Embedthis

Goahead

21 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2019-19240

Exploit
  • EPSS 0.53%
  • Published 22.11.2019 19:15:12
  • Last modified 21.11.2024 04:34:23

Embedthis GoAhead before 5.0.1 mishandles redirected HTTP requests with a large Host header. The GoAhead WebsRedirect uses a static host buffer that has a limited length and can overflow. This can cause a copy of the Host header to fail, leaving that...

8.6

CVE-2019-16645

Exploit
  • EPSS 15.52%
  • Published 20.09.2019 19:15:11
  • Last modified 21.11.2024 04:30:52

An issue was discovered in Embedthis GoAhead 2.5.0. Certain pages (such as goform/login and config/log_off_page.htm) create links containing a hostname obtained from an arbitrary HTTP Host header sent by an attacker. This could potentially be used in...

7.5

CVE-2019-12822

  • EPSS 0.7%
  • Published 14.06.2019 14:29:00
  • Last modified 21.11.2024 04:23:39

In http.c in Embedthis GoAhead before 4.1.1 and 5.x before 5.0.1, a header parsing vulnerability causes a memory assertion, out-of-bounds memory reference, and potential DoS, as demonstrated by a colon on a line by itself.

7.5

CVE-2018-15505

Exploit
  • EPSS 0.15%
  • Published 18.08.2018 03:29:00
  • Last modified 21.11.2024 03:50:57

An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. An HTTP POST request with a specially crafted "Host" header field may cause a NULL pointer dereference and thus cause a denial of service, as demonstrated by the lack ...

7.5

CVE-2018-15504

Exploit
  • EPSS 0.42%
  • Published 18.08.2018 03:29:00
  • Last modified 21.11.2024 03:50:57

An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The server mishandles some HTTP request fields associated with time, which results in a NULL pointer dereference, as demonstrated by If-Modified-Since or If-Unmodified...

9.8

CVE-2017-1000471

  • EPSS 0.28%
  • Published 03.01.2018 20:29:00
  • Last modified 21.11.2024 03:04:48

EmbedThis GoAhead Webserver version 4.0.0 is vulnerable to a NULL pointer dereference in the CGI handler resulting in memory corruption or denial of service.

8.1

CVE-2017-17562

Warning Exploit
  • EPSS 94.03%
  • Published 12.12.2017 19:29:00
  • Last modified 20.04.2025 01:37:25

Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked. This is a result of initializing the environment of forked CGI scripts using untrusted HTTP request parameters in the cgiHandler fu...

7.5

CVE-2017-14149

Exploit
  • EPSS 0.34%
  • Published 05.09.2017 07:29:00
  • Last modified 20.04.2025 01:37:25

GoAhead 3.4.0 through 3.6.5 has a NULL Pointer Dereference in the websDecodeUrl function in http.c, leading to a crash for a "POST / HTTP/1.1" request.

9

CVE-2017-5675

Exploit
  • EPSS 0.67%
  • Published 13.03.2017 06:59:00
  • Last modified 20.04.2025 01:37:25

A command-injection vulnerability exists in a web application on a custom-built GoAhead web server used on Foscam, Vstarcam, and multiple white-label IP camera models. The mail-sending form in the mail.htm page allows an attacker to inject a command ...

9.8

CVE-2017-5674

Exploit
  • EPSS 0.81%
  • Published 13.03.2017 06:59:00
  • Last modified 20.04.2025 01:37:25

A vulnerability in a custom-built GoAhead web server used on Foscam, Vstarcam, and multiple white-label IP camera models allows an attacker to craft a malformed HTTP ("GET system.ini HTTP/1.1\n\n" - note the lack of "/" in the path field of the reque...