Vulnerabilities (CVE)

Filtered by vendor Geopp Subscribe
Total 5 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2010-0550 1 Geopp 1 Geo\+\+ Gncaster 2024-02-04 4.0 MEDIUM N/A
admin.htm in Geo++ GNCASTER 1.4.0.7 and earlier does not properly enforce HTTP Digest Authentication, which allows remote authenticated users to use HTTP Basic Authentication, bypassing intended server policy.
CVE-2010-0554 1 Geopp 1 Geo\+\+ Gncaster 2024-02-04 7.5 HIGH N/A
The HTTP Authentication implementation in Geo++ GNCASTER 1.4.0.7 and earlier uses the same nonce for all authentication, which allows remote attackers to hijack web sessions or bypass authentication via a replay attack.
CVE-2010-0551 1 Geopp 1 Geo\+\+ Gncaster 2024-02-04 5.0 MEDIUM N/A
HTTP authentication implementation in Geo++ GNCASTER 1.4.0.7 and earlier allows remote attackers to read authentication headers of other users via a large request with an incorrect authentication attempt, which includes sensitive memory in the response. NOTE: this is referred to as a "memory leak" by some sources, but is better characterized as "memory disclosure."
CVE-2010-0552 1 Geopp 1 Geo\+\+ Gncaster 2024-02-04 7.5 HIGH N/A
Geo++ GNCASTER 1.4.0.7 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via multiple requests for a non-existent file using a long URI.
CVE-2010-0553 1 Geopp 1 Geo\+\+ Gncaster 2024-02-04 6.5 MEDIUM N/A
Geo++ GNCASTER 1.4.0.7 and earlier allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via a long NMEA data sentence.