102 matches found
Important: Red Hat Security Advisory: conga security update
Updated conga packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
Important: Red Hat Security Advisory: conga security update
Updated conga packages that fix one security issue are now available for Red Hat Cluster Suite 4. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availab...
conga security update
0.12.2-24.0.1.el56.1 - Added conga-enterprise.patch - Added conga-enterprise-Carthage.patch to support OEL5 - Recreated Data.fs in lucidb.tar.gz - Replaced redhat logo image in conga-0.12.2.tar.gz 0.12.2-24.1 - Fix bz680515 CVE-2011-0720 plone: unauthorized remote administrative access...
CVE-2011-0720
CVE-2011-0720 affects Plone 2.5–4.0 as used in Conga and luci. The vulnerability enables a remote attacker to obtain administrative access, read or create arbitrary content, and change the site skin via unspecified vectors due to improper access controls in the Conga/luci web components. Public a...
CVE-2010-3852
The default configuration of Luci 0.22.4 and earlier in Red Hat Conga uses "INSERT SECRET HERE" as its secret key for cookies, which makes it easier for remote attackers to bypass repoze.who authentication via a forged ticket cookie...
Default configuration
The default configuration of Luci 0.22.4 and earlier in Red Hat Conga uses "INSERT SECRET HERE" as its secret key for cookies, which makes it easier for remote attackers to bypass repoze.who authentication via a forged ticket cookie...
CVE-2010-3852
CVE-2010-3852 affects Luci ( Luci 0.22.4 and earlier ) used in Red Hat Conga. The root cause is a weak default cookie secret key, rendered as [INSERT SECRET HERE], which enables remote attackers to forge a cookie and bypass repoze.who authentication. The vulnerability impact is partial confidenti...
CVE-2010-3852
The default configuration of Luci 0.22.4 and earlier in Red Hat Conga uses "INSERT SECRET HERE" as its secret key for cookies, which makes it easier for remote attackers to bypass repoze.who authentication via a forged ticket cookie...
CVE-2008-5102
CVE-2008-5102 concerns Zope 2.x up to version 2.11.2, where PythonScripts can be abused by remote authenticated users to cause a denial of service through certain raise or import statements. The OpenVAS entries refer to a Zope 2.11.2 DoS vulnerability and note a vendor fix as the remediation. The...
Moderate: Red Hat Security Advisory: conga security, bug fix, and enhancement update
Packages have been updated to include PowerPC and xenU packages. Updated conga packages that fix a security flaw, several bugs, and add enhancements are now available for Red Hat Cluster Suite. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Th...
ricci is vulnerable to a connect DoS attack
The ricci daemon in Red Hat Conga 0.10.0 allows remote attackers to cause a denial of service loss of new connections by repeatedly sending data or attempting connections...
conga security, bug fix, and enhancement update
0.10.0-6.el5.0.1 - Replaced Redhat copyrighted and trademarked images in the conga-0.10.0 tarball. 0.10.0-6 - Fixed bz253783 - Fixed bz253914 conga doesn't allow you to reuse nfs export and nfs client resources - Fixed bz254038 Impossible to set many valid quorum disk configurations via conga -...
CVE-2007-4136
The ricci daemon in Red Hat Conga 0.10.0 allows remote attackers to cause a denial of service loss of new connections by repeatedly sending data or attempting connections...
Code injection
The ricci daemon in Red Hat Conga 0.10.0 allows remote attackers to cause a denial of service loss of new connections by repeatedly sending data or attempting connections...
CVE-2007-4136
CVE-2007-4136 : A denial-of-service flaw in the ricci daemon of Red Hat Conga 0.10.0 allows remote attackers to temporarily refuse new connections by repeatedly sending data or attempting connections. The issue is documented in multiple sources (RHSA-2007:0640, RHSA advisories, and Oracle/Linux u...
ricci is vulnerable to a connect DoS attack
The ricci daemon in Red Hat Conga 0.10.0 allows remote attackers to cause a denial of service loss of new connections by repeatedly sending data or attempting connections...
Design/Logic Flaw
The luci server component in conga preserves the password between page loads for the Add System/Cluster task flow by storing the password in the Value attribute of a password entry field, which allows attackers to steal the password by performing a "view source" or other operation to obtain the w...
CVE-2007-1462
The luci server component in conga preserves the password between page loads for the Add System/Cluster task flow by storing the password in the Value attribute of a password entry field, which allows attackers to steal the password by performing a "view source" or other operation to obtain the w...
CVE-2007-1462
The CVE-2007-1462 issue affects the luci server component in Conga, where a password is stored in the Value attribute of a password field between page loads. This enables a password disclosure through page source viewing or similar operations; impact is partial confidentiality loss as noted, with...
CVE-2007-1462
The luci server component in conga preserves the password between page loads for the Add System/Cluster task flow by storing the password in the Value attribute of a password entry field, which allows attackers to steal the password by performing a "view source" or other operation to obtain the w...