Skip to main content

Goahead

13 CVEs product

Monthly

CVE-2021-42342 CRITICAL Act Now

An issue was discovered in GoAhead 4.x and 5.x before 5.1.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Goahead
NVD GitHub
CVSS 3.1
9.8
EPSS
59.5%
CVE-2020-15688 HIGH POC This Week

The HTTP Digest Authentication in the GoAhead web server before 5.1.2 does not completely protect against replay attacks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Goahead
NVD GitHub
CVSS 3.1
8.8
EPSS
4.0%
CVE-2019-5097 HIGH POC THREAT This Week

A denial-of-service vulnerability exists in the processing of multi-part/form-data requests in the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Goahead
NVD
CVSS 3.1
7.5
EPSS
45.1%
CVE-2019-5096 CRITICAL POC THREAT Act Now

An exploitable code execution vulnerability exists in the processing of multi-part/form-data requests within the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free RCE Memory Corruption Goahead
NVD
CVSS 3.1
9.8
EPSS
67.0%
CVE-2019-19240 MEDIUM POC This Month

Embedthis GoAhead before 5.0.1 mishandles redirected HTTP requests with a large Host header. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Goahead
NVD GitHub
CVSS 3.1
5.3
EPSS
1.5%
CVE-2019-16645 HIGH POC This Week

An issue was discovered in Embedthis GoAhead 2.5.0. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Goahead
NVD GitHub Exploit-DB
CVSS 3.1
8.6
EPSS
8.2%
CVE-2019-12822 HIGH PATCH This Week

In http.c in Embedthis GoAhead before 4.1.1 and 5.x before 5.0.1, a header parsing vulnerability causes a memory assertion, out-of-bounds memory reference, and potential DoS, as demonstrated by a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Goahead
NVD GitHub
CVSS 3.0
7.5
EPSS
8.8%
CVE-2018-15505 HIGH POC PATCH This Week

An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Appweb Goahead Junos
NVD GitHub
CVSS 3.1
7.5
EPSS
2.2%
CVE-2018-15504 HIGH POC PATCH This Week

An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Appweb Goahead Junos
NVD GitHub
CVSS 3.1
7.5
EPSS
2.8%
CVE-2017-14149 HIGH POC This Week

GoAhead 3.4.0 through 3.6.5 has a NULL Pointer Dereference in the websDecodeUrl function in http.c, leading to a crash for a "POST / HTTP/1.1" request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Goahead
NVD GitHub
CVSS 3.0
7.5
EPSS
0.3%
CVE-2017-5675 HIGH POC This Week

A command-injection vulnerability exists in a web application on a custom-built GoAhead web server used on Foscam, Vstarcam, and multiple white-label IP camera models. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Goahead
NVD
CVSS 3.0
8.8
EPSS
0.7%
CVE-2017-5674 CRITICAL POC Act Now

A vulnerability in a custom-built GoAhead web server used on Foscam, Vstarcam, and multiple white-label IP camera models allows an attacker to craft a malformed HTTP ("GET system.ini HTTP/1.1\n\n" -. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Goahead
NVD
CVSS 3.0
9.8
EPSS
0.8%
CVE-2014-9707 HIGH POC THREAT Act Now

EmbedThis GoAhead 3.0.0 through 3.4.1 does not properly handle path segments starting with a . Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 60.6%.

Path Traversal Denial Of Service RCE Buffer Overflow Goahead
NVD GitHub
CVSS 2.0
7.5
EPSS
60.6%
Threat
4.8
EPSS 59% CVSS 9.8
CRITICAL Act Now

An issue was discovered in GoAhead 4.x and 5.x before 5.1.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Goahead
NVD GitHub
EPSS 4% CVSS 8.8
HIGH POC This Week

The HTTP Digest Authentication in the GoAhead web server before 5.1.2 does not completely protect against replay attacks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Goahead
NVD GitHub
EPSS 45% CVSS 7.5
HIGH POC THREAT This Week

A denial-of-service vulnerability exists in the processing of multi-part/form-data requests in the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Goahead
NVD
EPSS 67% CVSS 9.8
CRITICAL POC THREAT Act Now

An exploitable code execution vulnerability exists in the processing of multi-part/form-data requests within the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free RCE Memory Corruption +1
NVD
EPSS 2% CVSS 5.3
MEDIUM POC This Month

Embedthis GoAhead before 5.0.1 mishandles redirected HTTP requests with a large Host header. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Memory Corruption Goahead
NVD GitHub
EPSS 8% CVSS 8.6
HIGH POC This Week

An issue was discovered in Embedthis GoAhead 2.5.0. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Goahead
NVD GitHub Exploit-DB
EPSS 9% CVSS 7.5
HIGH PATCH This Week

In http.c in Embedthis GoAhead before 4.1.1 and 5.x before 5.0.1, a header parsing vulnerability causes a memory assertion, out-of-bounds memory reference, and potential DoS, as demonstrated by a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Goahead
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC PATCH This Week

An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Appweb +2
NVD GitHub
EPSS 3% CVSS 7.5
HIGH POC PATCH This Week

An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Appweb +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC This Week

GoAhead 3.4.0 through 3.6.5 has a NULL Pointer Dereference in the websDecodeUrl function in http.c, leading to a crash for a "POST / HTTP/1.1" request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Goahead
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

A command-injection vulnerability exists in a web application on a custom-built GoAhead web server used on Foscam, Vstarcam, and multiple white-label IP camera models. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Goahead
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

A vulnerability in a custom-built GoAhead web server used on Foscam, Vstarcam, and multiple white-label IP camera models allows an attacker to craft a malformed HTTP ("GET system.ini HTTP/1.1\n\n" -. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Goahead
NVD
EPSS 61% 4.8 CVSS 7.5
HIGH POC THREAT Act Now

EmbedThis GoAhead 3.0.0 through 3.4.1 does not properly handle path segments starting with a . Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 60.6%.

Path Traversal Denial Of Service RCE +2
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy