Geopp Geo + + Gncaster vulnerabilities
5 known vulnerabilities affecting geopp/geo_+_+_gncaster.
Total CVEs
5
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2010-0552P3HIGHCVSS 7.5PoC≤ 1.4.0.7v1.4.0.02010-02-04
CVE-2010-0552 [HIGH] CWE-20 CVE-2010-0552: Geo++ GNCASTER 1.4.0.7 and earlier allows remote attackers to cause a denial of service (application
Geo++ GNCASTER 1.4.0.7 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via multiple requests for a non-existent file using a long URI.
nvd
CVE-2010-0553P4MEDIUMCVSS 6.5PoC≤ 1.4.0.7v1.4.0.02010-02-04
CVE-2010-0553 [MEDIUM] CWE-119 CVE-2010-0553: Geo++ GNCASTER 1.4.0.7 and earlier allows remote authenticated users to cause a denial of service (a
Geo++ GNCASTER 1.4.0.7 and earlier allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via a long NMEA data sentence.
nvd
CVE-2010-0554P3HIGHCVSS 7.5≤ 1.4.0.7v1.4.0.02010-02-04
CVE-2010-0554 [HIGH] CWE-287 CVE-2010-0554: The HTTP Authentication implementation in Geo++ GNCASTER 1.4.0.7 and earlier uses the same nonce for
The HTTP Authentication implementation in Geo++ GNCASTER 1.4.0.7 and earlier uses the same nonce for all authentication, which allows remote attackers to hijack web sessions or bypass authentication via a replay attack.
nvd
CVE-2010-0551P4MEDIUMCVSS 5.0≤ 1.4.0.7v1.4.0.02010-02-04
CVE-2010-0551 [MEDIUM] CWE-200 CVE-2010-0551: HTTP authentication implementation in Geo++ GNCASTER 1.4.0.7 and earlier allows remote attackers to
HTTP authentication implementation in Geo++ GNCASTER 1.4.0.7 and earlier allows remote attackers to read authentication headers of other users via a large request with an incorrect authentication attempt, which includes sensitive memory in the response. NOTE: this is referred to as a "memory leak" by some sources, but is better characterized as "memory
nvd
CVE-2010-0550P4MEDIUMCVSS 4.0≤ 1.4.0.7v1.4.0.02010-02-04
CVE-2010-0550 [MEDIUM] CWE-287 CVE-2010-0550: admin.htm in Geo++ GNCASTER 1.4.0.7 and earlier does not properly enforce HTTP Digest Authentication
admin.htm in Geo++ GNCASTER 1.4.0.7 and earlier does not properly enforce HTTP Digest Authentication, which allows remote authenticated users to use HTTP Basic Authentication, bypassing intended server policy.
nvd