Rit Research Labs
Products
2- 7 CVEs
- 2 CVEs
Recent CVEs
9| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2004-2636 | 0.03 | — | 0.03 | Dec 31, 2004 | TinyWeb 1.9 allows remote attackers to read source code of scripts via "/./" in the URL. | |||
| CVE-2026-29046 | 0.00 | — | 0.00 | Mar 6, 2026 | TinyWeb is a web server (HTTP, HTTPS) written in Delphi for Win32. Prior to version 2.04, TinyWeb accepts request header values and later maps them into CGI environment variables (HTTP_*). The parser did not strictly reject dangerous control characters in header lines and header… | |||
| CVE-2026-28497 | 0.00 | — | 0.00 | Mar 6, 2026 | TinyWeb is a web server (HTTP, HTTPS) written in Delphi for Win32. Prior to version 2.03, an integer overflow vulnerability in the string-to-integer conversion routine (_Val) allows an unauthenticated remote attacker to bypass Content-Length restrictions and perform HTTP Request… | |||
| CVE-2026-27633 | 0.00 | — | 0.00 | Feb 25, 2026 | TinyWeb is a web server (HTTP, HTTPS) written in Delphi for Win32. Versions prior to version 2.02 have a Denial of Service (DoS) vulnerability via memory exhaustion. Unauthenticated remote attackers can send an HTTP POST request to the server with an exceptionally large… | |||
| CVE-2026-27630 | 0.00 | — | 0.00 | Feb 25, 2026 | TinyWeb is a web server (HTTP, HTTPS) written in Delphi for Win32. Versions prior to version 2.02 are vulnerable to a Denial of Service (DoS) attack known as Slowloris. The server spawns a new OS thread for every incoming connection without enforcing a maximum concurrency limit… | |||
| CVE-2026-27613 | 0.00 | — | 0.01 | Feb 25, 2026 | TinyWeb is a web server (HTTP, HTTPS) written in Delphi for Win32. A vulnerability in versions prior to 2.01 allows unauthenticated remote attackers to bypass the web server's CGI parameter security controls. Depending on the server configuration and the specific CGI executable… | |||
| CVE-2003-1133 | 0.00 | — | 0.00 | Dec 31, 2003 | Rit Research Labs The Bat! 1.0.11 through 2.0 creates new accounts with insecure ACLs, which allows local users to read other users' email messages. | |||
| CVE-2003-1510 | 0.00 | — | 0.02 | Dec 31, 2003 | TinyWeb 1.9 allows remote attackers to cause a denial of service (CPU consumption) via a ".%00." in an HTTP GET request to the cgi-bin directory. | |||
| CVE-2001-0676 | 0.00 | — | 0.01 | Sep 20, 2001 | Directory traversal vulnerability in Rit Research Labs The Bat! 1.48f and earlier allows a remote attacker to create arbitrary files via a "dot dot" attack in the filename for an attachment. |
- CVE-2004-2636Dec 31, 2004risk 0.03cvss —epss 0.03
TinyWeb 1.9 allows remote attackers to read source code of scripts via "/./" in the URL.
- CVE-2026-29046Mar 6, 2026risk 0.00cvss —epss 0.00
TinyWeb is a web server (HTTP, HTTPS) written in Delphi for Win32. Prior to version 2.04, TinyWeb accepts request header values and later maps them into CGI environment variables (HTTP_*). The parser did not strictly reject dangerous control characters in header lines and header…
- CVE-2026-28497Mar 6, 2026risk 0.00cvss —epss 0.00
TinyWeb is a web server (HTTP, HTTPS) written in Delphi for Win32. Prior to version 2.03, an integer overflow vulnerability in the string-to-integer conversion routine (_Val) allows an unauthenticated remote attacker to bypass Content-Length restrictions and perform HTTP Request…
- CVE-2026-27633Feb 25, 2026risk 0.00cvss —epss 0.00
TinyWeb is a web server (HTTP, HTTPS) written in Delphi for Win32. Versions prior to version 2.02 have a Denial of Service (DoS) vulnerability via memory exhaustion. Unauthenticated remote attackers can send an HTTP POST request to the server with an exceptionally large…
- CVE-2026-27630Feb 25, 2026risk 0.00cvss —epss 0.00
TinyWeb is a web server (HTTP, HTTPS) written in Delphi for Win32. Versions prior to version 2.02 are vulnerable to a Denial of Service (DoS) attack known as Slowloris. The server spawns a new OS thread for every incoming connection without enforcing a maximum concurrency limit…
- CVE-2026-27613Feb 25, 2026risk 0.00cvss —epss 0.01
TinyWeb is a web server (HTTP, HTTPS) written in Delphi for Win32. A vulnerability in versions prior to 2.01 allows unauthenticated remote attackers to bypass the web server's CGI parameter security controls. Depending on the server configuration and the specific CGI executable…
- CVE-2003-1133Dec 31, 2003risk 0.00cvss —epss 0.00
Rit Research Labs The Bat! 1.0.11 through 2.0 creates new accounts with insecure ACLs, which allows local users to read other users' email messages.
- CVE-2003-1510Dec 31, 2003risk 0.00cvss —epss 0.02
TinyWeb 1.9 allows remote attackers to cause a denial of service (CPU consumption) via a ".%00." in an HTTP GET request to the cgi-bin directory.
- CVE-2001-0676Sep 20, 2001risk 0.00cvss —epss 0.01
Directory traversal vulnerability in Rit Research Labs The Bat! 1.48f and earlier allows a remote attacker to create arbitrary files via a "dot dot" attack in the filename for an attachment.