Cross-site Scripting (XSS)

Overview UmbracoCms.Core is an ASP.NET CMS. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper user-input sanitization. An authenticated user can inject arbitrary JavaScript code into IFrames when editing content using the TinyMCE rich-text editor, as...

new packages: perl-Try-Tiny

An update is available for perl-Try-Tiny. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

new packages: perl-HTTP-Tiny

An update is available for perl-HTTP-Tiny. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

new packages: perl-Exporter-Tiny

An update is available for perl-Exporter-Tiny. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

CVE-2021-27439

TencentOS-tiny version 3.1.0 is vulnerable to integer wrap-around in function 'tosmmheapalloc incorrect calculation of effective memory allocation size. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code...

CVE-2021-27439

TencentOS-tiny version 3.1.0 is vulnerable to integer wrap-around in function 'tosmmheapalloc incorrect calculation of effective memory allocation size. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code...

Integer overflow

TencentOS-tiny version 3.1.0 is vulnerable to integer wrap-around in function 'tosmmheapalloc incorrect calculation of effective memory allocation size. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code...

CVE-2021-27439 TencentOS-tiny Integer Overflow or Wraparound

TencentOS-tiny version 3.1.0 is vulnerable to integer wrap-around in function 'tosmmheapalloc incorrect calculation of effective memory allocation size. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code...

CVE-2021-27439 TencentOS-tiny Integer Overflow or Wraparound

TencentOS-tiny version 3.1.0 is vulnerable to integer wrap-around in function 'tosmmheapalloc incorrect calculation of effective memory allocation size. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code...

CVE-2021-27439

TencentOS-tiny 3.1.0 is reported vulnerable to an integer wrap-around in the tos_mmheap_alloc path, causing incorrect calculation of the allocation size and potentially arbitrary memory allocation, crashes, or remote code execution. The Red Hat/RH CVE entry and multiple references confirm the vul...

[SECURITY] Fedora 36 Update: svg2svgt-0.9.6-14.fc36

Library and tools to convert SVG images to SVG Tiny, the subset of SVG implemented by QtSvg...

CVE-2020-25180 Rockwell Automation ISaGRAF5 Runtime Use of Hard-coded Cryptographic Key

Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x includes the functionality of setting a password that is required to execute privileged commands. The password value passed to ISaGRAF Runtime is the result of encryption performed with a fixed key value using the tiny encryption algorithm...

Tiny File Manager 2.4.6 Shell Upload

Exploit Title: Tiny File Manager 2.4.6 - Remote Code Execution RCE Date: 14/03/2022 Exploit Author: FEBIN MON SAJI Software Link: https://github.com/prasathmani/tinyfilemanager Version: Tiny File Manager Example: $0 http://files.ubuntu.local/index.php admin "admin@123" " log-in URL=$1 admin=$2...

CVE-2021-45010

A path traversal vulnerability in the file upload functionality in tinyfilemanager.php in Tiny File Manager before 2.4.7 allows remote attackers with valid user accounts to upload malicious PHP files to the webroot, leading to code execution...

CVE-2021-45010

A path traversal vulnerability in the file upload functionality in tinyfilemanager.php in Tiny File Manager before 2.4.7 allows remote attackers with valid user accounts to upload malicious PHP files to the webroot, leading to code execution...

CVE-2021-45010

Tiny File Manager (prasathmani) contains a path traversal vulnerability in tinyfilemanager.php’s file-upload functionality up to v2.4.7. An authenticated user can upload PHP files and, due to a root-cause mismatch in the upload handler (saving via $_REQUEST['fullpath'] while validating via $_FILE...

Tiny File Manager路径遍历漏洞

Tiny File Manager is a web-based open source file manager. A path traversal vulnerability in the tinyfilemanager.php file upload function in Tiny File Manager 2.4.1 allows remote attackers to upload malicious PHP files to the webroot using a valid user account and achieve code execution on the...

Tiny File Manager 2.4.3 Shell Upload

Tiny File Manager Example: ./exploit.sh http://files.ubuntu.local/index.php admin "admin@123" https://github.com/febinrev/tinyfilemanager-2.4.3-exploit !/bin/bash check which curl if $? = 0 then printf "✔ Curl found! \n" else printf "❌ Curl not found! \n" exit fi which jq if $? = 0 then printf "✔...

Path Traversal in prasathmani/tinyfilemanager

Description A Path Traversal vulnerability exists in Tiny File Manager, which allows the upload of files to an arbitrary location in the server. This flaw derives from the way that the file upload/creation is handled when a file with the same name already exists in the target directory. Affected...

Mageia: Security Advisory (MGASA-2018-0428)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...