IDCVSSSummaryLast (major) updatePublished
CVE-2018-15505 5.0
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. An HTTP POST request with a specially crafted "Host" header field may cause a NULL pointer dereference and thus cause a denial of service, as demonstrated by the lack
17-08-2018 - 23:29 17-08-2018 - 23:29
CVE-2018-15504 5.0
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The server mishandles some HTTP request fields associated with time, which results in a NULL pointer dereference, as demonstrated by If-Modified-Since or If-Unmodified
17-08-2018 - 23:29 17-08-2018 - 23:29
CVE-2017-1000471 7.5
EmbedThis GoAhead Webserver version 4.0.0 is vulnerable to a NULL pointer dereference in the CGI handler resulting in memory corruption or denial of service.
03-01-2018 - 15:29 03-01-2018 - 15:29
CVE-2017-1000470 5.0
EmbedThis GoAhead Webserver versions 4.0.0 and earlier is vulnerable to an integer overflow in the HTTP listener resulting in denial of service.
03-01-2018 - 15:29 03-01-2018 - 15:29
CVE-2017-17562 6.8
Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked. This is a result of initializing the environment of forked CGI scripts using untrusted HTTP request parameters in the cgiHandler fu
12-12-2017 - 14:29 12-12-2017 - 14:29
CVE-2017-14149 5.0
GoAhead 3.4.0 through 3.6.5 has a NULL Pointer Dereference in the websDecodeUrl function in http.c, leading to a crash for a "POST / HTTP/1.1" request.
05-09-2017 - 03:29 05-09-2017 - 03:29
CVE-2017-5674 5.0
A vulnerability in a custom-built GoAhead web server used on Foscam, Vstarcam, and multiple white-label IP camera models allows an attacker to craft a malformed HTTP ("GET system.ini HTTP/1.1\n\n" - note the lack of "/" in the path field of the reque
15-03-2017 - 14:43 13-03-2017 - 02:59
CVE-2017-5675 9.0
A command-injection vulnerability exists in a web application on a custom-built GoAhead web server used on Foscam, Vstarcam, and multiple white-label IP camera models. The mail-sending form in the mail.htm page allows an attacker to inject a command
15-03-2017 - 13:11 13-03-2017 - 02:59
CVE-2014-9707 7.5
EmbedThis GoAhead 3.0.0 through 3.4.1 does not properly handle path segments starting with a . (dot), which allows remote attackers to conduct directory traversal attacks, cause a denial of service (heap-based buffer overflow and crash), or possibly
01-04-2016 - 14:36 31-03-2015 - 10:59
Back to Top Mark selected
Back to Top