Design/Logic Flaw

Tiny Tiny RSS before 829d478f is vulnerable to XSS window.opener attack...

CVE-2017-1000035

CVE-2017-1000035 affects Tiny Tiny RSS prior to 829d478f, where an XSS window.opener vulnerability exists. The root cause is a cross-site scripting flaw in the application’s handling of window.opener context, potentially allowing script injection in affected sessions. Referenced patch/commit 829d...

CVE-2017-1000035

Tiny Tiny RSS before 829d478f is vulnerable to XSS window.opener attack...

CVE-2017-1000035

Tiny Tiny RSS before 829d478f is vulnerable to XSS window.opener attack...

Directory Traversal

Overview Affected versions of tiny-http resolve relative file paths, resulting in a directory traversal vulnerability. A malicious actor can use this vulnerability to access files outside of the intended directory root, which may result in the disclosure of private files on the vulnerable system...

Cross-Site Request Forgery Vulnerability in TinyShop

TinyShop is an e-commerce system online store system based on the Tiny framework, suitable for businesses and individuals to quickly build a personalized online store. TinyShop is vulnerable to cross-site request forgery. As the program fails to filter user input, an attacker can exploit the...

Multiple Cross-Site Scripting Vulnerabilities in Wordpress Plugin tiny-bootstrap-elements-light

WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. Multiple cross-site scripting vulnerabilities exist in the Wordpress plugin tiny-bootstrap-elements-light. The program fails to filter user-supplied input, allowing...

Tiny Tiny RSS SQL Injection Vulnerability

A blind injection vulnerability exists in $itemid in Tiny Tiny RSS processcategoryorder. An attacker is able to connect to the library database and execute database statements...

Tiny Dino World - Customized SSL, Dangerous filesystem permissions, Redefined SSL Common Names verifier vulnerabilities

HackApp vulnerability scanner discovered that application Tiny Dino World published at the 'play' market has multiple vulnerabilities...

Tiny Dice Dungeon - Customized SSL, Dangerous filesystem permissions, WebView SSL handling enabled vulnerabilities

HackApp vulnerability scanner discovered that application Tiny Dice Dungeon published at the 'play' market has multiple vulnerabilities...

Tiny Piano - Dynamic Code Loading, External URLs, Suspicious files vulnerabilities

HackApp vulnerability scanner discovered that application Tiny Piano published at the 'play' market has multiple vulnerabilities...

Tiny Piano - Customized SSL, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Tiny Piano published at the 'play' market has multiple vulnerabilities...

My Tiny Pet - Customized SSL, Exported ContentProvider, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application My Tiny Pet published at the 'play' market has multiple vulnerabilities...

Tiny Spy - Base64 encoded String, Customized SSL, Exported ContentProvider vulnerabilities

HackApp vulnerability scanner discovered that application Tiny Spy published at the 'play' market has multiple vulnerabilities...

Tiny Miner - Dangerous filesystem permissions, MIT license, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Tiny Miner published at the 'play' market has multiple vulnerabilities...

Tiny Troopers 2: Special Ops - Base64 encoded String, Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Tiny Troopers 2: Special Ops published at the 'play' market has multiple vulnerabilities...

Tiny Fax - Send Fax from Phone - Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Tiny Fax - Send Fax from Phone published at the 'play' market has multiple vulnerabilities...

Tiny Scanner - PDF Scanner App - Apache license, BSD license, Customized SSL vulnerabilities

HackApp vulnerability scanner discovered that application Tiny Scanner - PDF Scanner App published at the 'play' market has multiple vulnerabilities...

Tiny Tiny RSS - Blind SQL Injection

Exploit for php platform in category web applications Exploit Title: Tiny Tiny RSS Blind SQL Injection Date: 15-02-2016 Software Link: http://tt-rss.org/ Exploit Author: Kacper Szurek Contact: http://twitter.com/KacperSzurek Website: http://security.szurek.pl/ Category: webapps 1. Description...

Tiny Tiny RSS Blind SQL Injection

Exploit Title: Tiny Tiny RSS Blind SQL Injection Date: 15-02-2016 Software Link: http://tt-rss.org/ Exploit Author: Kacper Szurek Contact: http://twitter.com/KacperSzurek Website: http://security.szurek.pl/ Category: webapps 1. Description $itemid inside processcategoryorder is not properly...