CVSS: 7.5EPSS: 0%CPEs: 20EXPL: 1CVE-2017-14149
https://notcve.org/view.php?id=CVE-2017-14149
05 Sep 2017 — GoAhead 3.4.0 through 3.6.5 has a NULL Pointer Dereference in the websDecodeUrl function in http.c, leading to a crash for a "POST / HTTP/1.1" request. GoAhead en versiones de la 3.4.0 a la 3.6.5 presenta una desreferencia de puntero NULL en la función websDecodeUrl en http.c, lo que da lugar a un bloqueo en una petición "POST / HTTP/1.1". • https://github.com/shadow4u/goaheaddebug/blob/master/README.md • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2017-5674
https://notcve.org/view.php?id=CVE-2017-5674
13 Mar 2017 — A vulnerability in a custom-built GoAhead web server used on Foscam, Vstarcam, and multiple white-label IP camera models allows an attacker to craft a malformed HTTP ("GET system.ini HTTP/1.1\n\n" - note the lack of "/" in the path field of the request) request that will disclose the configuration file with the login password. Una vulnerabilidad en un servidor web GoAhead personalizado que se utiliza en Foscam, Vstarcam y múltiples modelos de cámara IP de marca blanca permite a un atacante crear una solicit... • https://www.cybereason.com/cve-ip-cameras • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 2CVE-2017-5675
https://notcve.org/view.php?id=CVE-2017-5675
13 Mar 2017 — A command-injection vulnerability exists in a web application on a custom-built GoAhead web server used on Foscam, Vstarcam, and multiple white-label IP camera models. The mail-sending form in the mail.htm page allows an attacker to inject a command into the receiver1 field in the form; it will be executed with root privileges. Existe una vulnerabilidad de inyección de comandos en una aplicación web en un servidor web GoAhead personalizado que se utiliza en Foscam, Vstarcam y múltiples moldelos de cámara IP... • https://www.cybereason.com/cve-ip-cameras • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 66%CPEs: 8EXPL: 4CVE-2014-9707 – Embedthis GoAhead Embedded Web Server Directory Traversal
https://notcve.org/view.php?id=CVE-2014-9707
28 Mar 2015 — EmbedThis GoAhead 3.0.0 through 3.4.1 does not properly handle path segments starting with a . (dot), which allows remote attackers to conduct directory traversal attacks, cause a denial of service (heap-based buffer overflow and crash), or possibly execute arbitrary code via a crafted URI. EmbedThis GoAhead 3.0.0 hasta 3.4.1 no maneja correctamente los segmentos de rutas que comienzan con un . (punto), lo que permite a atacantes remotos realizar ataques de salto de directorio, causar una denegación de serv... • https://packetstorm.news/files/id/181142 • CWE-17: DEPRECATED: Code •
CVSS: 7.5EPSS: 3%CPEs: 460EXPL: 4CVE-2014-9708 – Appweb Web Server Denial of Service
https://notcve.org/view.php?id=CVE-2014-9708
28 Mar 2015 — Embedthis Appweb before 4.6.6 and 5.x before 5.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a Range header with an empty value, as demonstrated by "Range: x=,". Embedthis Appweb anterior a 4.6.6 y 5.x anterior a 5.2.1 permite a atacantes remotos causar una denegación de servicio (referencia a puntero nulo) a través de una cabecera de rango con un valor vacío, tal y como fue demostrado por 'Rango: x=,'. Appweb Web Server suffers from a denial of service vulnerabilit... • https://packetstorm.news/files/id/131157 • CWE-476: NULL Pointer Dereference •