A security vulnerability affecting GoAhead versions 2 to 5 has been identified when using Digest authentication over HTTP. The HTTP Digest Authentication in the GoAhead web server does not completely protect against replay attacks. This allows an unauthenticated remote attacker to bypass authentication via capture-replay if TLS is not used to protect the underlying communication channel. Digest authentication uses a "nonce" value to mitigate replay attacks. GoAhead versions 3 to 5 validated the nonce with a fixed duration of 5 minutes which permitted short-period replays. This duration is too long for most implementations.
b8446c244573df9229e023dd4a04307dZTE Mobile Hotspot MS910S version DL_MF910S_CN_EUV1.00.01 suffers from having a hard-coded administrative password, busybox vulnerabilities, and having a known backdoor in the GoAhead webserver.
5fee15e2fe67f4a312641b206b87d209GoAhead version 2.5.0 suffers from a host header injection vulnerability.
4ad1a934021181a8eedfc0445b89e9fcThis Metasploit module triggers an arbitrary shared library load vulnerability in GoAhead web server versions between 2.5 and that have the CGI module enabled.
b52da760a508f605f6ac4e9e7f6f0ffeGoAhead http versions 2.5 through 3.6.5 LD_PRELOAD remote code execution exploit.
f9e2734b50e21720d76a8c8736df6a20GoAhead web server versions 3.0.0 through 3.4.1 suffers from heap overflow and directory traversal vulnerabilities.
0e112907cdfd966046f30d6d0fea063cGoAhead Web Server versions prior to 3.1.3 suffer from a denial of service vulnerability.
b391a5e6a8e7c0597697560f475d00c9Embedthis Goahead webserver version 3.1.3-0 suffers from multiple denial of service vulnerabilities.
a680a6ff2c01083ae263bd2e5c7f6ac1GoAhead Webserver version 2.5 suffers from a cross site scripting vulnerability.
4923f3c0b0d95898abb3ce43d962f502Secunia Security Advisory - Multiple vulnerabilities have been discovered in GoAhead WebServer, which can be exploited by malicious people to conduct script insertion attacks.
0c3d3f656e256cd92d26815cb1737671Secunia Security Advisory - Two vulnerabilities have been discovered in GoAhead Webserver, which can be exploited by malicious people to conduct cross-site scripting attacks.
c542b77539fc3aa69079d9970cac970dATutor version 2.0.2 suffers from cross site scripting, path disclosure, and remote SQL injection vulnerabilities.
ab2df9c6d8a9277cbfbf7362c5db1e1eATutor AChecker version 1.2 suffers from cross site scripting and path disclosure vulnerabilities.
1dfcb0308b1fc9f621d64e75cb0ec0b3ATutor AChecker version 1.2 suffers from multiple remote SQL injection vulnerabilities.
475954b621b8571b3fe1b0e3220801ddATutor AContent version 1.1 suffers from a script insertion vulnerability.
2478dac5eb13b92fa34347528cf29390ATutor AContent version 1.1 suffers from multiple cross site scripting vulnerabilities. This also affects version 1.3 as of 2014/01/05.
ccfe3c05bd73e4627c487bfb8dfe62edATutor AContent version 1.1 suffers from multiple remote SQL injection vulnerabilities.
3385f97fa7a85cf1d63e00960be6b12eDigital Scribe version 1.5 suffers from multiple post cross site scripting vulnerabilities. Input thru the POST parameters 'title', 'last' and 'email' in register.php is not sanitized allowing the attacker to execute HTML code into user's browser session on the affected site.
06f72ee6189d18849ce8c40b4cd30f27Online Grades version 3.2.5 suffers from multiple cross site scripting vulnerabilities. The issue is triggered when input passed via multiple parameters to the 'admin/admin.php' script is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
2be35035441910f1c060359145fe410ePG eLMS Pro version DEC_2007_01 suffers from multiple remote blind SQL injection vulnerabilities.
050941cecf133637b2d98098d02706d6PG eLMS Pro version DEC_2007_01 suffers from multiple POST cross site scripting vulnerabilities in contact_us.php.
cc1aaba2dfcfee9612d61da71cece021TCExam versions 11.2.011 and below suffer from multiple remote SQL injection vulnerabilities.
67987221f17763e8d44b39a182099589TCExam versions 11.2.011 and below suffer from multiple pre and post auth cross site scripting vulnerabilities when parsing user input to multiple parameters via GET and POST method in multiple scripts. Attackers can exploit these weaknesses to execute arbitrary HTML and script code in a user's browser session.
41e45de921c4ec0633dd086e3c4c1612Tugux CMS version 1.2 remote arbitrary file deletion vulnerability.
9b1e456792e8405d4f5cba511d4704edESTsoft ALPlayer version 2.0 suffers from a buffer overflow vulnerability. It is caused due to a boundary error in the processing of a playlist file, which can be exploited to cause a stack-based buffer overflow when a user opens e.g. a specially crafted .asx file. Successful exploitation may allow execution of arbitrary code.
d4de01988901ed58ed438a72b179821aValve Steam Client Application version 1.0.968.628 is vulnerable to an elevation of privileges vulnerability which can be used by a simple user that can change the executable file with a binary of choice.
a520359ea1a44ddeefdb6d50fcde3fdb
© 2020 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed