AppWeb - Authentication Bypass

The Embedthis HTTP library, and Appweb versions before 7.0.3, have a logic flaw related to the authCondition function in http/httpLib.c. With a forged HTTP request, it is possible to bypass authentication for the form and digest login types. id: CVE-2018-8715 info: name: AppWeb - Authentication...

Embedthis GoAhead <3.6.5 - Remote Code Execution

description: Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked. id: CVE-2017-17562 info: name: Embedthis GoAhead 3.6.5 - Remote Code Execution author: geeknik severity: high description: | description: Embedthis GoAhead before...

CVE-2021-33254

An issue was discovered in src/http/httpLib.c in EmbedThis Appweb Community Edition 8.2.1, allows attackers to cause a denial of service via the stream paramter to the parseUri function...

CVE-2019-16645

An issue was discovered in Embedthis GoAhead 2.5.0. Certain pages such as goform/login and config/logoffpage.htm create links containing a hostname obtained from an arbitrary HTTP Host header sent by an attacker. This could potentially be used in a phishing attack...

CVE-2019-12822

In http.c in Embedthis GoAhead before 4.1.1 and 5.x before 5.0.1, a header parsing vulnerability causes a memory assertion, out-of-bounds memory reference, and potential DoS, as demonstrated by a colon on a line by itself...

EUVD-2021-19965

Malware in sbrugna...

EUVD-2014-9515

Malware in sbrugna...

EUVD-2018-7381

Malware in sbrugna...

EUVD-2018-7382

Malware in sbrugna...

EUVD-2019-8866

Malware in sbrugna...

EUVD-2019-4403

Malware in sbrugna...

EUVD-2023-59766

Malicious code in bioql PyPI...

CVE-2023-53155

goform/formTest in EmbedThis GoAhead 2.5 allows HTML injection via the name parameter...

CVE-2023-53155

goform/formTest in EmbedThis GoAhead 2.5 allows HTML injection via the name parameter...

CVE-2023-53155

goform/formTest in EmbedThis GoAhead 2.5 allows HTML injection via the name parameter...

EmbedThis GoAhead 跨站脚本漏洞

EmbedThis GoAhead is an embedded web server software from EmbedThis, Inc. A cross-site scripting vulnerability exists in EmbedThis GoAhead version 2.5, which stems from HTML injection of the name parameter...

CVE-2023-53155

goform/formTest in EmbedThis GoAhead 2.5 allows HTML injection via the name parameter...

CVE-2023-53155

CVE-2023-53155 affects EmbedThis GoAhead 2.5. The vulnerability is an HTML injection (XSS) via the name parameter in goform/formTest. Exploitation and public attestations exist (e.g., Exploit-DB); multiple mirrors/alerts reiterate the same flaw. Connected entries corroborate the issue across vend...

CVE-2017-1000471

EmbedThis GoAhead Webserver version 4.0.0 is vulnerable to a NULL pointer dereference in the CGI handler resulting in memory corruption or denial of service...

CVE-2017-1000470

EmbedThis GoAhead Webserver versions 4.0.0 and earlier is vulnerable to an integer overflow in the HTTP listener resulting in denial of service...