102 matches found
CVE-2013-6496
Red Hat Conga 0.12.2 allows remote attackers to obtain sensitive information via a crafted request to the 1 homebase, 2 cluster, 3 storage, 4 portalskins/custom, or 5 logs Luci extension...
CVE-2014-3521
CVE-2014-3521 affects Red Hat Conga 0.12.2 in the luci/homebase and luci/cluster menu. The issue allows remote authenticated users to bypass access restrictions by sending a crafted URL, enabling partial disclosure/ modification concerns (per CVSS 2.0: AV:N/AC:L/Au:S/C:P/I:P/A:N). Exploitation st...
CVE-2014-3521
The component in 1 /luci/homebase and 2 /luci/cluster menu in Red Hat Conga 0.12.2 allows remote authenticated users to bypass intended access restrictions via a crafted URL...
CentOS 5 : conga (CESA-2014:1194)
Updated conga packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings...
luci, ricci security update
CentOS Errata and Security Advisory CESA-2014:1194 Updated conga packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVS...
Oracle Linux 5 : conga (ELSA-2014-1194)
The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-1194 advisory. 0.12.2-81.0.2.el5 - Replaced redhat logo image in Data.fs 0.12.2-81.0.1.el5 - Added conga-enterprise-Carthage.patch to support OEL5 - Replaced redhat...
conga security and bug fix update
0.12.2-81.0.2.el5 - Replaced redhat logo image in Data.fs 0.12.2-81.0.1.el5 - Added conga-enterprise-Carthage.patch to support OEL5 - Replaced redhat logo image in conga-0.12.2.tar.gz 0.12.2-81 - luci: prevent non-admin user from unauthorized executive access Resolves: rhbz1089310 0.12.2-79 - luc...
conga: Multiple information leak flaws in various luci site extensions
Multiple information leak flaws were found in the way conga processed luci site extension-related URL requests. A remote, unauthenticated attacker could issue a specially crafted HTTP request that, when processed, would result in unauthorized information disclosure...
Moderate: Red Hat Security Advisory: conga security and bug fix update
Updated conga packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings...
PT-2014-5371 · Red Hat · Red Hat Conga +1
Name of the Vulnerable Software and Affected Versions: Red Hat Conga version 0.12.2 Description: The issue allows remote authenticated users to bypass intended access restrictions. This is achieved via a crafted URL in the /luci/homebase and /luci/cluster menu components. Recommendations: For Red...
PT-2014-3142 · Red Hat · Red Hat Conga +2
Name of the Vulnerable Software and Affected Versions: Red Hat Conga version 0.12.2 Description: The issue allows remote attackers to obtain sensitive information via a crafted request to specific Luci extensions, including homebase, cluster, storage, portal skins/custom, or logs. Recommendations...
CVE-2013-7347
Luci in Red Hat Conga does not properly enforce the user session timeout, which might allow attackers to gain access to the session by reading the ac session cookie. NOTE: this issue has been SPLIT due to different vulnerability types. Use CVE-2012-3359 for the base64-encoded storage of the user...
CVE-2012-3359
Luci in Red Hat Conga stores the user's username and password in a Base64 encoded string in the ac session cookie, which allows attackers to gain privileges by accessing this cookie. NOTE: this issue has been SPLIT due to different vulnerability types. Use CVE-2013-7347 for the incorrect...
Design/Logic Flaw
Luci in Red Hat Conga does not properly enforce the user session timeout, which might allow attackers to gain access to the session by reading the ac session cookie. NOTE: this issue has been SPLIT due to different vulnerability types. Use CVE-2012-3359 for the base64-encoded storage of the user...
Design/Logic Flaw
Luci in Red Hat Conga stores the user's username and password in a Base64 encoded string in the ac session cookie, which allows attackers to gain privileges by accessing this cookie. NOTE: this issue has been SPLIT due to different vulnerability types. Use CVE-2013-7347 for the incorrect...
CVE-2012-3359
CVE-2012-3359 concerns Luci in Red Hat Conga storing the user’s username and password in a Base64-encoded string in the __ac session cookie. This encoding is not secure, and access to the cookie can allow an attacker to gain privileges. The issue is explicitly split from CVE-2013-7347, which cove...
CVE-2013-7347
CVE-2013-7347 affects Luci in Red Hat Conga, where user session timeout is not properly enforced. This could allow an attacker to gain access to an active session by reading the __ac session cookie. The issue is split from CVE-2012-3359, which covers base64-encoded storage of user credentials in ...
CVE-2012-3359
Luci in Red Hat Conga stores the user's username and password in a Base64 encoded string in the ac session cookie, which allows attackers to gain privileges by accessing this cookie. NOTE: this issue has been SPLIT due to different vulnerability types. Use CVE-2013-7347 for the incorrect...
CVE-2013-7347
Luci in Red Hat Conga does not properly enforce the user session timeout, which might allow attackers to gain access to the session by reading the ac session cookie. NOTE: this issue has been SPLIT due to different vulnerability types. Use CVE-2012-3359 for the base64-encoded storage of the user...
Oracle Linux 5 : conga (ELSA-2011-0394)
The remote Oracle Linux 5 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2011-0394 advisory. 0.12.2-24.0.1.el56.1 - Added conga-enterprise.patch - Added conga-enterprise-Carthage.patch to support OEL5 - Recreated Data.fs in lucidb.tar.gz - Replaced redh...