Lucene search
+L

510 matches found

CNNVD
CNNVD
added 2025/07/25 12:0 a.m.6 views

EmbedThis GoAhead 跨站脚本漏洞

EmbedThis GoAhead is an embedded web server software from EmbedThis, Inc. A cross-site scripting vulnerability exists in EmbedThis GoAhead version 2.5, which stems from HTML injection of the name parameter...

7.2CVSS6.2AI score0.00524EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/07/25 12:0 a.m.13 views

CVE-2023-53155

goform/formTest in EmbedThis GoAhead 2.5 allows HTML injection via the name parameter...

7.2CVSS0.00524EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/07/25 12:0 a.m.5 views

PT-2025-30896 · Embedthis · Goahead

Name of the Vulnerable Software and Affected Versions: EmbedThis GoAhead version 2.5 Description: The software contains a flaw that allows for HTML injection through the name parameter in the goform/formTest component. Recommendations: At the moment, there is no information about a newer version...

7.2CVSS6.3AI score0.00524EPSS
Exploits0References4
CNVD
CNVD
added 2025/07/04 12:0 a.m.4 views

D-Link DIR-816 A2 Code Execution Vulnerability

The D-Link DIR-816 A2 is a wireless router from China's AUO D-Link. The D-Link DIR-816 A2 suffers from a code execution vulnerability that originates from an unverified system function in the bin/goahead file, which can be exploited by an attacker to cause remote code execution...

9.8CVSS8.5AI score0.00891EPSS
Exploits1References1
OSV
OSV
added 2025/06/30 5:15 p.m.5 views

CVE-2025-45931

An issue D-Link DIR-816-A2 DIR-816A2FWv1.10CNB05R1B011D88210 allows a remote attacker to execute arbitrary code via system function in the bin/goahead file...

9.8CVSS6.2AI score0.00891EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2025/06/30 5:15 p.m.3 views

CVE-2025-45931

An issue D-Link DIR-816-A2 DIR-816A2FWv1.10CNB05R1B011D88210 allows a remote attacker to execute arbitrary code via system function in the bin/goahead file...

9.8CVSS7.6AI score0.00891EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/06/30 12:0 a.m.9 views

PT-2025-27456 · D Link · D-Link Dir-816 A2

Name of the Vulnerable Software and Affected Versions: D-Link DIR-816-A2 version DIR-816A2 FWv1.10CNB05 R1B011D88210 Description: An issue in the D-Link DIR-816-A2 allows a remote attacker to execute arbitrary code via the system function in the bin/goahead file. This enables the attacker to run...

9.8CVSS8.2AI score0.00891EPSS
Exploits1References11
CNNVD
CNNVD
added 2025/06/30 12:0 a.m.5 views

D-Link DIR-816 A2 安全漏洞

The D-Link DIR-816 A2 is a wireless router from China's AUO D-Link. The D-Link DIR-816 A2 suffers from a code execution vulnerability that originates from an unverified system function in the bin/goahead file, which can be exploited by an attacker to cause remote code execution...

9.8CVSS8.4AI score0.00891EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/06/30 12:0 a.m.23 views

CVE-2025-45931

An issue D-Link DIR-816-A2 DIR-816A2FWv1.10CNB05R1B011D88210 allows a remote attacker to execute arbitrary code via system function in the bin/goahead file...

0.00891EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/23 10:46 a.m.10 views

CVE-2024-3187

This issue tracks two CWE-416 Use After Free UAF and one CWE-415 Double Free vulnerabilities in Goahead versions = 6.0.0. These are caused by JST values not being nulled when freed during parsing of JST templates. If the MEGOAHEADJAVASCRIPT flag is enabled, a remote attacker with the privileges t...

5.9CVSS7.3AI score0.00478EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:46 a.m.8 views

CVE-2024-3184

Multiple CWE-476 NULL Pointer Dereference vulnerabilities were found in GoAhead Web Server up to version 6.0.0 when compiled with the MEGOAHEADREPLACEMALLOC flag. Without a memory notifier for allocation failures, remote attackers can exploit these vulnerabilities by sending malicious requests,...

5.9CVSS7.5AI score0.00465EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:45 a.m.8 views

CVE-2024-3186

CWE-476 NULL Pointer Dereference vulnerability in the evalExpr function of GoAhead Web Server version = 6.0.0 when compiled with the MEGOAHEADJAVASCRIPT flag. This vulnerability allows a remote attacker with the privileges to modify JavaScript template JST files to trigger a crash and cause a...

5.3CVSS6.9AI score0.00435EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:21 p.m.8 views

CVE-2021-41615

websda.c in GoAhead WebServer 2.1.8 has insufficient nonce entropy because the nonce calculation relies on the hardcoded onceuponatimeinparadise value, which does not follow the secret-data guideline for HTTP Digest Access Authentication in RFC 7616 section 3.3 or RFC 2617 section 3.2.1. NOTE:...

9.8CVSS7.2AI score0.01089EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 8:25 a.m.8 views

CVE-2019-19240

Embedthis GoAhead before 5.0.1 mishandles redirected HTTP requests with a large Host header. The GoAhead WebsRedirect uses a static host buffer that has a limited length and can overflow. This can cause a copy of the Host header to fail, leaving that buffer uninitialized, which may leak...

5.3CVSS7AI score0.01541EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:16 a.m.11 views

CVE-2019-15311

An issue was discovered on Zolo Halo devices via the Linkplay firmware. There is Zolo Halo LAN remote code execution. The Zolo Halo Bluetooth speaker had a GoAhead web server listening on the port 80. The /httpapi.asp endpoint of the GoAhead web server was also vulnerable to multiple command...

10CVSS8.1AI score0.07625EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:48 a.m.9 views

CVE-2017-14149

GoAhead 3.4.0 through 3.6.5 has a NULL Pointer Dereference in the websDecodeUrl function in http.c, leading to a crash for a "POST / HTTP/1.1" request...

7.5CVSS6.9AI score0.05794EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:5 a.m.8 views

CVE-2019-5097

A denial-of-service vulnerability exists in the processing of multi-part/form-data requests in the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. A specially crafted HTTP request can lead to an infinite loop in the process. The request can be unauthenticated in the fo...

7.5CVSS6.9AI score0.45063EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 1:26 a.m.10 views

CVE-2017-1000471

EmbedThis GoAhead Webserver version 4.0.0 is vulnerable to a NULL pointer dereference in the CGI handler resulting in memory corruption or denial of service...

9.8CVSS7.1AI score0.08605EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 1:18 a.m.8 views

CVE-2017-1000470

EmbedThis GoAhead Webserver versions 4.0.0 and earlier is vulnerable to an integer overflow in the HTTP listener resulting in denial of service...

7.5CVSS7.2AI score0.07856EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 10:41 p.m.9 views

CVE-2002-2430

GoAhead WebServer before 2.1.1 allows remote attackers to cause a denial of service CPU consumption by performing a socket disconnect to terminate a request before it has been fully processed by the server...

5CVSS7AI score0.01118EPSS
Exploits0References1
Rows per page
Query Builder