35 matches found
EUVD-2007-4120
Malware in sbrugna...
EUVD-2010-3831
Malware in sbrugna...
EUVD-2012-3336
Malware in sbrugna...
EUVD-2013-7119
Malware in sbrugna...
EUVD-2013-6299
Malware in sbrugna...
EUVD-2014-3520
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2013-6496
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Red Hat Conga 0.12.2 allows remote attackers to obtain sensitive information via a crafted request to the 1 homebase, 2 cluster, 3 storage, 4 portalskins/custom...
Linux Distros Unpatched Vulnerability : CVE-2013-7347
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Luci in Red Hat Conga does not properly enforce the user session timeout, which might allow attackers to gain access to the session by reading the ac session...
Linux Distros Unpatched Vulnerability : CVE-2012-3359
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Luci in Red Hat Conga stores the user's username and password in a Base64 encoded string in the ac session cookie, which allows attackers to gain privileges by...
Linux Distros Unpatched Vulnerability : CVE-2010-3852
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The default configuration of Luci 0.22.4 and earlier in Red Hat Conga uses INSERT SECRET HERE as its secret key for cookies, which makes it easier for remote...
Privilege Escalation
The Luci in Red Hat Conga is vulnerable to privilege escalation. Storing usernames and passwords in ac session cookies leads to incorrect session inactivity timeout and to get access to the user credential via the cookie...
CVE-2014-3521
The component in 1 /luci/homebase and 2 /luci/cluster menu in Red Hat Conga 0.12.2 allows remote authenticated users to bypass intended access restrictions via a crafted URL...
CVE-2013-6496
Red Hat Conga 0.12.2 allows remote attackers to obtain sensitive information via a crafted request to the 1 homebase, 2 cluster, 3 storage, 4 portalskins/custom, or 5 logs Luci extension...
Design/Logic Flaw
The component in 1 /luci/homebase and 2 /luci/cluster menu in Red Hat Conga 0.12.2 allows remote authenticated users to bypass intended access restrictions via a crafted URL...
Information disclosure
Red Hat Conga 0.12.2 allows remote attackers to obtain sensitive information via a crafted request to the 1 homebase, 2 cluster, 3 storage, 4 portalskins/custom, or 5 logs Luci extension...
CVE-2014-3521
The component in 1 /luci/homebase and 2 /luci/cluster menu in Red Hat Conga 0.12.2 allows remote authenticated users to bypass intended access restrictions via a crafted URL...
CVE-2013-6496
CVE-2013-6496 affects Red Hat Conga 0.12.2, enabling a remote attacker to cause information disclosure by issuing a crafted request to the Luci extension endpoints: (1) homebase, (2) cluster, (3) storage, (4) portal_skins/custom, or (5) logs. The linked sources corroborate this as the vulnerabili...
CVE-2014-3521
CVE-2014-3521 affects Red Hat Conga 0.12.2 in the luci/homebase and luci/cluster menu. The issue allows remote authenticated users to bypass access restrictions by sending a crafted URL, enabling partial disclosure/ modification concerns (per CVSS 2.0: AV:N/AC:L/Au:S/C:P/I:P/A:N). Exploitation st...
PT-2014-5371 · Red Hat · Red Hat Conga +1
Name of the Vulnerable Software and Affected Versions: Red Hat Conga version 0.12.2 Description: The issue allows remote authenticated users to bypass intended access restrictions. This is achieved via a crafted URL in the /luci/homebase and /luci/cluster menu components. Recommendations: For Red...
PT-2014-3142 · Red Hat · Red Hat Conga +2
Name of the Vulnerable Software and Affected Versions: Red Hat Conga version 0.12.2 Description: The issue allows remote attackers to obtain sensitive information via a crafted request to specific Luci extensions, including homebase, cluster, storage, portal skins/custom, or logs. Recommendations...