CVE-2026-27613

TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. A vulnerability in versions prior to 2.01 allows unauthenticated remote attackers to bypass the web server's CGI parameter security controls. Depending on the server configuration and the specific CGI executable in use, the impact i...

CVE-2026-27613 CGI Parameter Injection (Bypass of STRICT_CGI_PARAMS and EscapeShellParam)

TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. A vulnerability in versions prior to 2.01 allows unauthenticated remote attackers to bypass the web server's CGI parameter security controls. Depending on the server configuration and the specific CGI executable in use, the impact i...

PT-2026-22037

Name of the Vulnerable Software and Affected Versions TinyWeb versions prior to 2.01 Description TinyWeb, a web server for Win32, contains a flaw where unauthenticated remote attackers can circumvent the CGI parameter security controls. This can lead to source code disclosure or remote code...

CVE-2022-50922 Audio Conversion Wizard v2.01 - Buffer Overflow

Audio Conversion Wizard v2.01 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting memory with a specially crafted registration code. Attackers can generate a payload that overwrites the application's memory stack, potentially enabling remote cod...

CVE-2024-47326

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ILLID Share This Image share-this-image allows Reflected XSS.This issue affects Share This Image: from n/a through = 2.01...

CVE-2024-29791

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Mad Fish Digital Bulk NoIndex & NoFollow Toolkit allows Reflected XSS.This issue affects Bulk NoIndex & NoFollow Toolkit: from n/a through 2.01...

PT-2024-16045 · Topdata · Topdata Inner Rep Plus Webserver

Name of the Vulnerable Software and Affected Versions: Topdata Inner Rep Plus WebServer version 2.01 Description: A vulnerability was found in the Operator Details Form component of the Topdata Inner Rep Plus WebServer, affecting an unknown function of the file /InnerRepPlus.html. This issue lead...

Topdata Inner Rep Plus WebServer 安全漏洞

Topdata Inner Rep Plus WebServer is an application from Topdata Corporation. A security vulnerability exists in Topdata Inner Rep Plus WebServer version 2.01, which stems from a missing password field mask issue...

Topdata Inner Rep Plus WebServer 加密问题漏洞

Topdata Inner Rep Plus WebServer is an application from Topdata Corporation. An encryption issue vulnerability exists in Topdata Inner Rep Plus WebServer version 2.01 that stems from the use of a risky encryption algorithm...

PT-2024-38807 · WordPress · Share This Image

Name of the Vulnerable Software and Affected Versions: Share This Image plugin for WordPress versions up to, and including, 2.01 Description: The issue is related to Stored Cross-Site Scripting via the alignment parameter due to insufficient input sanitization and output escaping. This allows...

PT-2024-23035 · Mad Fish Digital · Mad Fish Digital Bulk Noindex & Nofollow Toolkit

Name of the Vulnerable Software and Affected Versions: Mad Fish Digital Bulk NoIndex & NoFollow Toolkit versions through 2.01 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS...

PT-2024-12821 · Dzzoffice · Dzzoffice

Name of the Vulnerable Software and Affected Versions: Dzzoffice version 2.01 Description: The issue allows remote attackers to obtain sensitive information via the doobj and doevent parameters in the Network Disk backend module. This is a SQL Injection vulnerability. Recommendations: For Dzzoffi...

WordPress plugin BBSpoiler 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

Omron CX-One CX-Protocol

1. EXECUTIVE SUMMARY CVSS v3 6.6 ATTENTION: Low skill level to exploit Vendor: Omron Equipment: CX-Protocol within CX-One Vulnerabilities: Type Confusion 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute code under the privileges of the...

D-Link DIR-600 - Authentication Bypass

D-Link DIR-600 - Authentication Bypass Exploit Title: D-Link DIR-600 - Authentication Bypass Absolute Path Traversal Attack CVE - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12943 Date: 29-08-2017 Exploit Author: Jithin D Kurup Contact :...

Arcadem 2.01 Index.PHP Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/25432/info Arcadem is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to compromise the application and the underlying...

DB[CMS] 2.0.1 - SQL Injection Vulnerability

No description provided by source. Exploit Title: DBCMS Sql Injection Vulnerability Author: Pokeng Software Link: http://www.debliteck.com/how.php Version: Ver2.01 Platform / Tested on: Win/Linux category: webapps/0day Code : http://site/article.php?id=SQL Dork : Designed and Developed by Deblite...

CMS Touch - 'pages.php?Page_ID' SQL Injection

source: https://www.securityfocus.com/bid/67377/info CMS Touch is prone to multiple SQL-injection and cross-site scripting vulnerabilities. Successful exploits could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit...

Getsimple CMS 2.01 - changedata.php Cross-Site Scripting

Getsimple CMS 2.01 - changedata.php Cross-Site Scripting source: https://www.securityfocus.com/bid/43593/info GetSimple CMS is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary scri...

openMairie openCimetiere Multiple File Inclusion Vulnerabilities

openMairie openCimetiere is prone to multiple file inclusion vulnerabilities. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...