Localh0T

**Name of the Vulnerable Software and Affected Versions** RIPS Scanner version 0.54 **Description** A path traversal vulnerability exists that allows remote attackers to read arbitrary files on the system with the privileges of the web server. This is achieved by sending crafted HTTP GET requests to the `/windows/code.php` script with a manipulated `file` parameter, potentially leading to disclosure of sensitive information. **Recommendations** For RIPS Scanner version 0.54, avoid using the `file` parameter in the `/windows/code.php` script. As a temporary workaround, consider restricting access to the `windows/code.php` script until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Tiny Server versions 1.1.9 and earlier **Description** The issue allows remote attackers to cause a denial of service, resulting in a crash, by sending a long string in a GET request without an HTTP version number. **Recommendations** For versions 1.1.9 and earlier, consider restricting the length of incoming GET requests to prevent the denial of service. As a temporary workaround, implement input validation to ensure all GET requests include a valid HTTP version number.