Lucene search
K

102 matches found

Cvelist
Cvelist
added 2014/10/06 2:0 p.m.23 views

CVE-2013-6496

Red Hat Conga 0.12.2 allows remote attackers to obtain sensitive information via a crafted request to the 1 homebase, 2 cluster, 3 storage, 4 portalskins/custom, or 5 logs Luci extension...

5.9AI score0.01779EPSS
Exploits0References2
CVE
CVE
added 2014/10/06 2:0 p.m.58 views

CVE-2014-3521

CVE-2014-3521 affects Red Hat Conga 0.12.2 in the luci/homebase and luci/cluster menu. The issue allows remote authenticated users to bypass access restrictions by sending a crafted URL, enabling partial disclosure/ modification concerns (per CVSS 2.0: AV:N/AC:L/Au:S/C:P/I:P/A:N). Exploitation st...

5.5CVSS6AI score0.01428EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2014/10/06 2:0 p.m.18 views

CVE-2014-3521

The component in 1 /luci/homebase and 2 /luci/cluster menu in Red Hat Conga 0.12.2 allows remote authenticated users to bypass intended access restrictions via a crafted URL...

5.9AI score0.01428EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2014/10/01 12:0 a.m.27 views

CentOS 5 : conga (CESA-2014:1194)

Updated conga packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings...

6.8CVSS5.4AI score0.02641EPSS
Exploits0References10
Cent OS
Cent OS
added 2014/09/30 11:21 a.m.85 views

luci, ricci security update

CentOS Errata and Security Advisory CESA-2014:1194 Updated conga packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVS...

6.8CVSS5.8AI score0.02641EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2014/09/18 12:0 a.m.38 views

Oracle Linux 5 : conga (ELSA-2014-1194)

The remote Oracle Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-1194 advisory. 0.12.2-81.0.2.el5 - Replaced redhat logo image in Data.fs 0.12.2-81.0.1.el5 - Added conga-enterprise-Carthage.patch to support OEL5 - Replaced redhat...

6.8CVSS5.6AI score0.02641EPSS
Exploits0References10
Oracle linux
Oracle linux
added 2014/09/17 12:0 a.m.32 views

conga security and bug fix update

0.12.2-81.0.2.el5 - Replaced redhat logo image in Data.fs 0.12.2-81.0.1.el5 - Added conga-enterprise-Carthage.patch to support OEL5 - Replaced redhat logo image in conga-0.12.2.tar.gz 0.12.2-81 - luci: prevent non-admin user from unauthorized executive access Resolves: rhbz1089310 0.12.2-79 - luc...

6.8CVSS5.9AI score0.02641EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2014/09/16 5:28 a.m.3 views

conga: Multiple information leak flaws in various luci site extensions

Multiple information leak flaws were found in the way conga processed luci site extension-related URL requests. A remote, unauthenticated attacker could issue a specially crafted HTTP request that, when processed, would result in unauthorized information disclosure...

5CVSS5.6AI score0.01779EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2014/09/16 5:28 a.m.32 views

Moderate: Red Hat Security Advisory: conga security and bug fix update

Updated conga packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings...

6.8CVSS5.8AI score0.02641EPSS
Exploits0References15
Positive Technologies
Positive Technologies
added 2014/09/16 12:0 a.m.2 views

PT-2014-5371 · Red Hat · Red Hat Conga +1

Name of the Vulnerable Software and Affected Versions: Red Hat Conga version 0.12.2 Description: The issue allows remote authenticated users to bypass intended access restrictions. This is achieved via a crafted URL in the /luci/homebase and /luci/cluster menu components. Recommendations: For Red...

6.8CVSS5.8AI score0.02641EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2014/09/16 12:0 a.m.3 views

PT-2014-3142 · Red Hat · Red Hat Conga +2

Name of the Vulnerable Software and Affected Versions: Red Hat Conga version 0.12.2 Description: The issue allows remote attackers to obtain sensitive information via a crafted request to specific Luci extensions, including homebase, cluster, storage, portal skins/custom, or logs. Recommendations...

