Goahead
Products
4- 19 CVEs
- 8 CVEs
- 1 CVE
- 1 CVE
Recent CVEs
20| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-5675 | Hig | 0.57 | 8.8 | 0.02 | Mar 13, 2017 | A command-injection vulnerability exists in a web application on a custom-built GoAhead web server used on Foscam, Vstarcam, and multiple white-label IP camera models. The mail-sending form in the mail.htm page allows an attacker to inject a command into the receiver1 field in… | ||
| CVE-2017-14149 | Hig | 0.49 | 7.5 | 0.06 | Sep 5, 2017 | GoAhead 3.4.0 through 3.6.5 has a NULL Pointer Dereference in the websDecodeUrl function in http.c, leading to a crash for a "POST / HTTP/1.1" request. | ||
| CVE-2024-3184 | Med | 0.38 | 5.9 | 0.00 | Oct 17, 2024 | Multiple CWE-476 NULL Pointer Dereference vulnerabilities were found in GoAhead Web Server up to version 6.0.0 when compiled with the ME_GOAHEAD_REPLACE_MALLOC flag. Without a memory notifier for allocation failures, remote attackers can exploit these vulnerabilities by sending… | ||
| CVE-2002-0681 | 0.04 | — | 0.08 | Jul 23, 2002 | Cross-site scripting vulnerability in GoAhead Web Server 2.1 allows remote attackers to execute script as other web users via script in a URL that generates a "404 not found" message, which does not quote the script. | |||
| CVE-2002-1603 | 0.04 | — | 0.14 | Feb 13, 2002 | GoAhead Web Server 2.1.7 and earlier allows remote attackers to obtain the source code of ASP files via a URL terminated with a /, \, %2f (encoded /), %20 (encoded space), or %00 (encoded null) character, which returns the ASP source code unparsed. | |||
| CVE-2001-0385 | 0.04 | — | 0.08 | Jul 2, 2001 | GoAhead webserver 2.1 allows remote attackers to cause a denial of service via an HTTP request to the /aux directory. | |||
| CVE-2011-4273 | 0.03 | — | 0.05 | Nov 3, 2011 | Multiple cross-site scripting (XSS) vulnerabilities in GoAhead Webserver 2.18 allow remote attackers to inject arbitrary web script or HTML via (1) the group parameter to goform/AddGroup, related to addgroup.asp; (2) the url parameter to goform/AddAccessLimit, related to… | |||
| CVE-2007-6702 | 0.03 | — | 0.03 | Mar 4, 2008 | goform/QuickStart_c0 on the GoAhead Web Server on the FS4104-AW (aka rooter) VDSL device contains a password in the typepassword field, which allows remote attackers to obtain this password by reading the HTML source, a different vulnerability than CVE-2002-1603. | |||
| CVE-2002-1951 | 0.03 | — | 0.06 | Dec 31, 2002 | Buffer overflow in GoAhead WebServer 2.1 allows remote attackers to execute arbitrary code via a long HTTP GET request with a large number of subdirectories. | |||
| CVE-2002-0680 | 0.03 | — | 0.03 | Jul 23, 2002 | Directory traversal vulnerability in GoAhead Web Server 2.1 allows remote attackers to read arbitrary files via a URL with an encoded / (%5C) in a .. (dot dot) sequence. NOTE: it is highly likely that this candidate will be REJECTED because it has been reported to be a… | |||
| CVE-2001-0228 | 0.03 | — | 0.04 | May 3, 2001 | Directory traversal vulnerability in GoAhead web server 2.1 and earlier allows remote attackers to read arbitrary files via a .. attack in an HTTP GET request. | |||
| CVE-2021-41615 | 0.00 | — | 0.01 | Aug 8, 2022 | websda.c in GoAhead WebServer 2.1.8 has insufficient nonce entropy because the nonce calculation relies on the hardcoded onceuponatimeinparadise value, which does not follow the secret-data guideline for HTTP Digest Access Authentication in RFC 7616 section 3.3 (or RFC 2617… | |||
