CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2017-16097
https://notcve.org/view.php?id=CVE-2017-16097
tiny-http is a simple http server. tiny-http is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. "tiny-http" es un servidor http sencillo. "tiny-http" es vulnerable a un problema de salto de directorio que otorga a un atacante acceso al sistema de archivos colocando "../" en la URL. • https://github.com/JacksonGL/NPM-Vuln-PoC/blob/master/directory-traversal/tiny- https://nodesecurity.io/advisories/342 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-1000096
https://notcve.org/view.php?id=CVE-2018-1000096
brianleroux tiny-json-http version all versions since commit 9b8e74a232bba4701844e07bcba794173b0238a8 (Oct 29 2016) contains a Missing SSL certificate validation vulnerability in The libraries core functionality is affected. that can result in Exposes the user to man-in-the-middle attacks. brianleroux tiny-json-http, en todas las versiones desde el commit con ID 9b8e74a232bba4701844e07bcba794173b0238a8 (29 de octubre de 2016), contiene una vulnerabilidad de falta de certificado SSL que afecta a la funcionalidad core de bibliotecas. Esto puede resultar en la exposición del usuario a ataques Man-in-the-Middle (MitM). • https://github.com/ossf-cve-benchmark/CVE-2018-1000096 https://github.com/brianleroux/tiny-json-http/pull/15 • CWE-295: Improper Certificate Validation •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2006-7137
https://notcve.org/view.php?id=CVE-2006-7137
Cross-site scripting (XSS) vulnerability in TinyPortal before 0.8.6 allows remote attackers to inject arbitrary web script or HTML via the shoutbox. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en TinyPortal anterior a 0.8.6 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante shoutbox. • http://www.securityfocus.com/archive/1/442308/100/0/threaded http://www.securityfocus.com/archive/1/462018/100/0/threaded http://www.securityfocus.com/bid/19357 •
CVSS: 5.0EPSS: 1%CPEs: 3EXPL: 0CVE-2002-1925
https://notcve.org/view.php?id=CVE-2002-1925
Tiny Personal Firewall 3.0 through 3.0.6 allows remote attackers to cause a denial of service (crash) by via SYN, UDP, ICMP and TCP portscans when the administrator selects the Log tab of the Personal Firewall Agent module. • http://cert.uni-stuttgart.de/archive/bugtraq/2002/08/msg00298.html http://www.iss.net/security_center/static/9918.php http://www.securityfocus.com/bid/5525 •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2002-0349
https://notcve.org/view.php?id=CVE-2002-0349
Tiny Personal Firewall (TPF) 2.0.15, under certain configurations, will pop up an alert to the system even when the screen is locked, which could allow an attacker with physical access to the machine to hide activities or bypass access restrictions. • http://marc.info/?l=bugtraq&m=101494587110288&w=2 http://www.iss.net/security_center/static/8324.php http://www.securityfocus.com/bid/4207 •