510 matches found
EmbedThis GoAhead 跨站脚本漏洞
EmbedThis GoAhead is an embedded web server software from EmbedThis, Inc. A cross-site scripting vulnerability exists in EmbedThis GoAhead version 2.5, which stems from HTML injection of the name parameter...
CVE-2023-53155
goform/formTest in EmbedThis GoAhead 2.5 allows HTML injection via the name parameter...
PT-2025-30896 · Embedthis · Goahead
Name of the Vulnerable Software and Affected Versions: EmbedThis GoAhead version 2.5 Description: The software contains a flaw that allows for HTML injection through the name parameter in the goform/formTest component. Recommendations: At the moment, there is no information about a newer version...
D-Link DIR-816 A2 Code Execution Vulnerability
The D-Link DIR-816 A2 is a wireless router from China's AUO D-Link. The D-Link DIR-816 A2 suffers from a code execution vulnerability that originates from an unverified system function in the bin/goahead file, which can be exploited by an attacker to cause remote code execution...
CVE-2025-45931
An issue D-Link DIR-816-A2 DIR-816A2FWv1.10CNB05R1B011D88210 allows a remote attacker to execute arbitrary code via system function in the bin/goahead file...
CVE-2025-45931
An issue D-Link DIR-816-A2 DIR-816A2FWv1.10CNB05R1B011D88210 allows a remote attacker to execute arbitrary code via system function in the bin/goahead file...
PT-2025-27456 · D Link · D-Link Dir-816 A2
Name of the Vulnerable Software and Affected Versions: D-Link DIR-816-A2 version DIR-816A2 FWv1.10CNB05 R1B011D88210 Description: An issue in the D-Link DIR-816-A2 allows a remote attacker to execute arbitrary code via the system function in the bin/goahead file. This enables the attacker to run...
D-Link DIR-816 A2 安全漏洞
The D-Link DIR-816 A2 is a wireless router from China's AUO D-Link. The D-Link DIR-816 A2 suffers from a code execution vulnerability that originates from an unverified system function in the bin/goahead file, which can be exploited by an attacker to cause remote code execution...
CVE-2025-45931
An issue D-Link DIR-816-A2 DIR-816A2FWv1.10CNB05R1B011D88210 allows a remote attacker to execute arbitrary code via system function in the bin/goahead file...
CVE-2024-3187
This issue tracks two CWE-416 Use After Free UAF and one CWE-415 Double Free vulnerabilities in Goahead versions = 6.0.0. These are caused by JST values not being nulled when freed during parsing of JST templates. If the MEGOAHEADJAVASCRIPT flag is enabled, a remote attacker with the privileges t...
CVE-2024-3184
Multiple CWE-476 NULL Pointer Dereference vulnerabilities were found in GoAhead Web Server up to version 6.0.0 when compiled with the MEGOAHEADREPLACEMALLOC flag. Without a memory notifier for allocation failures, remote attackers can exploit these vulnerabilities by sending malicious requests,...
CVE-2024-3186
CWE-476 NULL Pointer Dereference vulnerability in the evalExpr function of GoAhead Web Server version = 6.0.0 when compiled with the MEGOAHEADJAVASCRIPT flag. This vulnerability allows a remote attacker with the privileges to modify JavaScript template JST files to trigger a crash and cause a...
CVE-2021-41615
websda.c in GoAhead WebServer 2.1.8 has insufficient nonce entropy because the nonce calculation relies on the hardcoded onceuponatimeinparadise value, which does not follow the secret-data guideline for HTTP Digest Access Authentication in RFC 7616 section 3.3 or RFC 2617 section 3.2.1. NOTE:...
CVE-2019-19240
Embedthis GoAhead before 5.0.1 mishandles redirected HTTP requests with a large Host header. The GoAhead WebsRedirect uses a static host buffer that has a limited length and can overflow. This can cause a copy of the Host header to fail, leaving that buffer uninitialized, which may leak...
CVE-2019-15311
An issue was discovered on Zolo Halo devices via the Linkplay firmware. There is Zolo Halo LAN remote code execution. The Zolo Halo Bluetooth speaker had a GoAhead web server listening on the port 80. The /httpapi.asp endpoint of the GoAhead web server was also vulnerable to multiple command...
CVE-2017-14149
GoAhead 3.4.0 through 3.6.5 has a NULL Pointer Dereference in the websDecodeUrl function in http.c, leading to a crash for a "POST / HTTP/1.1" request...
CVE-2019-5097
A denial-of-service vulnerability exists in the processing of multi-part/form-data requests in the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. A specially crafted HTTP request can lead to an infinite loop in the process. The request can be unauthenticated in the fo...
CVE-2017-1000471
EmbedThis GoAhead Webserver version 4.0.0 is vulnerable to a NULL pointer dereference in the CGI handler resulting in memory corruption or denial of service...
CVE-2017-1000470
EmbedThis GoAhead Webserver versions 4.0.0 and earlier is vulnerable to an integer overflow in the HTTP listener resulting in denial of service...
CVE-2002-2430
GoAhead WebServer before 2.1.1 allows remote attackers to cause a denial of service CPU consumption by performing a socket disconnect to terminate a request before it has been fully processed by the server...