Lucene search
K

102 matches found

RedHat Linux
RedHat Linux
added 2011/03/28 5:32 p.m.35 views

Important: Red Hat Security Advisory: conga security update

Updated conga packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

7.5CVSS5.8AI score0.03171EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2011/03/28 5:28 p.m.28 views

Important: Red Hat Security Advisory: conga security update

Updated conga packages that fix one security issue are now available for Red Hat Cluster Suite 4. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availab...

7.5CVSS5.8AI score0.03171EPSS
Exploits0References2
Oracle linux
Oracle linux
added 2011/03/28 12:0 a.m.27 views

conga security update

0.12.2-24.0.1.el56.1 - Added conga-enterprise.patch - Added conga-enterprise-Carthage.patch to support OEL5 - Recreated Data.fs in lucidb.tar.gz - Replaced redhat logo image in conga-0.12.2.tar.gz 0.12.2-24.1 - Fix bz680515 CVE-2011-0720 plone: unauthorized remote administrative access...

7.5CVSS2.7AI score0.03171EPSS
Exploits0
CVE
CVE
added 2011/02/03 4:0 p.m.123 views

CVE-2011-0720

CVE-2011-0720 affects Plone 2.5–4.0 as used in Conga and luci. The vulnerability enables a remote attacker to obtain administrative access, read or create arbitrary content, and change the site skin via unspecified vectors due to improper access controls in the Conga/luci web components. Public a...

7.5CVSS6.4AI score0.03171EPSS
Exploits0References10Affected Software3
NVD
NVD
added 2010/11/06 12:0 a.m.10 views

CVE-2010-3852

The default configuration of Luci 0.22.4 and earlier in Red Hat Conga uses "INSERT SECRET HERE" as its secret key for cookies, which makes it easier for remote attackers to bypass repoze.who authentication via a forged ticket cookie...

6.4CVSS6.6AI score0.02002EPSS
Exploits0References12
Prion
Prion
added 2010/11/06 12:0 a.m.10 views

Default configuration

The default configuration of Luci 0.22.4 and earlier in Red Hat Conga uses "INSERT SECRET HERE" as its secret key for cookies, which makes it easier for remote attackers to bypass repoze.who authentication via a forged ticket cookie...

6.4CVSS6.9AI score0.02002EPSS
Exploits0References12Affected Software1
CVE
CVE
added 2010/11/05 10:0 p.m.64 views

CVE-2010-3852

CVE-2010-3852 affects Luci ( Luci 0.22.4 and earlier ) used in Red Hat Conga. The root cause is a weak default cookie secret key, rendered as [INSERT SECRET HERE], which enables remote attackers to forge a cookie and bypass repoze.who authentication. The vulnerability impact is partial confidenti...

6.4CVSS6.7AI score0.02002EPSS
Exploits0References12Affected Software1
Cvelist
Cvelist
added 2010/11/05 10:0 p.m.35 views

CVE-2010-3852

The default configuration of Luci 0.22.4 and earlier in Red Hat Conga uses "INSERT SECRET HERE" as its secret key for cookies, which makes it easier for remote attackers to bypass repoze.who authentication via a forged ticket cookie...

6.5AI score0.02002EPSS
Exploits0References12
CVE
CVE
added 2008/11/17 6:0 p.m.51 views

CVE-2008-5102

CVE-2008-5102 concerns Zope 2.x up to version 2.11.2, where PythonScripts can be abused by remote authenticated users to cause a denial of service through certain raise or import statements. The OpenVAS entries refer to a Zope 2.11.2 DoS vulnerability and note a vendor fix as the remediation. The...

4CVSS6.3AI score0.03956EPSS
Exploits0References8Affected Software1
RedHat Linux
RedHat Linux
added 2007/11/21 9:51 p.m.24 views

Moderate: Red Hat Security Advisory: conga security, bug fix, and enhancement update

Packages have been updated to include PowerPC and xenU packages. Updated conga packages that fix a security flaw, several bugs, and add enhancements are now available for Red Hat Cluster Suite. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Th...

