20 matches found
EUVD-2026-9972
TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. Prior to version 2.04, TinyWeb accepts request header values and later maps them into CGI environment variables HTTP. The parser did not strictly reject dangerous control characters in header lines and header values, including CR, L...
CVE-2026-28497 TinyWeb: Integer Overflow in `_Val` (HTTP Request Smuggling)
TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. Prior to version 2.03, an integer overflow vulnerability in the string-to-integer conversion routine Val allows an unauthenticated remote attacker to bypass Content-Length restrictions and perform HTTP Request Smuggling. This can le...
EUVD-2026-8765
TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. Versions prior to version 2.02 have a Denial of Service DoS vulnerability via memory exhaustion. Unauthenticated remote attackers can send an HTTP POST request to the server with an exceptionally large Content-Length header e.g.,...
CVE-2026-27613 CGI Parameter Injection (Bypass of STRICT_CGI_PARAMS and EscapeShellParam)
TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. A vulnerability in versions prior to 2.01 allows unauthenticated remote attackers to bypass the web server's CGI parameter security controls. Depending on the server configuration and the specific CGI executable in use, the impact i...
PT-2026-22039
Name of the Vulnerable Software and Affected Versions TinyWeb versions prior to 2.02 Description TinyWeb is a web server written in Delphi for Win32. Versions prior to 2.02 are susceptible to a Denial of Service DoS condition caused by memory exhaustion. An unauthenticated remote attacker can sen...
CVE-2026-22781
TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. TinyWeb HTTP Server before version 1.98 is vulnerable to OS command injection via CGI ISINDEX-style query parameters. The query parameters are passed as command-line arguments to the CGI executable via Windows CreateProcess. An...
TinyWeb Server 操作系统命令注入漏洞
TinyWeb Server is a web server by Maxim Masiutin, an individual developer. An operating system command injection vulnerability exists in versions of TinyWeb Server prior to 1.98, which stems from passing commands via CGI ISINDEX style query parameters, which could lead to an OS command injection...
EUVD-2024-46436
Malicious code in bioql PyPI...
CVE-2024-5193
A security vulnerability has been detected in Ritlabs TinyWeb Server 1.94. This vulnerability affects unknown code of the component Request Handler. The manipulation with the input %0D%0A leads to crlf injection. It is possible to initiate the attack remotely. The exploit has been disclosed...
CVE-2024-5193
A security vulnerability has been detected in Ritlabs TinyWeb Server 1.94. This vulnerability affects unknown code of the component Request Handler. The manipulation with the input %0D%0A leads to crlf injection. It is possible to initiate the attack remotely. The exploit has been disclosed...
CVE-2024-5193
A security vulnerability has been detected in Ritlabs TinyWeb Server 1.94. This vulnerability affects unknown code of the component Request Handler. The manipulation with the input %0D%0A leads to crlf injection. It is possible to initiate the attack remotely. The exploit has been disclosed...
CVE-2024-5193 Ritlabs TinyWeb Server Request crlf injection
A security vulnerability has been detected in Ritlabs TinyWeb Server 1.94. This vulnerability affects unknown code of the component Request Handler. The manipulation with the input %0D%0A leads to crlf injection. It is possible to initiate the attack remotely. The exploit has been disclosed...
CVE-2024-5193 Ritlabs TinyWeb Server Request crlf injection
A security vulnerability has been detected in Ritlabs TinyWeb Server 1.94. This vulnerability affects unknown code of the component Request Handler. The manipulation with the input %0D%0A leads to crlf injection. It is possible to initiate the attack remotely. The exploit has been disclosed...
CVE-2024-5193
CVE-2024-5193 affects Ritlabs TinyWeb Server 1.94. The vulnerability arises in the Request Handler where crafting input containing %0D%0A enables CRLF injection. It can be exploited remotely, and public disclosures exist. Upgrading to TinyWeb Server 1.99 mitigates the issue; the patch identifier ...
Ritlabs TinyWeb Server 安全漏洞
Ritlabs TinyWeb Server is a small but full-featured Web server from Ritlabs. A security vulnerability exists in Ritlabs TinyWeb Server version 1.94, which stems from the fact that incorrect manipulation of the input %0D%0A can lead to crlf injection...
Rit Research Labs TinyWeb 1.9.2 Unauthorized Script Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/10445/info TinyWeb Server is affected by an unauthorized script disclosure vulnerability. This issue is due to an input validation error that allows malicious users to bypass standard web server rules. This issue will all...
[EXPL] TinyWeb Server DoS Exploit
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...
Rit Research Labs TinyWeb 1.9.2 - Unauthorized Script Disclosure
Rit Research Labs TinyWeb 1.9.2 - Unauthorized Script Disclosure source: https://www.securityfocus.com/bid/10445/info TinyWeb Server is affected by an unauthorized script disclosure vulnerability. This issue is due to an input validation error that allows malicious users to bypass standard web...
Rit Research Labs TinyWeb 1.9.2 - Unauthorized Script Disclosure
source: https://www.securityfocus.com/bid/10445/info TinyWeb Server is affected by an unauthorized script disclosure vulnerability. This issue is due to an input validation error that allows malicious users to bypass standard web server rules. This issue will allow an attacker to download or view...
TinyWeb cgi-bin Crafted HTTP GET Request DoS
According to its banner, the remote version of TinyWeb has a denial of service vulnerability. Issuing a specially crafted GET request similar to : GET /cgi-bin/.%00./dddd.html can cause the server to consume large amounts of CPU time. Changes by Tenable: - Revised plugin title, output formatting,...