the URL parameter in error output. Impact indicators in the provided data show high severity (C...
CVE-2020-25788
An issue was discovered in Tiny Tiny RSS aka tt-rss before 2020-09-16. imgproxy in plugins/afproxyhttp/init.php mishandles $REQUEST"url" in an error message...
CVE-2020-25788
An issue was discovered in Tiny Tiny RSS aka tt-rss before 2020-09-16. imgproxy in plugins/afproxyhttp/init.php mishandles $REQUEST"url" in an error message...
CVE-2020-25789
CVE-2020-25789 concerns Tiny Tiny RSS (tt-rss) before 2020-09-16. The issue, described across connected sources, is that the cached_url feature mishandles JavaScript inside an SVG document. The available documents denote this as the root cause but do not provide explicit exploit paths, affected v...
CVE-2020-25789
An issue was discovered in Tiny Tiny RSS aka tt-rss before 2020-09-16. The cachedurl feature mishandles JavaScript inside an SVG document...
CVE-2020-25789
An issue was discovered in Tiny Tiny RSS aka tt-rss before 2020-09-16. The cachedurl feature mishandles JavaScript inside an SVG document...
PT-2020-16209
Name of the Vulnerable Software and Affected Versions Tiny Tiny RSS versions prior to 2020-09-16 Description An issue was discovered in the cached url feature, which mishandles JavaScript inside an SVG document. This issue affects Tiny Tiny RSS. Recommendations For versions prior to 2020-09-16,...
PT-2020-16208
Name of the Vulnerable Software and Affected Versions Tiny Tiny RSS versions prior to 2020-09-16 Description A problem was discovered in Tiny Tiny RSS where the imgproxy function in the plugins/af proxy http/init.php file mishandles the url variable in an error message. Recommendations For versio...
PT-2020-16207
Name of the Vulnerable Software and Affected Versions Tiny Tiny RSS tt-rss versions prior to 2020-09-16 Description The issue is related to the failure of Tiny Tiny RSS to validate all URLs before requesting them. This could potentially lead to unauthorized access or other security issues...
Tiny Tiny RSS SQL Injection Vulnerability
Tiny Tiny RSS is an open source RSS Really Simple Syndication reader written in PHP. forgotpass component is one of the password recovery component. A SQL injection vulnerability exists in the classes/handler/public.php file of the forgotpass component in Tiny Tiny RSS version 17.4. A remote...
CVE-2017-16896
A SQL injection in classes/handler/public.php in the forgotpass component of Tiny Tiny RSS 17.4 exists via the login parameter...
DEBIAN-CVE-2017-16896
A SQL injection in classes/handler/public.php in the forgotpass component of Tiny Tiny RSS 17.4 exists via the login parameter...
CVE-2017-16896
A SQL injection in classes/handler/public.php in the forgotpass component of Tiny Tiny RSS 17.4 exists via the login parameter...
Sql injection
A SQL injection in classes/handler/public.php in the forgotpass component of Tiny Tiny RSS 17.4 exists via the login parameter...
UBUNTU-CVE-2017-16896
A SQL injection in classes/handler/public.php in the forgotpass component of Tiny Tiny RSS 17.4 exists via the login parameter...
CVE-2017-16896
A SQL injection in classes/handler/public.php in the forgotpass component of Tiny Tiny RSS 17.4 exists via the login parameter...