76 matches found
CVE-2017-16896
CVE-2017-16896 affects Tiny Tiny RSS 17.4, specifically the forgotpass component’s login parameter. Multiple connected entries confirm a SQL injection in classes/handler/public.php, producing high/severe impact (NVD metrics: CVSSv2 7.5 MED/ HIGH; CVSSv3 9.8 CRITICAL) with network reach and no aut...
CVE-2017-16896
A SQL injection in classes/handler/public.php in the forgotpass component of Tiny Tiny RSS 17.4 exists via the login parameter...
CVE-2017-16896
A SQL injection in classes/handler/public.php in the forgotpass component of Tiny Tiny RSS 17.4 exists via the login parameter...
Tiny Tiny RSS Cross-Site Scripting Vulnerability
Tiny Tiny RSS is an open source use of PHP language written RSS RSS Simple Syndication reader . A cross-site scripting vulnerability exists in previous versions of Tiny Tiny RSS 829d478f. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML...
CVE-2017-1000035
Tiny Tiny RSS before 829d478f is vulnerable to XSS window.opener attack...
DEBIAN-CVE-2017-1000035
Tiny Tiny RSS before 829d478f is vulnerable to XSS window.opener attack...
CVE-2017-1000035
Tiny Tiny RSS before 829d478f is vulnerable to XSS window.opener attack...
CVE-2017-1000035
Tiny Tiny RSS before 829d478f is vulnerable to XSS window.opener attack...
Design/Logic Flaw
Tiny Tiny RSS before 829d478f is vulnerable to XSS window.opener attack...
UBUNTU-CVE-2017-1000035
Tiny Tiny RSS before 829d478f is vulnerable to XSS window.opener attack...
CVE-2017-1000035
Tiny Tiny RSS before 829d478f is vulnerable to XSS window.opener attack...
CVE-2017-1000035
Tiny Tiny RSS before 829d478f is vulnerable to XSS window.opener attack...
CVE-2017-1000035
CVE-2017-1000035 affects Tiny Tiny RSS prior to 829d478f, where an XSS window.opener vulnerability exists. The root cause is a cross-site scripting flaw in the application’s handling of window.opener context, potentially allowing script injection in affected sessions. Referenced patch/commit 829d...
Tiny Tiny RSS SQL Injection Vulnerability
A blind injection vulnerability exists in $itemid in Tiny Tiny RSS processcategoryorder. An attacker is able to connect to the library database and execute database statements...
Tiny Tiny RSS Blind SQL Injection
Exploit Title: Tiny Tiny RSS Blind SQL Injection Date: 15-02-2016 Software Link: http://tt-rss.org/ Exploit Author: Kacper Szurek Contact: http://twitter.com/KacperSzurek Website: http://security.szurek.pl/ Category: webapps 1. Description $itemid inside processcategoryorder is not properly...
Tiny Tiny RSS - Blind SQL Injection
Exploit for php platform in category web applications Exploit Title: Tiny Tiny RSS Blind SQL Injection Date: 15-02-2016 Software Link: http://tt-rss.org/ Exploit Author: Kacper Szurek Contact: http://twitter.com/KacperSzurek Website: http://security.szurek.pl/ Category: webapps 1. Description...