Miniweb HTTP Server
Products
4- 5 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
8| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-10047 | Cri | 0.70 | — | 0.01 | Aug 1, 2025 | An unrestricted file upload vulnerability exists in MiniWeb HTTP Server <= Build 300 that allows unauthenticated remote attackers to upload arbitrary files to the server’s filesystem. By abusing the upload handler and crafting a traversal path, an attacker can place a… | ||
| CVE-2020-29596 | Hig | 0.49 | 7.5 | 0.03 | Dec 21, 2020 | MiniWeb HTTP server 0.8.19 allows remote attackers to cause a denial of service (daemon crash) via a long name for the first parameter in a POST request. | ||
| CVE-2009-4552 | 0.03 | — | 0.01 | Jan 4, 2010 | Cross-site scripting (XSS) vulnerability in the Survey Pro module for Miniweb 2.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php. | |||
| CVE-2008-6582 | 0.03 | — | 0.01 | Apr 2, 2009 | SQL injection vulnerability in index.php in Miniweb 2.0 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action. | |||
| CVE-2008-2197 | 0.03 | — | 0.01 | May 14, 2008 | SQL injection vulnerability in the blogwriter module 2.0 for Miniweb allows remote attackers to execute arbitrary SQL commands via the historymonth parameter to index.php. | |||
| CVE-2008-0337 | 0.03 | — | 0.05 | Jan 17, 2008 | Heap-based buffer overflow in the _mwProcessReadSocket function in http.c in MiniWeb HTTP Server 0.8.19 allows remote attackers to execute arbitrary code via a long URI. | |||
| CVE-2008-0338 | 0.03 | — | 0.03 | Jan 17, 2008 | Directory traversal vulnerability in the mwGetLocalFileName function in http.c in MiniWeb HTTP Server 0.8.19 allows remote attackers to read arbitrary files and list arbitrary directories via a (1) .%2e (partially encoded dot dot) or (2) %2e%2e (encoded dot dot) in the URI. | |||
| CVE-2007-3159 | 0.03 | — | 0.03 | Jun 11, 2007 | http.c in MiniWeb Http Server 0.8.x allows remote attackers to cause a denial of service (application crash) via a negative value in the Content-Length HTTP header. |
- risk 0.70cvss —epss 0.01
An unrestricted file upload vulnerability exists in MiniWeb HTTP Server <= Build 300 that allows unauthenticated remote attackers to upload arbitrary files to the server’s filesystem. By abusing the upload handler and crafting a traversal path, an attacker can place a…
- risk 0.49cvss 7.5epss 0.03
MiniWeb HTTP server 0.8.19 allows remote attackers to cause a denial of service (daemon crash) via a long name for the first parameter in a POST request.
- CVE-2009-4552Jan 4, 2010risk 0.03cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in the Survey Pro module for Miniweb 2.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php.
- CVE-2008-6582Apr 2, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in Miniweb 2.0 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action.
- CVE-2008-2197May 14, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in the blogwriter module 2.0 for Miniweb allows remote attackers to execute arbitrary SQL commands via the historymonth parameter to index.php.
- CVE-2008-0337Jan 17, 2008risk 0.03cvss —epss 0.05
Heap-based buffer overflow in the _mwProcessReadSocket function in http.c in MiniWeb HTTP Server 0.8.19 allows remote attackers to execute arbitrary code via a long URI.
- CVE-2008-0338Jan 17, 2008risk 0.03cvss —epss 0.03
Directory traversal vulnerability in the mwGetLocalFileName function in http.c in MiniWeb HTTP Server 0.8.19 allows remote attackers to read arbitrary files and list arbitrary directories via a (1) .%2e (partially encoded dot dot) or (2) %2e%2e (encoded dot dot) in the URI.
- CVE-2007-3159Jun 11, 2007risk 0.03cvss —epss 0.03
http.c in MiniWeb Http Server 0.8.x allows remote attackers to cause a denial of service (application crash) via a negative value in the Content-Length HTTP header.