Vulnerabilities > Embedthis > Goahead
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-18 | CVE-2018-15504 | NULL Pointer Dereference vulnerability in multiple products An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. | 7.5 |
| 2018-01-03 | CVE-2017-1000471 | NULL Pointer Dereference vulnerability in Embedthis Goahead 4.0.0 EmbedThis GoAhead Webserver version 4.0.0 is vulnerable to a NULL pointer dereference in the CGI handler resulting in memory corruption or denial of service. | 9.8 |
| 2017-12-12 | CVE-2017-17562 | Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked. | 8.1 |
| 2017-09-05 | CVE-2017-14149 | NULL Pointer Dereference vulnerability in Embedthis Goahead GoAhead 3.4.0 through 3.6.5 has a NULL Pointer Dereference in the websDecodeUrl function in http.c, leading to a crash for a "POST / HTTP/1.1" request. | 7.5 |
| 2017-03-13 | CVE-2017-5675 | Command Injection vulnerability in Embedthis Goahead A command-injection vulnerability exists in a web application on a custom-built GoAhead web server used on Foscam, Vstarcam, and multiple white-label IP camera models. | 8.8 |
| 2017-03-13 | CVE-2017-5674 | Information Exposure vulnerability in Embedthis Goahead A vulnerability in a custom-built GoAhead web server used on Foscam, Vstarcam, and multiple white-label IP camera models allows an attacker to craft a malformed HTTP ("GET system.ini HTTP/1.1\n\n" - note the lack of "/" in the path field of the request) request that will disclose the configuration file with the login password. | 9.8 |