160 matches found
CVE-2012-3459
Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid MRG 2.0, allows remote authenticated users to modify Condor attributes and possibly gain privileges via crafted additional parameters in an HTTP POST request, which triggers a job attribute change request to Condor...
CVE-2012-2685
Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid MRG 2.0, allows remote authenticated users to cause a denial of service memory consumption via a large size in an image request...
CVE-2012-2735
CVE-2012-2735 is a session-fixation vulnerability in Cumin before 0.1.5444, used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0. An authenticated attacker can pre-set a victim’s Cumin session cookie in the browser, enabling the attacker to hijack the user’s web session after login....
CVE-2012-2684
CVE-2012-2684 affects Cumin (the MRG web console) used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0. The vulnerability is a SQL injection in the get_sample_filters_by_signature function, exploitable remotely via the (1) agent or (2) object id, as described in the CVE entry. Root ...
CVE-2012-2684
Multiple SQL injection vulnerabilities in the getsamplefiltersbysignature function in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid MRG 2.0, allow remote attackers to execute arbitrary SQL commands via the 1 agent or 2 object id...
CVE-2012-2735
Session fixation vulnerability in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid MRG 2.0, allows remote attackers to hijack web sessions via a crafted session cookie...
CVE-2012-2683
Multiple cross-site scripting XSS vulnerabilities in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid MRG 2.0, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to 1 "error message displays" or 2 "in source HTML on...
PT-2012-4224 · Red Hat · Cumin +1
Name of the Vulnerable Software and Affected Versions: Cumin versions prior to 0.1.5444 Red Hat Enterprise Messaging, Realtime, and Grid MRG version 2.0 Description: A session fixation issue allows remote attackers to hijack web sessions via a crafted session cookie. Recommendations: For Cumin...
PT-2012-4223 · Red Hat · Cumin +1
Name of the Vulnerable Software and Affected Versions: Cumin versions prior to 0.1.5444 Red Hat Enterprise Messaging, Realtime, and Grid MRG version 2.0 Description: The issue allows remote attackers to hijack the authentication of arbitrary users for requests that execute commands...
PT-2012-4179 · Red Hat · Cumin +1
Name of the Vulnerable Software and Affected Versions: Cumin versions prior to 0.1.5444 Red Hat Enterprise Messaging, Realtime, and Grid MRG version 2.0 Description: The issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to error message displays ...
cumin: authentication bypass flaws
Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid MRG 2.0, does not properly restrict access to resources, which allows remote attackers to obtain sensitive information via unspecified vectors related to 1 "web pages," 2 "export functionality," and 3 "image viewin...
cumin: allows for editing internal Condor job attributes
Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid MRG 2.0, allows remote authenticated users to modify Condor attributes and possibly gain privileges via crafted additional parameters in an HTTP POST request, which triggers a job attribute change request to Condor...
cumin: CSRF flaw
Multiple cross-site request forgery CSRF vulnerabilities in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid MRG 2.0, allow remote attackers to hijack the authentication of arbitrary users for requests that execute commands via unspecified vectors...
cumin: multiple XSS flaws
Multiple cross-site scripting XSS vulnerabilities in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid MRG 2.0, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to 1 "error message displays" or 2 "in source HTML on...
Moderate: Red Hat Security Advisory: Red Hat Enterprise MRG Grid 2.2 security update
Updated Grid component packages that fix several security issues, add various enhancements and fix multiple bugs are now available for Red Hat Enterprise MRG 2 for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common...
cumin: DoS via large image requests
Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid MRG 2.0, allows remote authenticated users to cause a denial of service memory consumption via a large size in an image request...
cumin: SQL injection flaw
Multiple SQL injection vulnerabilities in the getsamplefiltersbysignature function in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid MRG 2.0, allow remote attackers to execute arbitrary SQL commands via the 1 agent or 2 object id...
cumin: weak session keys
Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid MRG 2.0, uses predictable random numbers to generate session keys, which makes it easier for remote attackers to guess the session key...
cumin: session fixation flaw
Session fixation vulnerability in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid MRG 2.0, allows remote attackers to hijack web sessions via a crafted session cookie...
cumin: DoS via large image requests
Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid MRG 2.0, allows remote authenticated users to cause a denial of service memory consumption via a large size in an image request...