CVE-2019-5097

A denial-of-service vulnerability exists in the processing of multi-part/form-data requests in the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. A specially crafted HTTP request can lead to an infinite loop in the process. The request can be unauthenticated in the fo...

SUSE SLES15 / openSUSE 15 Security Update : nodejs22 (SUSE-SU-2025:0284-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:0284-1 advisory. Update to 22.13.1: - CVE-2025-23083: Fixed worker permission bypass via InternalWorker leak in diagnostics bsc1236251...

Element Synapse 安全漏洞

Element Synapse is an open source Matrix Home Server implementation from Element Open Source. A security vulnerability exists in Element Synapse that stems from the fact that multi-part/form data requests may, under certain configurations, temporarily increase memory consumption beyond expected...

easy.jobs < 2.4.7 - Subscriber+ Arbitrary Settings Update

Description The plugin does not properly secure some of its AJAX actions, allowing any logged-in users to modify its settings. fetch"/wp-admin/admin-ajax.php", "headers": "content-type": "multipart/form-data; boundary=----WebKitFormBoundaryvEIqF0bdJXlPN58D", , "body":...

Rockwell Automation products using GoAhead Web Server Loop with Unreachable Exit Condition (CVE-2019-5097)

A denial-of-service vulnerability exists in the processing of multi- part/form-data requests in the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. A specially crafted HTTP request can lead to an infinite loop in the process. The request can be unauthenticated in the...

CVE-2019-5097

A denial-of-service vulnerability exists in the processing of multi-part/form-data requests in the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. A specially crafted HTTP request can lead to an infinite loop in the process. The request can be unauthenticated in the fo...

CVE-2019-5096

An exploitable code execution vulnerability exists in the processing of multi-part/form-data requests within the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. A specially crafted HTTP request can lead to a use-after-free condition during the processing of this reques...

Denial of service

A denial-of-service vulnerability exists in the processing of multi-part/form-data requests in the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. A specially crafted HTTP request can lead to an infinite loop in the process. The request can be unauthenticated in the fo...

CVE-2019-5097

A denial-of-service vulnerability exists in the processing of multi-part/form-data requests in the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. A specially crafted HTTP request can lead to an infinite loop in the process. The request can be unauthenticated in the fo...

CVE-2019-5097

The CVE-2019-5097 entry documents a denial-of-service in the GoAhead web server’s handling of multipart/form-data. A specially crafted, unauthenticated HTTP request (GET or POST), targeting GoAhead versions v5.0.1, v4.1.1, and v3.6.5, can cause an infinite loop in the process, potentially impacti...

EmbedThis GoAhead web server code execution vulnerability

Summary An exploitable code execution vulnerability exists in the processing of multi-part/form-data requests within the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. A specially crafted HTTP request can lead to a use-after-free condition during the processing of thi...

EmbedThis GoAhead web server denial-of-service vulnerability

Summary A denial-of-service vulnerability exists in the processing of multi-part/form-data requests in the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. A specially crafted HTTP request can lead to an infinite loop in the process. The request can be unauthenticated i...

CYSTEME Finder <= 1.3 - Unauthenticated LFI and Unauthenticated File Upload

CYSTEME does not properly check SESSION Cookies allowing a remote attacker to upload, view, or delete files from any location on the remote file system. - Retrieve all data in the root wordpress directory. This will return JSON. Exploit:...