DMCERTCE

4 exploits Active since May 2024
CVE-2024-34199 WRITEUP HIGH WORKING POC
TinyWeb < 1.94 - Unauthenticated Denial of Service via Large Request Line Elements
TinyWeb 1.94 and below allows unauthenticated remote attackers to cause a denial of service (Buffer Overflow) when sending excessively large elements in the request line.
CVSS 8.6
CVE-2024-36426 WRITEUP HIGH WRITEUP
TARGIT Decision Suite <23.2.15007.0 - Info Disclosure
In TARGIT Decision Suite 23.2.15007.0 before Autumn 2023, the session token is part of the URL and may be sent in a cleartext HTTP session.
CVSS 7.5
CVE-2024-5193 WRITEUP MEDIUM WRITEUP
Ritlabs TinyWeb Server <1.99 - CRLF Injection
A security vulnerability has been detected in Ritlabs TinyWeb Server 1.94. This vulnerability affects unknown code of the component Request Handler. The manipulation with the input %0D%0A leads to crlf injection. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 1.99 is able to resolve this issue. The identifier of the patch is d49c3da6a97e950975b18626878f3ee1f082358e. It is suggested to upgrade the affected component. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 5.3
CVE-2025-1207 WRITEUP LOW WORKING POC
TFTPD64 4.64 - Denial of Service in DNS Handler
A vulnerability was found in phjounin TFTPD64 4.64. It has been declared as problematic. This vulnerability affects unknown code of the component DNS Handler. The manipulation leads to denial of service. The attack needs to be done within the local network. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.
CVSS 3.1