Security Vulnerabilities, CVEs, Published In February 2010 (Bypass)
Session fixation vulnerability in WikyBlog 1.7.3 rc2 allows remote attackers to hijack web sessions by setting the jsessionid parameter to (1) index.php/Comment/Main, (2) index.php/Comment/Main/Home_Wiky, or (3) index.php/Edit/Main.
Max CVSS
5.8
EPSS Score
0.35%
Published
2010-02-27
Updated
2017-08-17
The HTTP Authentication implementation in Geo++ GNCASTER 1.4.0.7 and earlier uses the same nonce for all authentication, which allows remote attackers to hijack web sessions or bypass authentication via a replay attack.
Max CVSS
7.5
EPSS Score
0.93%
Published
2010-02-04
Updated
2018-10-10
admin.htm in Geo++ GNCASTER 1.4.0.7 and earlier does not properly enforce HTTP Digest Authentication, which allows remote authenticated users to use HTTP Basic Authentication, bypassing intended server policy.
Max CVSS
4.0
EPSS Score
0.23%
Published
2010-02-04
Updated
2018-10-10
3 vulnerabilities found