PT-2020-19745 · Tiny-Conf · Tiny-Conf

Name of the Vulnerable Software and Affected Versions: tiny-conf versions prior to 1.1.1 is not mentioned, however, all versions up to and including 1.1.0 are vulnerable, so: tiny-conf versions up to and including 1.1.0 Description: The issue is related to Prototype Pollution via the set function...

grunt-kevoree (>=0.3.0 <=6.0.0-alpha.1), grunt-kevoree-registry (>=3.0.0 <=4.0.0-alpha) +9 more potentially affected by CVE-2020-7724 via tiny-conf (=1.1.0)

tiny-conf NPM version =1.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on tiny-conf and may be impacted: - grunt-kevoree =0.3.0, =3.0.0, =5.7.0, =4.0.0, =5.5.0-alpha, =0.3.0, =1.6.0, =1.0.0-alpha, =1.0.1, =1.0.0, =1.0.2 Source cves: CVE-2020-7724...

Prototype Pollution

Overview tiny-conf is a Node.js configuration with files, environment variables, command-line arguments, ... pluggable architecture in order to work in the browser & server-side Affected versions of this package are vulnerable to Prototype Pollution via the set function. POC const tinyConf =...

Cross-site scripting vulnerability in TinyMCE

Impact A cross-site scripting XSS vulnerability was discovered in the core parser. The vulnerability allowed arbitrary JavaScript execution when inserting a specially crafted piece of content into the editor via the clipboard or APIs. This impacts all users who are using TinyMCE 4.9.10 or lower a...

@ahone/svg2canvas (>=0.0.1 <=0.0.7), @lx-frontend/svg2canvas (=0.0.1) +2 more potentially affected by CVE-2020-7686 via rollup-plugin-server (=0.7.0)

rollup-plugin-server NPM version =0.7.0 is affected by a known vulnerability. The following packages have a transitive dependency on rollup-plugin-server and may be impacted: - @ahone/svg2canvas =0.0.1, =9.1.0, =9.1.2 Source cves: CVE-2020-7686 Source advisory: OSV:GHSA-VR98-27QJ-3C8Q...

HTTP Request Smuggling

Amendment This was deemed not a vulnerability. Overview tiny-http is a Low level HTTP server library Affected versions of this package are vulnerable to HTTP Request Smuggling. HTTP pipelining issues and request smuggling attacks might be possible due to incorrect Transfer encoding header parsing...

Tiny File Manager Path Traversal Vulnerability

Tiny File Manager is a web-based open source file manager. A path traversal vulnerability exists in Tiny File Manager. An attacker can use this vulnerability to place a copy of a backup file in a different directory...

Tiny File Manager path traversal vulnerability (CNVD-2020-27486)

Tiny File Manager is a web-based open source file manager. Tiny File Manager path traversal vulnerability. An attacker can use this vulnerability to enumerate directories and files on the file system...

CVE-2020-12103

In Tiny File Manager 2.4.1 there is a vulnerability in the ajax file backup copy functionality which allows authenticated users to create backup copies of files with .bak extension outside the scope in the same directory in which they are stored...

CVE-2020-12103

In Tiny File Manager 2.4.1 there is a vulnerability in the ajax file backup copy functionality which allows authenticated users to create backup copies of files with .bak extension outside the scope in the same directory in which they are stored...

CVE-2020-12102

In Tiny File Manager 2.4.1, there is a Path Traversal vulnerability in the ajax recursive directory listing functionality. This allows authenticated users to enumerate directories and files on the filesystem outside of the application scope...

CVE-2020-12102

In Tiny File Manager 2.4.1, there is a Path Traversal vulnerability in the ajax recursive directory listing functionality. This allows authenticated users to enumerate directories and files on the filesystem outside of the application scope...

Path traversal

In Tiny File Manager 2.4.1, there is a Path Traversal vulnerability in the ajax recursive directory listing functionality. This allows authenticated users to enumerate directories and files on the filesystem outside of the application scope...

CVE-2020-12103

In Tiny File Manager 2.4.1 there is a vulnerability in the ajax file backup copy functionality which allows authenticated users to create backup copies of files with .bak extension outside the scope in the same directory in which they are stored...

CVE-2020-12103

Tiny File Manager 2.4.1 contains a vulnerability in the ajax file backup copy functionality that allows authenticated users to create backup copies (.bak) outside the intended scope in the same directory. The issue is due to a flaw in the backup copy feature. Remediation suggested in the connecte...

CVE-2020-12102

CVE-2020-12102 concerns Tiny File Manager 2.4.1 where a Path Traversal vulnerability exists in the ajax recursive directory listing. This enables authenticated users to enumerate directories and files on the filesystem outside the application scope. Connected sources describe the same impact and ...

CVE-2020-12102

In Tiny File Manager 2.4.1, there is a Path Traversal vulnerability in the ajax recursive directory listing functionality. This allows authenticated users to enumerate directories and files on the filesystem outside of the application scope...

PT-2020-13035

Name of the Vulnerable Software and Affected Versions Tiny File Manager version 2.4.1 Description The issue allows authenticated users to create backup copies of files with a .bak extension outside the intended scope in the same directory where they are stored. This is due to a vulnerability in t...

PT-2020-13034

Name of the Vulnerable Software and Affected Versions Tiny File Manager version 2.4.1 Description The issue allows authenticated users to enumerate directories and files on the filesystem outside of the application scope due to a Path Traversal vulnerability in the ajax recursive directory listin...

Tiny File Manager Code Execution Vulnerability

Tiny File Manager is a web-based open source file manager. A security vulnerability exists in Tiny File Manager versions prior to 2.3.9. An attacker can exploit this vulnerability to execute code...