threat
engine
.sh
Back
·
··:··
Home
/
Product
/
embedthis goahead
Product
embedthis goahead
27 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2021-41615
all versions
websda.c in GoAhead WebServer 2.1.8 has insufficient nonce entropy because the nonce calculation relies on the hardcoded onceupona
9.8
CRITICAL
CVE-2021-43298
< 5.1.4
The code that performs password matching when using 'Basic' HTTP authentication does not use a constant-time memcmp and has no rat
9.8
CRITICAL
CVE-2021-42342
>= 4.0.0 and <= 4.1.3
An issue was discovered in GoAhead 4.x and 5.x before 5.1.5. In the file upload filter, user form variables can be passed to CGI s
9.8
CRITICAL
CVE-2020-15688
< 5.1.2
The HTTP Digest Authentication in the GoAhead web server before 5.1.2 does not completely protect against replay attacks. This all
8.8
HIGH
CVE-2019-5097
all versions
A denial-of-service vulnerability exists in the processing of multi-part/form-data requests in the base GoAhead web server applica
7.5
HIGH
CVE-2019-5096
all versions
An exploitable code execution vulnerability exists in the processing of multi-part/form-data requests within the base GoAhead web
9.8
CRITICAL
CVE-2019-19240
< 5.0.1
Embedthis GoAhead before 5.0.1 mishandles redirected HTTP requests with a large Host header. The GoAhead WebsRedirect uses a stati
5.3
MEDIUM
CVE-2019-16645
all versions
An issue was discovered in Embedthis GoAhead 2.5.0. Certain pages (such as goform/login and config/log_off_page.htm) create links
8.6
HIGH
CVE-2019-12822
< 4.1.1
In http.c in Embedthis GoAhead before 4.1.1 and 5.x before 5.0.1, a header parsing vulnerability causes a memory assertion, out-of
7.5
HIGH
CVE-2017-18377
all versions
An issue was discovered on Wireless IP Camera (P2P) WIFICAM cameras. There is Command Injection in the set_ftp.cgi script via shel
9.8
CRITICAL
CVE-2018-15505
< 4.0.1
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. An HTTP POST request with a specially crafted "
7.5
HIGH
CVE-2018-15504
< 4.0.1
An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The server mishandles some HTTP request fields
7.5
HIGH
CVE-2017-1000471
all versions
EmbedThis GoAhead Webserver version 4.0.0 is vulnerable to a NULL pointer dereference in the CGI handler resulting in memory corru
9.8
CRITICAL
CVE-2017-17562
< 3.6.5
Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked. This is a r
8.1
HIGH
CVE-2017-14149
all versions
GoAhead 3.4.0 through 3.6.5 has a NULL Pointer Dereference in the websDecodeUrl function in http.c, leading to a crash for a "POST
7.5
HIGH
CVE-2017-5675
all versions
A command-injection vulnerability exists in a web application on a custom-built GoAhead web server used on Foscam, Vstarcam, and m
8.8
HIGH
CVE-2017-5674
all versions
A vulnerability in a custom-built GoAhead web server used on Foscam, Vstarcam, and multiple white-label IP camera models allows an
9.8
CRITICAL
CVE-2014-9707
all versions
EmbedThis GoAhead 3.0.0 through 3.4.1 does not properly handle path segments starting with a . (dot), which allows remote attacker
CVE-2009-5111
all versions
GoAhead WebServer allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated
CVE-2011-4273
all versions
Multiple cross-site scripting (XSS) vulnerabilities in GoAhead Webserver 2.18 allow remote attackers to inject arbitrary web scrip
CVE-2003-1569
<= 2.1.4
GoAhead WebServer before 2.1.5 on Windows 95, 98, and ME allows remote attackers to cause a denial of service (daemon crash) via a
CVE-2003-1568
all versions
GoAhead WebServer before 2.1.6 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) vi
CVE-2002-2431
<= 2.1.3
Unspecified vulnerability in GoAhead WebServer before 2.1.4 allows remote attackers to cause "incorrect behavior" via unknown "mal
CVE-2002-2430
<= 2.1
GoAhead WebServer before 2.1.1 allows remote attackers to cause a denial of service (CPU consumption) by performing a socket disco
CVE-2002-2429
<= 2.1.3
webs.c in GoAhead WebServer before 2.1.4 allows remote attackers to cause a denial of service (daemon crash) via an HTTP POST requ
CVE-2002-2428
<= 2.1.3
webs.c in GoAhead WebServer before 2.1.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon
CVE-2002-2427
<= 2.1
The security handler in GoAhead WebServer before 2.1.1 allows remote attackers to bypass authentication and obtain access to prote
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin