VYPR

Goahead Webserver

by Goahead

Source repositories

CVEs (19)

  • CVE-2017-5675HigMar 13, 2017
    risk 0.57cvss 8.8epss 0.02

    A command-injection vulnerability exists in a web application on a custom-built GoAhead web server used on Foscam, Vstarcam, and multiple white-label IP camera models. The mail-sending form in the mail.htm page allows an attacker to inject a command into the receiver1 field in…

  • CVE-2024-3184MedOct 17, 2024
    risk 0.38cvss 5.9epss 0.00

    Multiple CWE-476 NULL Pointer Dereference vulnerabilities were found in GoAhead Web Server up to version 6.0.0 when compiled with the ME_GOAHEAD_REPLACE_MALLOC flag. Without a memory notifier for allocation failures, remote attackers can exploit these vulnerabilities by sending…

  • CVE-2002-0681Jul 23, 2002
    risk 0.04cvss epss 0.08

    Cross-site scripting vulnerability in GoAhead Web Server 2.1 allows remote attackers to execute script as other web users via script in a URL that generates a "404 not found" message, which does not quote the script.

  • CVE-2002-1603Feb 13, 2002
    risk 0.04cvss epss 0.14

    GoAhead Web Server 2.1.7 and earlier allows remote attackers to obtain the source code of ASP files via a URL terminated with a /, \, %2f (encoded /), %20 (encoded space), or %00 (encoded null) character, which returns the ASP source code unparsed.

  • CVE-2001-0385Jul 2, 2001
    risk 0.04cvss epss 0.08

    GoAhead webserver 2.1 allows remote attackers to cause a denial of service via an HTTP request to the /aux directory.

  • CVE-2011-4273Nov 3, 2011
    risk 0.03cvss epss 0.05

    Multiple cross-site scripting (XSS) vulnerabilities in GoAhead Webserver 2.18 allow remote attackers to inject arbitrary web script or HTML via (1) the group parameter to goform/AddGroup, related to addgroup.asp; (2) the url parameter to goform/AddAccessLimit, related to…

  • CVE-2007-6702Mar 4, 2008
    risk 0.03cvss epss 0.03

    goform/QuickStart_c0 on the GoAhead Web Server on the FS4104-AW (aka rooter) VDSL device contains a password in the typepassword field, which allows remote attackers to obtain this password by reading the HTML source, a different vulnerability than CVE-2002-1603.

  • CVE-2002-1951Dec 31, 2002
    risk 0.03cvss epss 0.06

    Buffer overflow in GoAhead WebServer 2.1 allows remote attackers to execute arbitrary code via a long HTTP GET request with a large number of subdirectories.

  • CVE-2002-0680Jul 23, 2002
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in GoAhead Web Server 2.1 allows remote attackers to read arbitrary files via a URL with an encoded / (%5C) in a .. (dot dot) sequence. NOTE: it is highly likely that this candidate will be REJECTED because it has been reported to be a…

  • CVE-2001-0228May 3, 2001
    risk 0.03cvss epss 0.04

    Directory traversal vulnerability in GoAhead web server 2.1 and earlier allows remote attackers to read arbitrary files via a .. attack in an HTTP GET request.

  • CVE-2021-41615Aug 8, 2022
    risk 0.00cvss epss 0.01

    websda.c in GoAhead WebServer 2.1.8 has insufficient nonce entropy because the nonce calculation relies on the hardcoded onceuponatimeinparadise value, which does not follow the secret-data guideline for HTTP Digest Access Authentication in RFC 7616 section 3.3 (or RFC 2617…

  • CVE-2009-5111Dec 27, 2011
    risk 0.00cvss epss 0.01

    GoAhead WebServer allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.

  • CVE-2003-1569Feb 6, 2009
    risk 0.00cvss epss 0.01

    GoAhead WebServer before 2.1.5 on Windows 95, 98, and ME allows remote attackers to cause a denial of service (daemon crash) via an HTTP request with a (1) con, (2) nul, (3) clock$, or (4) config$ device name in a path component, different vectors than CVE-2001-0385.

  • CVE-2003-1568Feb 6, 2009
    risk 0.00cvss epss 0.02

    GoAhead WebServer before 2.1.6 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an invalid URL, related to the websSafeUrl function.

  • CVE-2002-2431Feb 6, 2009
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in GoAhead WebServer before 2.1.4 allows remote attackers to cause "incorrect behavior" via unknown "malicious code," related to incorrect use of the socketInputBuffered function by sockGen.c.

  • CVE-2002-2430Feb 6, 2009
    risk 0.00cvss epss 0.01

    GoAhead WebServer before 2.1.1 allows remote attackers to cause a denial of service (CPU consumption) by performing a socket disconnect to terminate a request before it has been fully processed by the server.

  • CVE-2002-2429Feb 6, 2009
    risk 0.00cvss epss 0.01

    webs.c in GoAhead WebServer before 2.1.4 allows remote attackers to cause a denial of service (daemon crash) via an HTTP POST request that contains a negative integer in the Content-Length header.

  • CVE-2002-2428Feb 6, 2009
    risk 0.00cvss epss 0.02

    webs.c in GoAhead WebServer before 2.1.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an HTTP POST request that contains a Content-Length header but no body data.

  • CVE-2002-2427Feb 6, 2009
    risk 0.00cvss epss 0.01

    The security handler in GoAhead WebServer before 2.1.1 allows remote attackers to bypass authentication and obtain access to protected web content via "an extra slash in a URL," a different vulnerability than CVE-2002-1603.