CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2003-1568
https://notcve.org/view.php?id=CVE-2003-1568
06 Feb 2009 — GoAhead WebServer before 2.1.6 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an invalid URL, related to the websSafeUrl function. GoAhead WebServer anterior a v2.1.6 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero nulo o caída de demonio) a través de una URL invalida, relacionada con la función websSafeUrl. • http://data.goahead.com/Software/Webserver/2.1.8/release.htm#null-pointer-crash-in-webssafeurl • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0CVE-2003-1569
https://notcve.org/view.php?id=CVE-2003-1569
06 Feb 2009 — GoAhead WebServer before 2.1.5 on Windows 95, 98, and ME allows remote attackers to cause a denial of service (daemon crash) via an HTTP request with a (1) con, (2) nul, (3) clock$, or (4) config$ device name in a path component, different vectors than CVE-2001-0385. GoAhead WebServer anterior a v2.1.5 en Windows 95, 98, and ME permite a atacantes remotos provocar una denegación de servicio (caída del demonio) a través de una petición HTTP con un nombre de dispositivo en un componente de ruta 1) con, (2) nu... • http://data.goahead.com/Software/Webserver/2.1.8/release.htm#windows-95-98-me-aux-denial-of-service • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2002-2428
https://notcve.org/view.php?id=CVE-2002-2428
06 Feb 2009 — webs.c in GoAhead WebServer before 2.1.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an HTTP POST request that contains a Content-Length header but no body data. webs.c en GoAhead WebServer anterior a v2.1.4 permite a atacantes remotos provocar una denegación de servicio (referencia a puntero nulo y caída del demonio) a través de una petición HTTP POST que contiene una cabecera Content-Length pero no datos del cuerpo. • http://data.goahead.com/Software/Webserver/2.1.8/release.htm#fixed-vulnerability-to-malicious-code-in-webs-c • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2002-2429
https://notcve.org/view.php?id=CVE-2002-2429
06 Feb 2009 — webs.c in GoAhead WebServer before 2.1.4 allows remote attackers to cause a denial of service (daemon crash) via an HTTP POST request that contains a negative integer in the Content-Length header. webs.c en GoAhead WebServer anterior a v2.1.4 permite a atacantes remotos provocar una denegación de servicio (caída del demonio) a través de una petición HTTP POST que contiene un entero negativo en la cabecera Content-Length. • http://data.goahead.com/Software/Webserver/2.1.8/release.htm#fixed-vulnerability-to-malicious-code-in-webs-c • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2002-2431
https://notcve.org/view.php?id=CVE-2002-2431
06 Feb 2009 — Unspecified vulnerability in GoAhead WebServer before 2.1.4 allows remote attackers to cause "incorrect behavior" via unknown "malicious code," related to incorrect use of the socketInputBuffered function by sockGen.c. Vulnerabilidad sin especificar en GoAhead WebServer anterior a v2.1.4 permite a atacantes remotos provocar "funcionamiento incorrecto" a través de "código malicioso" desconocido, relacionado con el uso incorrecto de la función "socketInputBuffered" en sockGen.c. • http://data.goahead.com/Software/Webserver/2.1.8/release.htm#fixed-vulnerability-to-malicious-code-in-sockgen-c •
CVSS: 7.5EPSS: 5%CPEs: 7EXPL: 1CVE-2002-0680 – GoAhead Web Server 2.1.x - URL Encoded Slash Directory Traversal
https://notcve.org/view.php?id=CVE-2002-0680
12 Jul 2002 — Directory traversal vulnerability in GoAhead Web Server 2.1 allows remote attackers to read arbitrary files via a URL with an encoded / (%5C) in a .. (dot dot) sequence. NOTE: it is highly likely that this candidate will be REJECTED because it has been reported to be a duplicate of CVE-2001-0228. Vulnerabilidad de atravesamiento de directorios en GoAhead Web Server 2.1 permite a atacantes remotos mediante una URL con una "/" (carácter barra) codificada (%5C) en una secuencia .. (punto punto) • https://www.exploit-db.com/exploits/21607 •
CVSS: 7.5EPSS: 5%CPEs: 5EXPL: 2CVE-2002-0681 – GoAhead Web Server 2.1.x - Error Page Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2002-0681
12 Jul 2002 — Cross-site scripting vulnerability in GoAhead Web Server 2.1 allows remote attackers to execute script as other web users via script in a URL that generates a "404 not found" message, which does not quote the script. Vulnerabilidad de secuencias de comandos en sitios cruzados (cross-site scripting) en GoAhead Web Server 2.1 permite a atacantes remotos ejecutar secuencias de comandos como otros usuarios web mediante un script en una URL que genera un mensaje "404 no encontrado", que no le pone comillas al sc... • https://www.exploit-db.com/exploits/21608 •
CVSS: 7.5EPSS: 31%CPEs: 9EXPL: 4CVE-2002-1603 – GoAhead Web Server 2.1.x - '.ASP' File Source Code Disclosure
https://notcve.org/view.php?id=CVE-2002-1603
13 Feb 2002 — GoAhead Web Server 2.1.7 and earlier allows remote attackers to obtain the source code of ASP files via a URL terminated with a /, \, %2f (encoded /), %20 (encoded space), or %00 (encoded null) character, which returns the ASP source code unparsed. • https://www.exploit-db.com/exploits/23446 •