6.8CVSS6AI score0.02641EPSS
Exploits0References13
NVD
NVD
added 2014/03/31 2:58 p.m.18 views

CVE-2013-7347

Luci in Red Hat Conga does not properly enforce the user session timeout, which might allow attackers to gain access to the session by reading the ac session cookie. NOTE: this issue has been SPLIT due to different vulnerability types. Use CVE-2012-3359 for the base64-encoded storage of the user...

3.7CVSS6.8AI score0.0034EPSS
Exploits0References2
NVD
NVD
added 2014/03/31 2:58 p.m.13 views

CVE-2012-3359

Luci in Red Hat Conga stores the user's username and password in a Base64 encoded string in the ac session cookie, which allows attackers to gain privileges by accessing this cookie. NOTE: this issue has been SPLIT due to different vulnerability types. Use CVE-2013-7347 for the incorrect...

3.7CVSS6.7AI score0.0034EPSS
Exploits0References2
Prion
Prion
added 2014/03/31 2:58 p.m.16 views

Design/Logic Flaw

Luci in Red Hat Conga does not properly enforce the user session timeout, which might allow attackers to gain access to the session by reading the ac session cookie. NOTE: this issue has been SPLIT due to different vulnerability types. Use CVE-2012-3359 for the base64-encoded storage of the user...

3.7CVSS7AI score0.0034EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2014/03/31 2:58 p.m.15 views

Design/Logic Flaw

Luci in Red Hat Conga stores the user's username and password in a Base64 encoded string in the ac session cookie, which allows attackers to gain privileges by accessing this cookie. NOTE: this issue has been SPLIT due to different vulnerability types. Use CVE-2013-7347 for the incorrect...

3.7CVSS7AI score0.0034EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2014/03/30 12:0 a.m.74 views

CVE-2012-3359

CVE-2012-3359 concerns Luci in Red Hat Conga storing the user’s username and password in a Base64-encoded string in the __ac session cookie. This encoding is not secure, and access to the cookie can allow an attacker to gain privileges. The issue is explicitly split from CVE-2013-7347, which cove...

3.7CVSS6.8AI score0.0034EPSS
Exploits0References2Affected Software2
CVE
CVE
added 2014/03/30 12:0 a.m.66 views

CVE-2013-7347

CVE-2013-7347 affects Luci in Red Hat Conga, where user session timeout is not properly enforced. This could allow an attacker to gain access to an active session by reading the __ac session cookie. The issue is split from CVE-2012-3359, which covers base64-encoded storage of user credentials in ...

3.7CVSS6.8AI score0.0034EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2014/03/30 12:0 a.m.36 views

CVE-2012-3359

Luci in Red Hat Conga stores the user's username and password in a Base64 encoded string in the ac session cookie, which allows attackers to gain privileges by accessing this cookie. NOTE: this issue has been SPLIT due to different vulnerability types. Use CVE-2013-7347 for the incorrect...

6.6AI score0.0034EPSS
Exploits0References2
Cvelist
Cvelist
added 2014/03/30 12:0 a.m.26 views

CVE-2013-7347

Luci in Red Hat Conga does not properly enforce the user session timeout, which might allow attackers to gain access to the session by reading the ac session cookie. NOTE: this issue has been SPLIT due to different vulnerability types. Use CVE-2012-3359 for the base64-encoded storage of the user...

6.6AI score0.0034EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2013/07/12 12:0 a.m.23 views

Oracle Linux 5 : conga (ELSA-2011-0394)

The remote Oracle Linux 5 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2011-0394 advisory. 0.12.2-24.0.1.el56.1 - Added conga-enterprise.patch - Added conga-enterprise-Carthage.patch to support OEL5 - Recreated Data.fs in lucidb.tar.gz - Replaced redh...

7.5CVSS5.5AI score0.03171EPSS
Exploits0References2
Rows per page
Query Builder