Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
embedthis vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2017-5674
A vulnerability in a custom-built GoAhead web server used on Foscam, Vstarcam, and multiple white-label IP camera models allows an malicious user to craft a malformed HTTP ("GET system.ini HTTP/1.1\n\n" - note the lack of "/" in the path field of the request) ...
Embedthis Goahead -
1 Github repository
8.8
CVSSv3
CVE-2017-5675
A command-injection vulnerability exists in a web application on a custom-built GoAhead web server used on Foscam, Vstarcam, and multiple white-label IP camera models. The mail-sending form in the mail.htm page allows an malicious user to inject a command into the receiver1 field...
Embedthis Goahead -
7.5
CVSSv3
CVE-2019-12822
In http.c in Embedthis GoAhead prior to 4.1.1 and 5.x prior to 5.0.1, a header parsing vulnerability causes a memory assertion, out-of-bounds memory reference, and potential DoS, as demonstrated by a colon on a line by itself.
Embedthis Goahead
7.5
CVSSv3
CVE-2020-15689
Appweb prior to 7.2.2 and 8.x prior to 8.1.0, when built with CGI support, mishandles an HTTP request with a Range header that lacks an exact range. This may result in a NULL pointer dereference and cause a denial of service.
Embedthis Appweb
9.8
CVSSv3
CVE-2021-41615
websda.c in GoAhead WebServer 2.1.8 has insufficient nonce entropy because the nonce calculation relies on the hardcoded onceuponatimeinparadise value, which does not follow the secret-data guideline for HTTP Digest Access Authentication in RFC 7616 section 3.3 (or RFC 2617 secti...
Embedthis Goahead 2.1.8
9.8
CVSSv3
CVE-2017-1000471
EmbedThis GoAhead Webserver version 4.0.0 is vulnerable to a NULL pointer dereference in the CGI handler resulting in memory corruption or denial of service.
Embedthis Goahead 4.0.0
8.6
CVSSv3
CVE-2019-16645
An issue exists in Embedthis GoAhead 2.5.0. Certain pages (such as goform/login and config/log_off_page.htm) create links containing a hostname obtained from an arbitrary HTTP Host header sent by an attacker. This could potentially be used in a phishing attack.
Embedthis Goahead 2.5.0
1 EDB exploit
7.5
CVSSv3
CVE-2021-33254
An issue exists in src/http/httpLib.c in EmbedThis Appweb Community Edition 8.2.1, allows malicious users to cause a denial of service via the stream paramter to the parseUri function.
Embedthis Appweb 8.2.1
7.5
CVSSv3
CVE-2017-1000470
EmbedThis GoAhead Webserver versions 4.0.0 and previous versions is vulnerable to an integer overflow in the HTTP listener resulting in denial of service.
Embedthis Goahead Web Server 4.0.0
7.5
CVSSv3
CVE-2018-15505
An issue exists in Embedthis GoAhead prior to 4.0.1 and Appweb prior to 7.0.2. An HTTP POST request with a specially crafted "Host" header field may cause a NULL pointer dereference and thus cause a denial of service, as demonstrated by the lack of a trailing ']...
Embedthis Appweb
Embedthis Goahead
Juniper Junos 15.1
Juniper Junos 16.1
Juniper Junos 12.3
Juniper Junos 15.1x53
Juniper Junos 12.3x48
Juniper Junos 15.1x49
Juniper Junos 16.2
Juniper Junos 17.2
Juniper Junos 17.1
Juniper Junos 17.3
Juniper Junos 17.4
Juniper Junos 18.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2012-1823
malicious code
CVE-2024-5770
CVE-2023-45866
CVE-2024-35687
local users
CVE-2024-31246
CVE-2024-35730
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »