Geo\+\+ Gncaster
by Geopp
CVEs (5)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2010-0553 | 0.04 | — | 0.17 | Feb 4, 2010 | Geo++ GNCASTER 1.4.0.7 and earlier allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via a long NMEA data sentence. | ||
| CVE-2010-0552 | 0.04 | — | 0.09 | Feb 4, 2010 | Geo++ GNCASTER 1.4.0.7 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via multiple requests for a non-existent file using a long URI. | ||
| CVE-2010-0554 | 0.00 | — | 0.00 | Feb 4, 2010 | The HTTP Authentication implementation in Geo++ GNCASTER 1.4.0.7 and earlier uses the same nonce for all authentication, which allows remote attackers to hijack web sessions or bypass authentication via a replay attack. | ||
| CVE-2010-0551 | 0.00 | — | 0.00 | Feb 4, 2010 | HTTP authentication implementation in Geo++ GNCASTER 1.4.0.7 and earlier allows remote attackers to read authentication headers of other users via a large request with an incorrect authentication attempt, which includes sensitive memory in the response. NOTE: this is referred to as a "memory leak" by some sources, but is better characterized as "memory disclosure." | ||
| CVE-2010-0550 | 0.00 | — | 0.00 | Feb 4, 2010 | admin.htm in Geo++ GNCASTER 1.4.0.7 and earlier does not properly enforce HTTP Digest Authentication, which allows remote authenticated users to use HTTP Basic Authentication, bypassing intended server policy. |
- CVE-2010-0553Feb 4, 2010risk 0.04cvss —epss 0.17
Geo++ GNCASTER 1.4.0.7 and earlier allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via a long NMEA data sentence.
- CVE-2010-0552Feb 4, 2010risk 0.04cvss —epss 0.09
Geo++ GNCASTER 1.4.0.7 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via multiple requests for a non-existent file using a long URI.
- CVE-2010-0554Feb 4, 2010risk 0.00cvss —epss 0.00
The HTTP Authentication implementation in Geo++ GNCASTER 1.4.0.7 and earlier uses the same nonce for all authentication, which allows remote attackers to hijack web sessions or bypass authentication via a replay attack.
- CVE-2010-0551Feb 4, 2010risk 0.00cvss —epss 0.00
HTTP authentication implementation in Geo++ GNCASTER 1.4.0.7 and earlier allows remote attackers to read authentication headers of other users via a large request with an incorrect authentication attempt, which includes sensitive memory in the response. NOTE: this is referred to as a "memory leak" by some sources, but is better characterized as "memory disclosure."
- CVE-2010-0550Feb 4, 2010risk 0.00cvss —epss 0.00
admin.htm in Geo++ GNCASTER 1.4.0.7 and earlier does not properly enforce HTTP Digest Authentication, which allows remote authenticated users to use HTTP Basic Authentication, bypassing intended server policy.