[CLOSE] OSVDB ID : 28925 - Disclosed: 2006-09-16

Description:

(Description Provided by CVE) : SQL injection vulnerability in mods.php in GNUTurk 2G and earlier allows remote attackers to execute arbitrary SQL commands via the t_id parameter when the go parameter is "Forum."

[CLOSE] OSVDB ID : 57413 - Disclosed: 2009-08-26

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 57415 - Disclosed: 2009-08-26

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 57414 - Disclosed: 2009-08-26

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 20464 - Disclosed: 2005-11-02

Description:

A remote overflow exists in GO-Global. The server and clients fail to validate the _USERSA_ fields resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 58383 - Disclosed: 2009-09-10

Description:

(Description Provided by CVE) : Multiple heap-based buffer overflows in cppcanvas/source/mtfrenderer/emfplus.cxx in Go-oo 2.x and 3.x before 3.0.1, previously named ooo-build and related to OpenOffice.org (OOo), allow remote attackers to execute arbitrary code via a crafted EMF+ file, a similar issue to CVE-2008-2238.

[CLOSE] OSVDB ID : 57860 - Disclosed: 2009-09-04

Description:

(Description Provided by CVE) : Heap-based buffer overflow in svtools/source/filter.vcl/wmf/enhwmf.cxx in Go-oo 2.x and 3.x before 3.0.1, previously named ooo-build and related to OpenOffice.org (OOo), allows remote attackers to execute arbitrary code via a crafted EMF file, a similar issue to CVE-2008-2238.

[CLOSE] OSVDB ID : 2513 - Disclosed: 2003-09-04

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 6664 - Disclosed: 2001-04-17

Description:

GoAhead WebServer on Windows contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker requests the /aux directory (and likely other MS-DOS reserved names) which will result in a loss of availability for the web server.

[CLOSE] OSVDB ID : 76845 - Disclosed: 2011-10-10

Description:

GoAhead Webserver contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'group' parameter upon submission to the addgroup.asp script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 76846 - Disclosed: 2011-10-10

Description:

GoAhead Webserver contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'url' parameter upon submission to the addlimit.asp script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 76847 - Disclosed: 2011-10-10

Description:

GoAhead Webserver contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'User ID' or 'group' parameters upon submission to the adduser.asp script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 13295 - Disclosed: 2002-12-17

Description:

GoAhead WebServer contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when prefixing an ASP filename with specific characters (/), (\), (%20) or (%00), which will disclose the source file code resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 56440 - Disclosed: 2004-01-19

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 6662 - Disclosed: 2002-07-10

Description:

GoAhead WebServer contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate input variables upon submission to the error handling script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 56425 - Disclosed: 2001-12-05

Description:

(Description Provided by CVE) : The security handler in GoAhead WebServer before 2.1.1 allows remote attackers to bypass authentication and obtain access to protected web content via "an extra slash in a URL," a different vulnerability than CVE-2002-1603.

[CLOSE] OSVDB ID : 56439 - Disclosed: 2002-07-10

Description:

(Description Provided by CVE) : Directory traversal vulnerability in GoAhead Web Server 2.1 allows remote attackers to read arbitrary files via a URL with an encoded / (%5C) in a .. (dot dot) sequence. NOTE: it is highly likely that this candidate will be REJECTED because it has been reported to be a duplicate of CVE-2001-0228.

[CLOSE] OSVDB ID : 3694 - Disclosed: 2001-02-02

Description:

(Description Provided by CVE) : Directory traversal vulnerability in GoAhead web server 2.1 and earlier allows remote attackers to read arbitrary files via a .. attack in an HTTP GET request.

[CLOSE] OSVDB ID : 77198 - Disclosed: 2011-11-18

Description:

GoAhead WebServer contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'name' and 'address' parameters upon submission to the goform/formTest script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 43168 - Disclosed: 2007-12-18

Description:

(Description Provided by CVE) : goform/QuickStart_c0 on the GoAhead Web Server on the FS4104-AW (aka rooter) VDSL device contains a password in the typepassword field, which allows remote attackers to obtain this password by reading the HTML source, a different vulnerability than CVE-2002-1603.

[CLOSE] OSVDB ID : 59786 - Disclosed: 2002-08-14

Description:

(Description Provided by CVE) : Buffer overflow in GoAhead WebServer 2.1 allows remote attackers to execute arbitrary code via a long HTTP GET request with a large number of subdirectories.

[CLOSE] OSVDB ID : 3617 - Disclosed: 2003-09-23

Description:

GoAhead WebServer contains a flaw that may allow a remote denial of service. The issue is triggered when sending a HTTP POST request with a malformed Content-Length header, which causes the application to crash resulting in a loss of availability.

[CLOSE] OSVDB ID : 56424 - Disclosed: 2003-03-19

Description:

(Description Provided by CVE) : GoAhead WebServer before 2.1.5 on Windows 95, 98, and ME allows remote attackers to cause a denial of service (daemon crash) via an HTTP request with a (1) con, (2) nul, (3) clock$, or (4) config$ device name in a path component, different vectors than CVE-2001-0385.

[CLOSE] OSVDB ID : 78079 - Disclosed: 2009-06-17

Description:

(Description Provided by CVE) : GoAhead WebServer allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.

[CLOSE] OSVDB ID : 56426 - Disclosed: 2001-12-05

Description:

(Description Provided by CVE) : GoAhead WebServer before 2.1.1 allows remote attackers to cause a denial of service (CPU consumption) by performing a socket disconnect to terminate a request before it has been fully processed by the server.

[CLOSE] OSVDB ID : 56428 - Disclosed: 2002-10-17

Description:

(Description Provided by CVE) : Unspecified vulnerability in GoAhead WebServer before 2.1.4 allows remote attackers to cause "incorrect behavior" via unknown "malicious code," related to incorrect use of the socketInputBuffered function by sockGen.c.

[CLOSE] OSVDB ID : 56427 - Disclosed: 2002-10-17

Description:

(Description Provided by CVE) : webs.c in GoAhead WebServer before 2.1.4 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an HTTP POST request that contains a Content-Length header but no body data.

[CLOSE] OSVDB ID : 56429 - Disclosed: 2003-03-25

Description:

(Description Provided by CVE) : GoAhead WebServer before 2.1.6 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an invalid URL, related to the websSafeUrl function.

[CLOSE] OSVDB ID : 50825 - Disclosed: 2008-12-18

Description:

(Description Provided by CVE) : admin/auth.php in Gobbl CMS 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the auth cookie to "ok".

[CLOSE] OSVDB ID : 36872 - Disclosed: 2007-04-12

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in Gobi as of 20070711, built on Helma, allows remote attackers to inject arbitrary web script or HTML via the q parameter to the search function.