5 matches found
CVE-2026-22781 TinyWeb CGI Command Injection
TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. TinyWeb HTTP Server before version 1.98 is vulnerable to OS command injection via CGI ISINDEX-style query parameters. The query parameters are passed as command-line arguments to the CGI executable via Windows CreateProcess. An...
CVE-2026-22781 TinyWeb CGI Command Injection
TinyWeb is a web server HTTP, HTTPS written in Delphi for Win32. TinyWeb HTTP Server before version 1.98 is vulnerable to OS command injection via CGI ISINDEX-style query parameters. The query parameters are passed as command-line arguments to the CGI executable via Windows CreateProcess. An...
TinyWeb Server 操作系统命令注入漏洞
TinyWeb Server is a web server by Maxim Masiutin, an individual developer. An operating system command injection vulnerability exists in versions of TinyWeb Server prior to 1.98, which stems from passing commands via CGI ISINDEX style query parameters, which could lead to an OS command injection...
Ralf S. Engelschall ePerl 2.2.12 - Handling of ISINDEX Query
Ralf S. Engelschall ePerl 2.2.12 - Handling of ISINDEX Query source: https://www.securityfocus.com/bid/151/info A bug exists in ePerl's handling of the ISINDEX queries. When ISINDEX is used, the query is passed on the command line by the web server. This would allow an attacker to execute arbitra...
Ralf S. Engelschall ePerl 2.2.12 - Handling of ISINDEX Query
source: https://www.securityfocus.com/bid/151/info A bug exists in ePerl's handling of the ISINDEX queries. When ISINDEX is used, the query is passed on the command line by the web server. This would allow an attacker to execute arbitrary code via the ePerl interpreter, with none of the...