Total
9 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2011-4273 | 1 Goahead | 1 Goahead Webserver | 2017-08-28 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in GoAhead Webserver 2.18 allow remote attackers to inject arbitrary web script or HTML via (1) the group parameter to goform/AddGroup, related to addgroup.asp; (2) the url parameter to goform/AddAccessLimit, related to addlimit.asp; or the (3) user (aka User ID) or (4) group parameter to goform/AddUser, related to adduser.asp. | |||||
CVE-2009-5111 | 1 Goahead | 1 Goahead Webserver | 2011-12-28 | 5.0 MEDIUM | N/A |
GoAhead WebServer allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris. | |||||
CVE-2002-2427 | 1 Goahead | 1 Goahead Webserver | 2009-07-22 | 5.0 MEDIUM | N/A |
The security handler in GoAhead WebServer before 2.1.1 allows remote attackers to bypass authentication and obtain access to protected web content via "an extra slash in a URL," a different vulnerability than CVE-2002-1603. | |||||
CVE-2002-2428 | 1 Goahead | 1 Goahead Webserver | 2009-07-22 | 5.0 MEDIUM | N/A |
webs.c in GoAhead WebServer before 2.1.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an HTTP POST request that contains a Content-Length header but no body data. | |||||
CVE-2002-2431 | 1 Goahead | 1 Goahead Webserver | 2009-02-08 | 7.5 HIGH | N/A |
Unspecified vulnerability in GoAhead WebServer before 2.1.4 allows remote attackers to cause "incorrect behavior" via unknown "malicious code," related to incorrect use of the socketInputBuffered function by sockGen.c. | |||||
CVE-2003-1568 | 2 Goahead, Goahead Software | 2 Goahead Webserver, Goahead Webserver | 2009-02-08 | 5.0 MEDIUM | N/A |
GoAhead WebServer before 2.1.6 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an invalid URL, related to the websSafeUrl function. | |||||
CVE-2003-1569 | 2 Goahead, Microsoft | 4 Goahead Webserver, Windows 95, Windows 98 and 1 more | 2009-02-08 | 5.0 MEDIUM | N/A |
GoAhead WebServer before 2.1.5 on Windows 95, 98, and ME allows remote attackers to cause a denial of service (daemon crash) via an HTTP request with a (1) con, (2) nul, (3) clock$, or (4) config$ device name in a path component, different vectors than CVE-2001-0385. | |||||
CVE-2002-2430 | 1 Goahead | 1 Goahead Webserver | 2009-02-06 | 5.0 MEDIUM | N/A |
GoAhead WebServer before 2.1.1 allows remote attackers to cause a denial of service (CPU consumption) by performing a socket disconnect to terminate a request before it has been fully processed by the server. | |||||
CVE-2002-2429 | 1 Goahead | 1 Goahead Webserver | 2009-02-06 | 5.0 MEDIUM | N/A |
webs.c in GoAhead WebServer before 2.1.4 allows remote attackers to cause a denial of service (daemon crash) via an HTTP POST request that contains a negative integer in the Content-Length header. |