Security Vulnerabilities, CVEs, Published In February 2010 (Bypass)

CVE-2010-0756

Session fixation vulnerability in WikyBlog 1.7.3 rc2 allows remote attackers to hijack web sessions by setting the jsessionid parameter to (1) index.php/Comment/Main, (2) index.php/Comment/Main/Home_Wiky, or (3) index.php/Edit/Main.
Max CVSS
5.8
EPSS Score
0.35%
Published
2010-02-27
Updated
2017-08-17

CVE-2010-0554

The HTTP Authentication implementation in Geo++ GNCASTER 1.4.0.7 and earlier uses the same nonce for all authentication, which allows remote attackers to hijack web sessions or bypass authentication via a replay attack.
Max CVSS
7.5
EPSS Score
0.93%
Published
2010-02-04
Updated
2018-10-10

CVE-2010-0550

admin.htm in Geo++ GNCASTER 1.4.0.7 and earlier does not properly enforce HTTP Digest Authentication, which allows remote authenticated users to use HTTP Basic Authentication, bypassing intended server policy.
Max CVSS
4.0
EPSS Score
0.23%
Published
2010-02-04
Updated
2018-10-10
3 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close