Search Results | AttackerKB

Show filters

Topics 11 Users 9,713

Clear All

Disclosure Date

Disclosure Year Disclosure Month

Collection Command and Control Credential Access Defense Evasion Discovery Execution Exfiltration Impact Initial Access Lateral Movement Persistence Privilege Escalation

11 Total Results

Displaying 1-10 of 11

Attacker Value

Unknown

CVE-2011-4273

Disclosure Date: November 03, 2011 (last updated October 04, 2023)

Multiple cross-site scripting (XSS) vulnerabilities in GoAhead Webserver 2.18 allow remote attackers to inject arbitrary web script or HTML via (1) the group parameter to goform/AddGroup, related to addgroup.asp; (2) the url parameter to goform/AddAccessLimit, related to addlimit.asp; or the (3) user (aka User ID) or (4) group parameter to goform/AddUser, related to adduser.asp.

0

Attacker Value

Unknown

CVE-2002-2428

Disclosure Date: February 06, 2009 (last updated October 04, 2023)

webs.c in GoAhead WebServer before 2.1.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an HTTP POST request that contains a Content-Length header but no body data.

0

Attacker Value

Unknown

CVE-2003-1568

Disclosure Date: February 06, 2009 (last updated October 04, 2023)

GoAhead WebServer before 2.1.6 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an invalid URL, related to the websSafeUrl function.

0

Attacker Value

Unknown

CVE-2003-1569

Disclosure Date: February 06, 2009 (last updated October 04, 2023)

GoAhead WebServer before 2.1.5 on Windows 95, 98, and ME allows remote attackers to cause a denial of service (daemon crash) via an HTTP request with a (1) con, (2) nul, (3) clock$, or (4) config$ device name in a path component, different vectors than CVE-2001-0385.

0

Attacker Value

Unknown

CVE-2002-2429

Disclosure Date: February 06, 2009 (last updated October 04, 2023)

webs.c in GoAhead WebServer before 2.1.4 allows remote attackers to cause a denial of service (daemon crash) via an HTTP POST request that contains a negative integer in the Content-Length header.

0

Attacker Value

Unknown

CVE-2002-2431

Disclosure Date: February 06, 2009 (last updated October 04, 2023)

Unspecified vulnerability in GoAhead WebServer before 2.1.4 allows remote attackers to cause "incorrect behavior" via unknown "malicious code," related to incorrect use of the socketInputBuffered function by sockGen.c.

0

Attacker Value

Unknown

CVE-2002-1951

Disclosure Date: December 31, 2002 (last updated February 22, 2025)

Buffer overflow in GoAhead WebServer 2.1 allows remote attackers to execute arbitrary code via a long HTTP GET request with a large number of subdirectories.

0

Attacker Value

Unknown

CVE-2002-0681

Disclosure Date: July 23, 2002 (last updated February 22, 2025)

Cross-site scripting vulnerability in GoAhead Web Server 2.1 allows remote attackers to execute script as other web users via script in a URL that generates a "404 not found" message, which does not quote the script.

0

Attacker Value

Unknown

CVE-2002-1603

Disclosure Date: February 13, 2002 (last updated February 22, 2025)

GoAhead Web Server 2.1.7 and earlier allows remote attackers to obtain the source code of ASP files via a URL terminated with a /, \, %2f (encoded /), %20 (encoded space), or %00 (encoded null) character, which returns the ASP source code unparsed.

0

Attacker Value

Unknown

CVE-2001-0385

Disclosure Date: July 02, 2001 (last updated February 22, 2025)

GoAhead webserver 2.1 allows remote attackers to cause a denial of service via an HTTP request to the /aux directory.

0