CVE-2026-27613

TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. A vulnerability in versions prior to 2.01 allows unauthenticated remote attackers to bypass the web server's CGI parameter security controls. Depending on the server configuration and the specific CGI executable in use, the impact i...

CVE-2026-27613 CGI Parameter Injection (Bypass of STRICT_CGI_PARAMS and EscapeShellParam)

TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. A vulnerability in versions prior to 2.01 allows unauthenticated remote attackers to bypass the web server's CGI parameter security controls. Depending on the server configuration and the specific CGI executable in use, the impact i...

CVE-2026-27613

CVE-2026-27613 affects TinyWeb (Delphi, Win32) versions prior to 2.01. An unauthenticated remote attacker can bypass CGI parameter security controls, with impact depending on configuration and CGI executable: possible source code disclosure or remote code execution. The issue is fixed in version ...

PT-2026-22037

Name of the Vulnerable Software and Affected Versions TinyWeb versions prior to 2.01 Description TinyWeb, a web server for Win32, contains a flaw where unauthenticated remote attackers can circumvent the CGI parameter security controls. This can lead to source code disclosure or remote code...

CVE-2022-50922 Audio Conversion Wizard v2.01 - Buffer Overflow

Audio Conversion Wizard v2.01 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting memory with a specially crafted registration code. Attackers can generate a payload that overwrites the application's memory stack, potentially enabling remote cod...

EUVD-2009-0766

Malware in sbrugna...

EUVD-2012-6373

Malware in sbrugna...

EUVD-2006-4587

Malware in sbrugna...

EUVD-2000-1055

Malware in sbrugna...

CVE-2023-39853

SQL Injection vulnerability in Dzzoffice version 2.01, allows remote attackers to obtain sensitive information via the doobj and doevent parameters in the Network Disk backend module...

CVE-2009-0764

Multiple cross-site scripting XSS vulnerabilities in Kipper 2.01 allow remote attackers to inject arbitrary web script or HTML via the charm parameter to 1 index.php and 2 kipper.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2024-47326

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ILLID Share This Image share-this-image allows Reflected XSS.This issue affects Share This Image: from n/a through = 2.01...

CVE-2024-29791

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Mad Fish Digital Bulk NoIndex & NoFollow Toolkit allows Reflected XSS.This issue affects Bulk NoIndex & NoFollow Toolkit: from n/a through 2.01...

PT-2024-16045 · Topdata · Topdata Inner Rep Plus Webserver

Name of the Vulnerable Software and Affected Versions: Topdata Inner Rep Plus WebServer version 2.01 Description: A vulnerability was found in the Operator Details Form component of the Topdata Inner Rep Plus WebServer, affecting an unknown function of the file /InnerRepPlus.html. This issue lead...

Topdata Inner Rep Plus WebServer 加密问题漏洞

Topdata Inner Rep Plus WebServer is an application from Topdata Corporation. An encryption issue vulnerability exists in Topdata Inner Rep Plus WebServer version 2.01 that stems from the use of a risky encryption algorithm...

Topdata Inner Rep Plus WebServer 安全漏洞

Topdata Inner Rep Plus WebServer is an application from Topdata Corporation. A security vulnerability exists in Topdata Inner Rep Plus WebServer version 2.01, which stems from a missing password field mask issue...

PT-2024-32539 · Unknown · Illid Share This Image

Name of the Vulnerable Software and Affected Versions: ILLID Share This Image versions n/a through 2.01 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Reflected XSS. Recommendations: For...

WordPress plugin Advanced Woo Labels 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerabili...

PT-2024-32679 · Unknown · Illid Advanced Woo Labels

Name of the Vulnerable Software and Affected Versions: ILLID Advanced Woo Labels versions n/a through 2.01 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS, which occurs due to...

WordPress Share This Image plugin <= 2.01 - Authenticated (Contributor+) Stored Cross-Site Scripting via alignment Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via alignment Parameter vulnerability discovered by Francesco Carlucci in WordPress Plugin Share This Image versions = 2.01...