CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2009-5111
https://notcve.org/view.php?id=CVE-2009-5111
27 Dec 2011 — GoAhead WebServer allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris. GoAhead WebServer permite a atacantes remotos provocar una denegación de servicio (caída del demonio) a través de una petición HTTP parcial, tal como se ha demostrado por Slowloris. • http://ha.ckers.org/slowloris • CWE-399: Resource Management Errors •
CVSS: 6.1EPSS: 2%CPEs: 1EXPL: 4CVE-2011-4273 – GoAhead Web Server 2.18 - 'addgroup.asp?group' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2011-4273
03 Nov 2011 — Multiple cross-site scripting (XSS) vulnerabilities in GoAhead Webserver 2.18 allow remote attackers to inject arbitrary web script or HTML via (1) the group parameter to goform/AddGroup, related to addgroup.asp; (2) the url parameter to goform/AddAccessLimit, related to addlimit.asp; or the (3) user (aka User ID) or (4) group parameter to goform/AddUser, related to adduser.asp. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados (XSS) en GoAhead Webserver v2.18 permite a at... • https://www.exploit-db.com/exploits/36217 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2003-1568
https://notcve.org/view.php?id=CVE-2003-1568
06 Feb 2009 — GoAhead WebServer before 2.1.6 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an invalid URL, related to the websSafeUrl function. GoAhead WebServer anterior a v2.1.6 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero nulo o caída de demonio) a través de una URL invalida, relacionada con la función websSafeUrl. • http://data.goahead.com/Software/Webserver/2.1.8/release.htm#null-pointer-crash-in-webssafeurl • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2003-1569
https://notcve.org/view.php?id=CVE-2003-1569
06 Feb 2009 — GoAhead WebServer before 2.1.5 on Windows 95, 98, and ME allows remote attackers to cause a denial of service (daemon crash) via an HTTP request with a (1) con, (2) nul, (3) clock$, or (4) config$ device name in a path component, different vectors than CVE-2001-0385. GoAhead WebServer anterior a v2.1.5 en Windows 95, 98, and ME permite a atacantes remotos provocar una denegación de servicio (caída del demonio) a través de una petición HTTP con un nombre de dispositivo en un componente de ruta 1) con, (2) nu... • http://data.goahead.com/Software/Webserver/2.1.8/release.htm#windows-95-98-me-aux-denial-of-service • CWE-20: Improper Input Validation •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2002-2427
https://notcve.org/view.php?id=CVE-2002-2427
06 Feb 2009 — The security handler in GoAhead WebServer before 2.1.1 allows remote attackers to bypass authentication and obtain access to protected web content via "an extra slash in a URL," a different vulnerability than CVE-2002-1603. The security handler en GoAhead WebServer anterior a v2.1.1 permite a atacantes remotos evitar la autenticación y obtener aaceso a contenido web protegido a través de "un caracter extra en una URL", una vulnerabilidad diferente a CVE-2002-1603. • http://data.goahead.com/Software/Webserver/2.1.8/release.htm#security-features-can-be-bypassed-by-adding-an-extra-slash-in-the-url-bug01518 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2002-2428
https://notcve.org/view.php?id=CVE-2002-2428
06 Feb 2009 — webs.c in GoAhead WebServer before 2.1.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an HTTP POST request that contains a Content-Length header but no body data. webs.c en GoAhead WebServer anterior a v2.1.4 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero nulo y caída del demonio) a través de una petición HTTP POST que contiene una cabecera Content-Length pero no datos del cuerpo. • http://data.goahead.com/Software/Webserver/2.1.8/release.htm#fixed-vulnerability-to-malicious-code-in-webs-c • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2002-2429
https://notcve.org/view.php?id=CVE-2002-2429
06 Feb 2009 — webs.c in GoAhead WebServer before 2.1.4 allows remote attackers to cause a denial of service (daemon crash) via an HTTP POST request that contains a negative integer in the Content-Length header. webs.c en GoAhead WebServer anterior a v2.1.4 permite a atacantes remotos provocar una denegación de servicio (caída del demonio) a través de una petición HTTP POST que contiene un entero negativo en la cabecera Content-Length. • http://data.goahead.com/Software/Webserver/2.1.8/release.htm#fixed-vulnerability-to-malicious-code-in-webs-c • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2002-2430
https://notcve.org/view.php?id=CVE-2002-2430
06 Feb 2009 — GoAhead WebServer before 2.1.1 allows remote attackers to cause a denial of service (CPU consumption) by performing a socket disconnect to terminate a request before it has been fully processed by the server. GoAhead WebServer anterior a v2.1.1 permite a actacantes remotos provocar una denegación de servicio (consumo de CPU)implicando una desconexión de socket que finalizará una petición antes de que ésta haya sido totalmente procesada por el servidor. • http://data.goahead.com/Software/Webserver/2.1.8/release.htm#cpu-utilization-hangs-at-100-on-a-socket-disconnect-bug01865 • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2002-2431
https://notcve.org/view.php?id=CVE-2002-2431
06 Feb 2009 — Unspecified vulnerability in GoAhead WebServer before 2.1.4 allows remote attackers to cause "incorrect behavior" via unknown "malicious code," related to incorrect use of the socketInputBuffered function by sockGen.c. Vulnerabilidad sin especificar en GoAhead WebServer anterior a v2.1.4 permite a atacantes remotos provocar "funcionamiento incorrecto" a través de "código malicioso" desconocido, relacionado con el uso incorrecto de la función "socketInputBuffered" en sockGen.c. • http://data.goahead.com/Software/Webserver/2.1.8/release.htm#fixed-vulnerability-to-malicious-code-in-sockgen-c •
CVSS: 7.5EPSS: 2%CPEs: 2EXPL: 1CVE-2007-6702 – FS4104-AW VDSL Device (Rooter) - GoAhead WebServer Disclosure
https://notcve.org/view.php?id=CVE-2007-6702
04 Mar 2008 — goform/QuickStart_c0 on the GoAhead Web Server on the FS4104-AW (aka rooter) VDSL device contains a password in the typepassword field, which allows remote attackers to obtain this password by reading the HTML source, a different vulnerability than CVE-2002-1603. goform/QuickStart_c0 sobre GoAhead Web Server en el dispositivo VDSL FS4104-AW (también conocido como rooter), permite la lectura del password del campo typepassword a través del código HTML. Vulnerabilidad distinta a CVE-2002-1603. • https://www.exploit-db.com/exploits/4744 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •