VYPR
Vendor

Rit Research Labs

Products
2
CVEs
9
Across products
9
Status
Private

Products

2

Recent CVEs

9
  • CVE-2004-2636Dec 31, 2004
    risk 0.03cvss epss 0.03

    TinyWeb 1.9 allows remote attackers to read source code of scripts via "/./" in the URL.

  • CVE-2026-29046Mar 6, 2026
    risk 0.00cvss epss 0.00

    TinyWeb is a web server (HTTP, HTTPS) written in Delphi for Win32. Prior to version 2.04, TinyWeb accepts request header values and later maps them into CGI environment variables (HTTP_*). The parser did not strictly reject dangerous control characters in header lines and header…

  • CVE-2026-28497Mar 6, 2026
    risk 0.00cvss epss 0.00

    TinyWeb is a web server (HTTP, HTTPS) written in Delphi for Win32. Prior to version 2.03, an integer overflow vulnerability in the string-to-integer conversion routine (_Val) allows an unauthenticated remote attacker to bypass Content-Length restrictions and perform HTTP Request…

  • CVE-2026-27633Feb 25, 2026
    risk 0.00cvss epss 0.00

    TinyWeb is a web server (HTTP, HTTPS) written in Delphi for Win32. Versions prior to version 2.02 have a Denial of Service (DoS) vulnerability via memory exhaustion. Unauthenticated remote attackers can send an HTTP POST request to the server with an exceptionally large…

  • CVE-2026-27630Feb 25, 2026
    risk 0.00cvss epss 0.00

    TinyWeb is a web server (HTTP, HTTPS) written in Delphi for Win32. Versions prior to version 2.02 are vulnerable to a Denial of Service (DoS) attack known as Slowloris. The server spawns a new OS thread for every incoming connection without enforcing a maximum concurrency limit…

  • CVE-2026-27613Feb 25, 2026
    risk 0.00cvss epss 0.01

    TinyWeb is a web server (HTTP, HTTPS) written in Delphi for Win32. A vulnerability in versions prior to 2.01 allows unauthenticated remote attackers to bypass the web server's CGI parameter security controls. Depending on the server configuration and the specific CGI executable…

  • CVE-2003-1133Dec 31, 2003
    risk 0.00cvss epss 0.00

    Rit Research Labs The Bat! 1.0.11 through 2.0 creates new accounts with insecure ACLs, which allows local users to read other users' email messages.

  • CVE-2003-1510Dec 31, 2003
    risk 0.00cvss epss 0.02

    TinyWeb 1.9 allows remote attackers to cause a denial of service (CPU consumption) via a ".%00." in an HTTP GET request to the cgi-bin directory.

  • CVE-2001-0676Sep 20, 2001
    risk 0.00cvss epss 0.01

    Directory traversal vulnerability in Rit Research Labs The Bat! 1.48f and earlier allows a remote attacker to create arbitrary files via a "dot dot" attack in the filename for an attachment.