Lucene search

K

Tiny Security Vulnerabilities

cve
cve

CVE-2020-12103

In Tiny File Manager 2.4.1 there is a vulnerability in the ajax file backup copy functionality which allows authenticated users to create backup copies of files (with .bak extension) outside the scope in the same directory in which they are...

7.7CVSS

7.3AI Score

0.001EPSS

2020-04-28 10:15 PM
55
cve
cve

CVE-2020-12102

In Tiny File Manager 2.4.1, there is a Path Traversal vulnerability in the ajax recursive directory listing functionality. This allows authenticated users to enumerate directories and files on the filesystem (outside of the application...

7.7CVSS

7.3AI Score

0.002EPSS

2020-04-28 09:15 PM
55
cve
cve

CVE-2024-21908

TinyMCE versions before 5.9.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could insert crafted HTML into the editor resulting in arbitrary JavaScript execution in another user's...

6.1CVSS

5.9AI Score

0.002EPSS

2024-01-03 04:15 PM
9
cve
cve

CVE-2024-21910

TinyMCE versions before 5.10.0 are affected by a cross-site scripting vulnerability. A remote and unauthenticated attacker could introduce crafted image or link URLs that would result in the execution of arbitrary JavaScript in an editing user's...

6.1CVSS

6.1AI Score

0.004EPSS

2024-01-03 04:15 PM
23
cve
cve

CVE-2024-21911

TinyMCE versions before 5.6.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could insert crafted HTML into the editor resulting in arbitrary JavaScript execution in another user's...

6.1CVSS

5.9AI Score

0.004EPSS

2024-01-03 04:15 PM
16
cve
cve

CVE-2023-48219

TinyMCE is an open source rich text editor. A mutation cross-site scripting (mXSS) vulnerability was discovered in TinyMCE’s core undo/redo functionality and other APIs and plugins. Text nodes within specific parents are not escaped upon serialization according to the HTML standard. If such text...

6.1CVSS

5.7AI Score

0.001EPSS

2023-11-15 07:15 PM
58
cve
cve

CVE-2019-10012

Jenzabar JICS (aka Internet Campus Solution) before 9 allows remote attackers to upload and execute arbitrary .aspx code by placing it in a ZIP archive and using the MoxieManager (for .NET) plugin before 2.1.4 in the moxiemanager directory within the installation folder...

7.5CVSS

7.8AI Score

0.003EPSS

2019-03-25 07:29 PM
27
cve
cve

CVE-2020-35884

An issue was discovered in the tiny_http crate through 2020-06-16 for Rust. HTTP Request smuggling can occur via a malformed Transfer-Encoding...

6.5CVSS

6.2AI Score

0.001EPSS

2020-12-31 10:15 AM
31
2
cve
cve

CVE-2022-45475

Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to access the application's internal files. This is possible because the application is vulnerable to broken access...

6.5CVSS

6.5AI Score

0.003EPSS

2022-11-25 06:15 PM
29
6
cve
cve

CVE-2022-45476

Tiny File Manager version 2.4.8 executes the code of files uploaded by users of the application, instead of just returning them for download. This is possible because the application is vulnerable to insecure file...

9.8CVSS

9.4AI Score

0.003EPSS

2022-11-25 06:15 PM
29
2
cve
cve

CVE-2022-23044

Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to persuade users to perform unintended actions within the application. This is possible because the application is vulnerable to...

8.8CVSS

8.6AI Score

0.002EPSS

2022-11-25 05:15 PM
42
8
cve
cve

CVE-2023-45819

TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s Notification Manager API. The vulnerability exploits TinyMCE's unfiltered notification system, which is used in error handling. The conditions for this exploit requires carefully...

6.1CVSS

6AI Score

0.001EPSS

2023-10-19 10:15 PM
32
cve
cve

CVE-2023-45818

TinyMCE is an open source rich text editor. A mutation cross-site scripting (mXSS) vulnerability was discovered in TinyMCE’s core undo and redo functionality. When a carefully-crafted HTML snippet passes the XSS sanitisation layer, it is manipulated as a string by internal trimming functions...

6.1CVSS

5.7AI Score

0.001EPSS

2023-10-19 10:15 PM
40
cve
cve

CVE-2023-31486

HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify...

8.1CVSS

7.9AI Score

0.003EPSS

2023-04-29 12:15 AM
75
cve
cve

CVE-2022-23494

tinymce is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in the alert and confirm dialogs when these dialogs were provided with malicious HTML content. This can occur in plugins that use the alert or confirm dialogs, such as in the image plugin, which...

6.1CVSS

6AI Score

0.002EPSS

2022-12-08 10:15 PM
65
cve
cve

CVE-2020-7724

All versions of package tiny-conf are vulnerable to Prototype Pollution via the set...

9.8CVSS

9.4AI Score

0.005EPSS

2020-09-01 10:15 AM
23
cve
cve

CVE-2022-39287

tiny-csrf is a Node.js cross site request forgery (CSRF) protection middleware. In versions prior to 1.1.0 cookies were not encrypted and thus CSRF tokens were transmitted in the clear. This issue has been addressed in commit 8eead6d and the patch with be included in version 1.1.0. Users are...

8.1CVSS

6.5AI Score

0.001EPSS

2022-10-07 08:15 PM
26
4
cve
cve

CVE-2002-1925

Tiny Personal Firewall 3.0 through 3.0.6 allows remote attackers to cause a denial of service (crash) by via SYN, UDP, ICMP and TCP portscans when the administrator selects the Log tab of the Personal Firewall Agent...

7AI Score

0.004EPSS

2022-10-03 04:23 PM
21
cve
cve

CVE-2001-1549

Tiny Personal Firewall 1.0 and 2.0 allows local users to bypass filtering via non-standard TCP packets created with non-Windows protocol...

6.8AI Score

0.0004EPSS

2022-10-03 04:22 PM
25
cve
cve

CVE-2019-9002

An issue was discovered in Tiny Issue 1.3.1 and pixeline Bugs through 1.3.2c. install/config-setup.php allows remote attackers to execute arbitrary PHP code via the database_host parameter if the installer remains present in its original directory after installation is...

9.8CVSS

9.8AI Score

0.004EPSS

2022-10-03 04:19 PM
22
cve
cve

CVE-2022-1846

The Tiny Contact Form WordPress plugin through 0.7 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF...

4.3CVSS

4.5AI Score

0.001EPSS

2022-06-27 09:15 AM
48
8
cve
cve

CVE-2021-27439

TencentOS-tiny version 3.1.0 is vulnerable to integer wrap-around in function 'tos_mmheap_alloc incorrect calculation of effective memory allocation size. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code...

9.8CVSS

9.5AI Score

0.003EPSS

2022-05-03 09:15 PM
51
6
cve
cve

CVE-2022-1000

Path Traversal in GitHub repository prasathmani/tinyfilemanager prior to...

9.8CVSS

9.5AI Score

0.002EPSS

2022-03-17 11:15 AM
55
cve
cve

CVE-2021-45010

A path traversal vulnerability in the file upload functionality in tinyfilemanager.php in Tiny File Manager before 2.4.7 allows remote attackers (with valid user accounts) to upload malicious PHP files to the webroot, leading to code...

8.8CVSS

7.7AI Score

0.166EPSS

2022-03-15 12:15 PM
79
2
cve
cve

CVE-2021-23562

This affects the package plupload before 2.3.9. A file name containing JavaScript code could be uploaded and run. An attacker would need to trick a user to upload this kind of...

8.8CVSS

8.5AI Score

0.003EPSS

2021-12-03 08:15 PM
31
7
cve
cve

CVE-2021-37573

A reflected cross-site scripting (XSS) vulnerability in the web server TTiny Java Web Server and Servlet Container (TJWS) <=1.115 allows an adversary to inject malicious code on the server's "404 Page not Found" error...

6.1CVSS

5.9AI Score

0.003EPSS

2021-08-09 01:15 PM
32
4
cve
cve

CVE-2020-36438

An issue was discovered in the tiny_future crate before 0.4.0 for Rust. Future does not have bounds on its Send and Sync...

8.1CVSS

7.9AI Score

0.002EPSS

2021-08-08 06:15 AM
77
4
cve
cve

CVE-2020-12648

A cross-site scripting (XSS) vulnerability in TinyMCE 5.2.1 and earlier allows remote attackers to inject arbitrary web script when configured in classic editing...

6.1CVSS

5.8AI Score

0.001EPSS

2020-08-14 02:15 PM
47
cve
cve

CVE-2020-17480

TinyMCE before 4.9.7 and 5.x before 5.1.4 allows XSS in the core parser, the paste plugin, and the visualchars plugin by using the clipboard or APIs to insert content into the...

6.1CVSS

5.7AI Score

0.001EPSS

2020-08-10 08:15 PM
56
2
cve
cve

CVE-2011-4908

TinyBrowser plugin for Joomla! before 1.5.13 allows arbitrary file upload via...

9.8CVSS

9.5AI Score

0.642EPSS

2020-02-12 10:15 PM
48
cve
cve

CVE-2011-4906

Tiny browser in TinyMCE 3.0 editor in Joomla! before 1.5.13 allows file upload and arbitrary PHP code...

9.8CVSS

9.7AI Score

0.089EPSS

2020-02-12 09:15 PM
46
cve
cve

CVE-2019-16790

In Tiny File Manager before 2.3.9, there is a remote code execution via Upload from URL and Edit/Rename files. Only authenticated users are...

8.8CVSS

8.9AI Score

0.005EPSS

2019-12-30 08:15 PM
51
cve
cve

CVE-2019-1010091

tinymce 4.7.11, 4.7.12 is affected by: CWE-79: Improper Neutralization of Input During Web Page Generation. The impact is: JavaScript code execution. The component is: Media element. The attack vector is: The victim must paste malicious content to media element's embed...

6.1CVSS

6.3AI Score

0.001EPSS

2019-07-17 05:15 PM
38
cve
cve

CVE-2017-16097

tiny-http is a simple http server. tiny-http is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the...

7.5CVSS

7.4AI Score

0.007EPSS

2018-06-07 02:29 AM
30
cve
cve

CVE-2018-1000096

brianleroux tiny-json-http version all versions since commit 9b8e74a232bba4701844e07bcba794173b0238a8 (Oct 29 2016) contains a Missing SSL certificate validation vulnerability in The libraries core functionality is affected. that can result in Exposes the user to man-in-the-middle...

8.1CVSS

7.6AI Score

0.001EPSS

2018-03-13 01:29 AM
25
cve
cve

CVE-2006-7137

Cross-site scripting (XSS) vulnerability in TinyPortal before 0.8.6 allows remote attackers to inject arbitrary web script or HTML via the...

5.9AI Score

0.002EPSS

2007-03-07 12:19 AM
17
cve
cve

CVE-2002-0349

Tiny Personal Firewall (TPF) 2.0.15, under certain configurations, will pop up an alert to the system even when the screen is locked, which could allow an attacker with physical access to the machine to hide activities or bypass access...

6.7AI Score

0.002EPSS

2002-06-25 04:00 AM
15