CVE-2022-45475

Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to access the application's internal files. This is possible because the application is vulnerable to broken access control...

CVE-2022-45476

Tiny File Manager version 2.4.8 executes the code of files uploaded by users of the application, instead of just returning them for download. This is possible because the application is vulnerable to insecure file upload...

PT-2025-22818 · Unknown · Tiny File Manager

Name of the Vulnerable Software and Affected Versions: TinyFileManager version 2.4.7 Description: A stored cross-site scripting XSS issue in the /tinyfilemanager.php component allows attackers to execute arbitrary JavaScript or HTML by injecting a crafted payload into the js-theme-3 parameter. Th...

CVE-2022-30273

The Motorola MDLC protocol through 2022-05-02 mishandles message integrity. It supports three security modes: Plain, Legacy Encryption, and New Encryption. In Legacy Encryption mode, traffic is encrypted via the Tiny Encryption Algorithm TEA block-cipher in ECB mode. This mode of operation does n...

CVE-2021-45010

A path traversal vulnerability in the file upload functionality in tinyfilemanager.php in Tiny File Manager before 2.4.7 allows remote attackers with valid user accounts to upload malicious PHP files to the webroot, leading to code execution...

CVE-2020-25787

An issue was discovered in Tiny Tiny RSS aka tt-rss before 2020-09-16. It does not validate all URLs before requesting them...

CVE-2020-25789

An issue was discovered in Tiny Tiny RSS aka tt-rss before 2020-09-16. The cachedurl feature mishandles JavaScript inside an SVG document...

CVE-2020-25788

An issue was discovered in Tiny Tiny RSS aka tt-rss before 2020-09-16. imgproxy in plugins/afproxyhttp/init.php mishandles $REQUEST"url" in an error message...

CVE-2019-9754

An issue was discovered in Tiny C Compiler aka TinyCC or TCC 0.9.27. Compiling a crafted source file leads to an 1 byte out of bounds write in the endmacro function in tccpp.c...

CVE-2019-9002

An issue was discovered in Tiny Issue 1.3.1 and pixeline Bugs through 1.3.2c. install/config-setup.php allows remote attackers to execute arbitrary PHP code via the databasehost parameter if the installer remains present in its original directory after installation is completed...

CVE-2012-1409

Unspecified vulnerability in the Tiny Password com.tinycouch.android.freepassword application 1.64 for Android has unknown impact and attack vectors...

CVE-2017-16896

A SQL injection in classes/handler/public.php in the forgotpass component of Tiny Tiny RSS 17.4 exists via the login parameter...

CVE-2010-4888

SQL injection vulnerability in the Tiny Market hmtinymarket extension 0.5.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

CVE-2010-4889

Unspecified vulnerability in the Tiny Market hmtinymarket extension 0.5.4 and earlier for TYPO3 allows attackers to execute arbitrary code via unknown vectors...

CVE-2008-0937

SQL injection vulnerability in index.php in the Tiny Event tinyevent 1.01 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter in a print action, a different vector than CVE-2007-1811...

CVE-2002-1925

Tiny Personal Firewall 3.0 through 3.0.6 allows remote attackers to cause a denial of service crash by via SYN, UDP, ICMP and TCP portscans when the administrator selects the Log tab of the Personal Firewall Agent module...

Alibaba Cloud Linux 3 : 0002: perl-HTTP-Tiny (ALINUX3-SA-2024:0002)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2024:0002 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2023-31486: HTTP::Tiny before 0.083, a Perl cor...

perl-HTTP-Tiny bug fix and enhancement update

An update is available for perl-HTTP-Tiny. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Lin...

CVE-2025-3051

Linux::Statm::Tiny for Perl before 0.0701 allows untrusted code from the current working directory '.' to be loaded similar to CVE-2016-1238. If an attacker can place a malicious file in current working directory, it may be loaded instead of the intended file, potentially leading to arbitrary cod...

CVE-2025-3051

Linux::Statm::Tiny for Perl before 0.0701 allows untrusted code from the current working directory '.' to be loaded similar to CVE-2016-1238. If an attacker can place a malicious file in current working directory, it may be loaded instead of the intended file, potentially leading to arbitrary cod...