CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2019-9002
https://notcve.org/view.php?id=CVE-2019-9002
22 Feb 2019 — An issue was discovered in Tiny Issue 1.3.1 and pixeline Bugs through 1.3.2c. install/config-setup.php allows remote attackers to execute arbitrary PHP code via the database_host parameter if the installer remains present in its original directory after installation is completed. Se ha descubierto un problema en Tiny Issue 1.3.1 y pixeline Bugs hasta la versión 1.3.2c. install/config-setup.php permite que los atacantes remotos ejecuten código PHP arbitrario mediante el parámetro database_host si el instalad... • https://github.com/mikelbring/tinyissue/issues/237 • CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2017-16097
https://notcve.org/view.php?id=CVE-2017-16097
07 Jun 2018 — tiny-http is a simple http server. tiny-http is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. "tiny-http" es un servidor http sencillo. "tiny-http" es vulnerable a un problema de salto de directorio que otorga a un atacante acceso al sistema de archivos colocando "../" en la URL. • https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/tiny- • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-1000096
https://notcve.org/view.php?id=CVE-2018-1000096
13 Mar 2018 — brianleroux tiny-json-http version all versions since commit 9b8e74a232bba4701844e07bcba794173b0238a8 (Oct 29 2016) contains a Missing SSL certificate validation vulnerability in The libraries core functionality is affected. that can result in Exposes the user to man-in-the-middle attacks. brianleroux tiny-json-http, en todas las versiones desde el commit con ID 9b8e74a232bba4701844e07bcba794173b0238a8 (29 de octubre de 2016), contiene una vulnerabilidad de falta de certificado SSL que afecta a la funcional... • https://github.com/ossf-cve-benchmark/CVE-2018-1000096 • CWE-295: Improper Certificate Validation •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2006-7137
https://notcve.org/view.php?id=CVE-2006-7137
07 Mar 2007 — Cross-site scripting (XSS) vulnerability in TinyPortal before 0.8.6 allows remote attackers to inject arbitrary web script or HTML via the shoutbox. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en TinyPortal anterior a 0.8.6 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante shoutbox. • http://www.securityfocus.com/archive/1/442308/100/0/threaded •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2002-1925
https://notcve.org/view.php?id=CVE-2002-1925
31 Dec 2002 — Tiny Personal Firewall 3.0 through 3.0.6 allows remote attackers to cause a denial of service (crash) by via SYN, UDP, ICMP and TCP portscans when the administrator selects the Log tab of the Personal Firewall Agent module. • http://cert.uni-stuttgart.de/archive/bugtraq/2002/08/msg00298.html •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2002-0349
https://notcve.org/view.php?id=CVE-2002-0349
03 May 2002 — Tiny Personal Firewall (TPF) 2.0.15, under certain configurations, will pop up an alert to the system even when the screen is locked, which could allow an attacker with physical access to the machine to hide activities or bypass access restrictions. • http://marc.info/?l=bugtraq&m=101494587110288&w=2 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 2CVE-2001-1549 – ZoneAlarm Pro 1.0/2.x - Outbound Packet Bypass
https://notcve.org/view.php?id=CVE-2001-1549
31 Dec 2001 — Tiny Personal Firewall 1.0 and 2.0 allows local users to bypass filtering via non-standard TCP packets created with non-Windows protocol adapters. • https://www.exploit-db.com/exploits/21169 •