RSS   Podatności dla 'Geo++ gncaster'   RSS

2010-02-04
 
CVE-2010-0554

CWE-287
 

 
The HTTP Authentication implementation in Geo++ GNCASTER 1.4.0.7 and earlier uses the same nonce for all authentication, which allows remote attackers to hijack web sessions or bypass authentication via a replay attack.

 
 
CVE-2010-0553

CWE-119
 

 
Geo++ GNCASTER 1.4.0.7 and earlier allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via a long NMEA data sentence.

 
 
CVE-2010-0552

CWE-20
 

 
Geo++ GNCASTER 1.4.0.7 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via multiple requests for a non-existent file using a long URI.

 
 
CVE-2010-0551

CWE-200
 

 
HTTP authentication implementation in Geo++ GNCASTER 1.4.0.7 and earlier allows remote attackers to read authentication headers of other users via a large request with an incorrect authentication attempt, which includes sensitive memory in the response. NOTE: this is referred to as a "memory leak" by some sources, but is better characterized as "memory disclosure."

 
 
CVE-2010-0550

CWE-287
 

 
admin.htm in Geo++ GNCASTER 1.4.0.7 and earlier does not properly enforce HTTP Digest Authentication, which allows remote authenticated users to use HTTP Basic Authentication, bypassing intended server policy.

 


Copyright 2024, cxsecurity.com

 

Back to Top