Reported June 03, 2004, by GSSIT
A vulnerability in Ritlabs TinyWeb 1.92 could result in information disclosure. A hacker could use TinyWeb to download and obtain the scripts located in a Web site's cgi-bin directory by issuing a simple HTTP GET request to the Web server for the Uniform Resource Identifier (URI) /cgi-bin/./\[Script Name\].
Ritlabs has released version 1.93, which isn't vulnerable to this condition.
Discovered by GSSIT.