5CVSS5.8AI score0.01745EPSS
Exploits0References13
RedHat Linux
RedHat Linux
added 2007/11/21 9:51 p.m.5 views

ricci is vulnerable to a connect DoS attack

The ricci daemon in Red Hat Conga 0.10.0 allows remote attackers to cause a denial of service loss of new connections by repeatedly sending data or attempting connections...

5CVSS5.9AI score0.01745EPSS
Exploits0References4
Oracle linux
Oracle linux
added 2007/11/19 12:0 a.m.25 views

conga security, bug fix, and enhancement update

0.10.0-6.el5.0.1 - Replaced Redhat copyrighted and trademarked images in the conga-0.10.0 tarball. 0.10.0-6 - Fixed bz253783 - Fixed bz253914 conga doesn't allow you to reuse nfs export and nfs client resources - Fixed bz254038 Impossible to set many valid quorum disk configurations via conga -...

5CVSS6.3AI score0.01745EPSS
Exploits0
NVD
NVD
added 2007/11/14 12:46 a.m.28 views

CVE-2007-4136

The ricci daemon in Red Hat Conga 0.10.0 allows remote attackers to cause a denial of service loss of new connections by repeatedly sending data or attempting connections...

5CVSS6.5AI score0.01745EPSS
Exploits0References7
Prion
Prion
added 2007/11/14 12:46 a.m.18 views

Code injection

The ricci daemon in Red Hat Conga 0.10.0 allows remote attackers to cause a denial of service loss of new connections by repeatedly sending data or attempting connections...

5CVSS6.8AI score0.01745EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2007/11/14 12:0 a.m.65 views

CVE-2007-4136

CVE-2007-4136 : A denial-of-service flaw in the ricci daemon of Red Hat Conga 0.10.0 allows remote attackers to temporarily refuse new connections by repeatedly sending data or attempting connections. The issue is documented in multiple sources (RHSA-2007:0640, RHSA advisories, and Oracle/Linux u...

5CVSS6.4AI score0.01745EPSS
Exploits0References7Affected Software1
RedHat Linux
RedHat Linux
added 2007/11/07 9:0 a.m.9 views

ricci is vulnerable to a connect DoS attack

The ricci daemon in Red Hat Conga 0.10.0 allows remote attackers to cause a denial of service loss of new connections by repeatedly sending data or attempting connections...

5CVSS5.9AI score0.01745EPSS
Exploits0References4
Prion
Prion
added 2007/03/15 8:19 p.m.24 views

Design/Logic Flaw

The luci server component in conga preserves the password between page loads for the Add System/Cluster task flow by storing the password in the Value attribute of a password entry field, which allows attackers to steal the password by performing a "view source" or other operation to obtain the w...

4.3CVSS6.8AI score0.00865EPSS
Exploits0References2
NVD
NVD
added 2007/03/15 8:19 p.m.24 views

CVE-2007-1462

The luci server component in conga preserves the password between page loads for the Add System/Cluster task flow by storing the password in the Value attribute of a password entry field, which allows attackers to steal the password by performing a "view source" or other operation to obtain the w...

4.3CVSS6.5AI score0.00865EPSS
Exploits0References2
CVE
CVE
added 2007/03/15 8:0 p.m.60 views

CVE-2007-1462

The CVE-2007-1462 issue affects the luci server component in Conga, where a password is stored in the Value attribute of a password field between page loads. This enables a password disclosure through page source viewing or similar operations; impact is partial confidentiality loss as noted, with...

4.3CVSS6.5AI score0.00865EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2007/03/15 8:0 p.m.29 views

CVE-2007-1462

The luci server component in conga preserves the password between page loads for the Add System/Cluster task flow by storing the password in the Value attribute of a password entry field, which allows attackers to steal the password by performing a "view source" or other operation to obtain the w...

6.5AI score0.00865EPSS
Exploits0References2
Rows per page
Query Builder