CVE-2002-2430

GoAhead WebServer before 2.1.1 allows remote attackers to cause a denial of service CPU consumption by performing a socket disconnect to terminate a request before it has been fully processed by the server...

CVE-2002-2429

webs.c in GoAhead WebServer before 2.1.4 allows remote attackers to cause a denial of service daemon crash via an HTTP POST request that contains a negative integer in the Content-Length header...

CVE-2003-1569

GoAhead WebServer before 2.1.5 on Windows 95, 98, and ME allows remote attackers to cause a denial of service daemon crash via an HTTP request with a 1 con, 2 nul, 3 clock$, or 4 config$ device name in a path component, different vectors than CVE-2001-0385...

CVE-2003-1569

CVE-2003-1569 affects GoAhead WebServer prior to 2.1.5 on Windows 95/98/ME. A remote attacker can crash the daemon by sending an HTTP request that includes a path component with a device name (con, nul, clock$, or config$), producing a denial of service. This differs from CVE-2001-0385 in vector ...

CVE-2003-1568

GoAhead WebServer (pre-2.1.6) is affected by a denial of service via a NULL pointer dereference in websSafeUrl triggered by an invalid URL, causing daemon crash. This vulnerability is documented across multiple sources (including NVD/RH-CVE) with the same root cause. Remediation guidance points t...

CVE-2002-2431

GoAhead WebServer before 2.1.4 is affected by a vulnerability in sockGen.c caused by incorrect use of socketInputBuffered, allowing remote attackers to trigger incorrect behavior via malicious code. The issue is documented across multiple feeds (NVD/Red Hat/CVE records) and is addressed in the Go...

CVE-2002-2430

CVE-2002-2430 affects GoAhead WebServer prior to version 2.1.1. The vulnerability is a denial of service caused by remote-triggered socket disconnects that terminate a request before it has been fully processed, leading to increased CPU usage. The available documents identify the affected product...

CVE-2002-2429

The vulnerability affects GoAhead WebServer, specifically the webs.c component, in versions before 2.1.4. A remote attacker can crash the daemon by sending an HTTP POST with a negative integer in the Content-Length header, leading to a denial of service. The issue is documented across multiple so...

CVE-2002-2428

CVE-2002-2428 affects the GoAhead WebServer (webs.c) prior to version 2.1.4. A remote attacker can trigger a NULL pointer dereference and daemon crash by sending an HTTP POST with a Content-Length header but no body data, resulting in a denial of service. Affected product: GoAhead WebServer; vuln...

CVE-2002-2427

CVE-2002-2427 affects GoAhead WebServer prior to 2.1.1, where the security handler could be bypassed to access protected web content via an extra slash in the URL. The issue is documented as a separate vulnerability from CVE-2002-1603. Public records in NVD indicate a base score of 5.0 (Medium) w...

CVE-2002-2431

Unspecified vulnerability in GoAhead WebServer before 2.1.4 allows remote attackers to cause "incorrect behavior" via unknown "malicious code," related to incorrect use of the socketInputBuffered function by sockGen.c...

GoAhead WebServer information disclosure and authentication bypass vulnerabilities

Overview GoAhead WebServer contains vulnerabilities that may allow an attacker to view source files containing sensitive information or bypass authentication. The information disclosure vulnerability was previously published as VU975041. Description GoAhead WebServer contains vulnerabilities...

NaviCopa webserver 3.0.1 (BOF/SD) Multiple Remote Vulnerabilities

No description provided by source. NaviCopa webserver 3.0.1 Multiple Vulnerabilities By: e.wiZz! Bosnian Idiot FTW! Mail: [email protected] Greetz goes to GYEZyou know who you are lol In the wild... Vendor site: http://www.navicopa.com/ Platforms: Windows OS only Info: Award Winning NaviCOPA is...

NaviCopa 3.0.1 Disclosure / Overflow

NaviCopa webserver 3.0.1 Multiple Vulnerabilities By: e.wiZz! Bosnian Idiot FTW! Mail: [email protected] Greetz goes to GYEZyou know who you are lol In the wild... Vendor site: http://www.navicopa.com/ Platforms: Windows OS only Info: Award Winning NaviCOPA is ideal for business users who require...

NaviCopa webserver 3.0.1 (BOF/SD) Multiple Remote Vulnerabilities

Exploit for unknown platform in category remote exploits ================================================================= NaviCopa webserver 3.0.1 BOF/SD Multiple Remote Vulnerabilities ================================================================= NaviCopa webserver 3.0.1 Multiple...

PerlSoft Guestbook v1.7b Bruteforcer + RCE!

Typ: Bruter & RCE Name: PerlSoft GB Pwner Affected Software: PerlSoft Gastebuch Version: 1.7b Coder/Bugfounder: Perforin ------ the RCE is only once possible, do not waste your command! STEP1: Use my script to bruteforce the admin login from the guestbook. STEP2: If we gain access, you can decide...

OpenX 2.6.2 - MAX_type Local File Inclusion

OpenX 2.6.2 - MAXtype Local File Inclusion source: https://www.securityfocus.com/bid/33458/info OpenX is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to view files and execute local scripts in the...

OpenX 2.6.2 - 'MAX_type' Local File Inclusion

source: https://www.securityfocus.com/bid/33458/info OpenX is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to view files and execute local scripts in the context of the webserver process. This may...

MKPortal 1.2.1 - modulesblogindex.php Home Template Textarea SQL Injection

MKPortal 1.2.1 - modulesblogindex.php Home Template Textarea SQL Injection source: https://www.securityfocus.com/bid/33300/info MKPortal is prone to multiple security vulnerabilities, including SQL-injection, HTML-injection, cross-site scripting, arbitrary-file-upload, and...

MKPortal 1.2.1 - modulesrsshandler_image.php?i Cross-Site Scripting

MKPortal 1.2.1 - modulesrsshandlerimage.php?i Cross-Site Scripting source: https://www.securityfocus.com/bid/33300/info MKPortal is prone to multiple security vulnerabilities, including SQL-injection, HTML-injection, cross-site scripting, arbitrary-file-upload, and insecure-temporary-file-creatio...