Vulnerabilities > Embedthis > Goahead
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-03 | CVE-2017-1000471 | NULL Pointer Dereference vulnerability in Embedthis Goahead 4.0.0 EmbedThis GoAhead Webserver version 4.0.0 is vulnerable to a NULL pointer dereference in the CGI handler resulting in memory corruption or denial of service. | 7.5 |
| 2017-12-12 | CVE-2017-17562 | Improper Input Validation vulnerability in Embedthis Goahead Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked. | 6.8 |
| 2017-09-05 | CVE-2017-14149 | NULL Pointer Dereference vulnerability in Embedthis Goahead GoAhead 3.4.0 through 3.6.5 has a NULL Pointer Dereference in the websDecodeUrl function in http.c, leading to a crash for a "POST / HTTP/1.1" request. | 5.0 |
| 2017-03-13 | CVE-2017-5675 | Command Injection vulnerability in Embedthis Goahead A command-injection vulnerability exists in a web application on a custom-built GoAhead web server used on Foscam, Vstarcam, and multiple white-label IP camera models. | 9.0 |
| 2017-03-13 | CVE-2017-5674 | Information Exposure vulnerability in Embedthis Goahead A vulnerability in a custom-built GoAhead web server used on Foscam, Vstarcam, and multiple white-label IP camera models allows an attacker to craft a malformed HTTP ("GET system.ini HTTP/1.1\n\n" - note the lack of "/" in the path field of the request) request that will disclose the configuration file with the login password. | 5.0 |
| 2015-03-31 | CVE-2014-9707 | Code vulnerability in Embedthis Goahead EmbedThis GoAhead 3.0.0 through 3.4.1 does not properly handle path segments starting with a . | 7.5 |