| CVE-2009-5111 | 0.00 | — | 0.01 | Dec 27, 2011 | GoAhead WebServer allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris. | |||
| CVE-2003-1569 | 0.00 | — | 0.01 | Feb 6, 2009 | GoAhead WebServer before 2.1.5 on Windows 95, 98, and ME allows remote attackers to cause a denial of service (daemon crash) via an HTTP request with a (1) con, (2) nul, (3) clock$, or (4) config$ device name in a path component, different vectors than CVE-2001-0385. | |||
| CVE-2003-1568 | 0.00 | — | 0.02 | Feb 6, 2009 | GoAhead WebServer before 2.1.6 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an invalid URL, related to the websSafeUrl function. | |||
| CVE-2002-2431 | 0.00 | — | 0.01 | Feb 6, 2009 | Unspecified vulnerability in GoAhead WebServer before 2.1.4 allows remote attackers to cause "incorrect behavior" via unknown "malicious code," related to incorrect use of the socketInputBuffered function by sockGen.c. | |||
| CVE-2002-2430 | 0.00 | — | 0.01 | Feb 6, 2009 | GoAhead WebServer before 2.1.1 allows remote attackers to cause a denial of service (CPU consumption) by performing a socket disconnect to terminate a request before it has been fully processed by the server. | |||
| CVE-2002-2429 | 0.00 | — | 0.01 | Feb 6, 2009 | webs.c in GoAhead WebServer before 2.1.4 allows remote attackers to cause a denial of service (daemon crash) via an HTTP POST request that contains a negative integer in the Content-Length header. | |||
| CVE-2002-2428 | 0.00 | — | 0.02 | Feb 6, 2009 | webs.c in GoAhead WebServer before 2.1.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an HTTP POST request that contains a Content-Length header but no body data. | |||
| CVE-2002-2427 | 0.00 | — | 0.01 | Feb 6, 2009 | The security handler in GoAhead WebServer before 2.1.1 allows remote attackers to bypass authentication and obtain access to protected web content via "an extra slash in a URL," a different vulnerability than CVE-2002-1603. |
- risk 0.57cvss 8.8epss 0.02
A command-injection vulnerability exists in a web application on a custom-built GoAhead web server used on Foscam, Vstarcam, and multiple white-label IP camera models. The mail-sending form in the mail.htm page allows an attacker to inject a command into the receiver1 field in…
- risk 0.49cvss 7.5epss 0.06
GoAhead 3.4.0 through 3.6.5 has a NULL Pointer Dereference in the websDecodeUrl function in http.c, leading to a crash for a "POST / HTTP/1.1" request.
- risk 0.38cvss 5.9epss 0.00
Multiple CWE-476 NULL Pointer Dereference vulnerabilities were found in GoAhead Web Server up to version 6.0.0 when compiled with the ME_GOAHEAD_REPLACE_MALLOC flag. Without a memory notifier for allocation failures, remote attackers can exploit these vulnerabilities by sending…
- CVE-2002-0681Jul 23, 2002risk 0.04cvss —epss 0.08
Cross-site scripting vulnerability in GoAhead Web Server 2.1 allows remote attackers to execute script as other web users via script in a URL that generates a "404 not found" message, which does not quote the script.
- CVE-2002-1603Feb 13, 2002risk 0.04cvss —epss 0.14
GoAhead Web Server 2.1.7 and earlier allows remote attackers to obtain the source code of ASP files via a URL terminated with a /, \, %2f (encoded /), %20 (encoded space), or %00 (encoded null) character, which returns the ASP source code unparsed.
- CVE-2001-0385Jul 2, 2001risk 0.04cvss —epss 0.08
GoAhead webserver 2.1 allows remote attackers to cause a denial of service via an HTTP request to the /aux directory.
- CVE-2011-4273Nov 3, 2011risk 0.03cvss —epss 0.05
Multiple cross-site scripting (XSS) vulnerabilities in GoAhead Webserver 2.18 allow remote attackers to inject arbitrary web script or HTML via (1) the group parameter to goform/AddGroup, related to addgroup.asp; (2) the url parameter to goform/AddAccessLimit, related to…
- CVE-2007-6702Mar 4, 2008risk 0.03cvss —epss 0.03
goform/QuickStart_c0 on the GoAhead Web Server on the FS4104-AW (aka rooter) VDSL device contains a password in the typepassword field, which allows remote attackers to obtain this password by reading the HTML source, a different vulnerability than CVE-2002-1603.
- CVE-2002-1951Dec 31, 2002risk 0.03cvss —epss 0.06
Buffer overflow in GoAhead WebServer 2.1 allows remote attackers to execute arbitrary code via a long HTTP GET request with a large number of subdirectories.
- CVE-2002-0680Jul 23, 2002risk 0.03cvss —epss 0.03
Directory traversal vulnerability in GoAhead Web Server 2.1 allows remote attackers to read arbitrary files via a URL with an encoded / (%5C) in a .. (dot dot) sequence. NOTE: it is highly likely that this candidate will be REJECTED because it has been reported to be a…
- CVE-2001-0228May 3, 2001risk 0.03cvss —epss 0.04
Directory traversal vulnerability in GoAhead web server 2.1 and earlier allows remote attackers to read arbitrary files via a .. attack in an HTTP GET request.
- CVE-2021-41615Aug 8, 2022risk 0.00cvss —epss 0.01
websda.c in GoAhead WebServer 2.1.8 has insufficient nonce entropy because the nonce calculation relies on the hardcoded onceuponatimeinparadise value, which does not follow the secret-data guideline for HTTP Digest Access Authentication in RFC 7616 section 3.3 (or RFC 2617…
- CVE-2009-5111Dec 27, 2011risk 0.00cvss —epss 0.01
GoAhead WebServer allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
- CVE-2003-1569Feb 6, 2009risk 0.00cvss —epss 0.01
GoAhead WebServer before 2.1.5 on Windows 95, 98, and ME allows remote attackers to cause a denial of service (daemon crash) via an HTTP request with a (1) con, (2) nul, (3) clock$, or (4) config$ device name in a path component, different vectors than CVE-2001-0385.
- CVE-2003-1568Feb 6, 2009risk 0.00cvss —epss 0.02
GoAhead WebServer before 2.1.6 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an invalid URL, related to the websSafeUrl function.
- CVE-2002-2431Feb 6, 2009risk 0.00cvss —epss 0.01
Unspecified vulnerability in GoAhead WebServer before 2.1.4 allows remote attackers to cause "incorrect behavior" via unknown "malicious code," related to incorrect use of the socketInputBuffered function by sockGen.c.
- CVE-2002-2430Feb 6, 2009risk 0.00cvss —epss 0.01
GoAhead WebServer before 2.1.1 allows remote attackers to cause a denial of service (CPU consumption) by performing a socket disconnect to terminate a request before it has been fully processed by the server.
- CVE-2002-2429Feb 6, 2009risk 0.00cvss —epss 0.01
webs.c in GoAhead WebServer before 2.1.4 allows remote attackers to cause a denial of service (daemon crash) via an HTTP POST request that contains a negative integer in the Content-Length header.
- CVE-2002-2428Feb 6, 2009risk 0.00cvss —epss 0.02
webs.c in GoAhead WebServer before 2.1.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an HTTP POST request that contains a Content-Length header but no body data.
- CVE-2002-2427Feb 6, 2009risk 0.00cvss —epss 0.01
The security handler in GoAhead WebServer before 2.1.1 allows remote attackers to bypass authentication and obtain access to protected web content via "an extra slash in a URL," a different vulnerability than CVE-2002-1603.