Vulnerabilities (CVE)

Filtered by vendor Goahead Subscribe
Total 10 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2003-1569 2 Goahead, Microsoft 4 Goahead Webserver, Windows 95, Windows 98 and 1 more 2024-11-20 5.0 MEDIUM N/A
GoAhead WebServer before 2.1.5 on Windows 95, 98, and ME allows remote attackers to cause a denial of service (daemon crash) via an HTTP request with a (1) con, (2) nul, (3) clock$, or (4) config$ device name in a path component, different vectors than CVE-2001-0385.
CVE-2003-1568 2 Goahead, Goahead Software 2 Goahead Webserver, Goahead Webserver 2024-11-20 5.0 MEDIUM N/A
GoAhead WebServer before 2.1.6 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an invalid URL, related to the websSafeUrl function.
CVE-2002-2431 1 Goahead 1 Goahead Webserver 2024-11-20 7.5 HIGH N/A
Unspecified vulnerability in GoAhead WebServer before 2.1.4 allows remote attackers to cause "incorrect behavior" via unknown "malicious code," related to incorrect use of the socketInputBuffered function by sockGen.c.
CVE-2002-2430 1 Goahead 1 Goahead Webserver 2024-11-20 5.0 MEDIUM N/A
GoAhead WebServer before 2.1.1 allows remote attackers to cause a denial of service (CPU consumption) by performing a socket disconnect to terminate a request before it has been fully processed by the server.
CVE-2002-2429 1 Goahead 1 Goahead Webserver 2024-11-20 5.0 MEDIUM N/A
webs.c in GoAhead WebServer before 2.1.4 allows remote attackers to cause a denial of service (daemon crash) via an HTTP POST request that contains a negative integer in the Content-Length header.
CVE-2002-2428 1 Goahead 1 Goahead Webserver 2024-11-20 5.0 MEDIUM N/A
webs.c in GoAhead WebServer before 2.1.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an HTTP POST request that contains a Content-Length header but no body data.
CVE-2002-2427 1 Goahead 1 Goahead Webserver 2024-11-20 5.0 MEDIUM N/A
The security handler in GoAhead WebServer before 2.1.1 allows remote attackers to bypass authentication and obtain access to protected web content via "an extra slash in a URL," a different vulnerability than CVE-2002-1603.
CVE-2017-18377 1 Goahead 2 Wireless Ip Camera Wificam, Wireless Ip Camera Wificam Firmware 2024-02-28 10.0 HIGH 9.8 CRITICAL
An issue was discovered on Wireless IP Camera (P2P) WIFICAM cameras. There is Command Injection in the set_ftp.cgi script via shell metacharacters in the pwd variable, as demonstrated by a set_ftp.cgi?svr=192.168.1.1&port=21&user=ftp URI.
CVE-2011-4273 1 Goahead 1 Goahead Webserver 2024-02-28 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in GoAhead Webserver 2.18 allow remote attackers to inject arbitrary web script or HTML via (1) the group parameter to goform/AddGroup, related to addgroup.asp; (2) the url parameter to goform/AddAccessLimit, related to addlimit.asp; or the (3) user (aka User ID) or (4) group parameter to goform/AddUser, related to adduser.asp.
CVE-2009-5111 1 Goahead 1 Goahead Webserver 2024-02-28 5.0 MEDIUM N/A
GoAhead WebServer allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.