13 matches found
CVE-2013-4414
Cross-site scripting XSS vulnerability in the web interface for cumin in Red Hat Enterprise MRG Grid 2.4 allows remote attackers to inject arbitrary web script or HTML via the "Max allowance" field in the "Set limit" form...
CVE-2013-4404
cumin in Red Hat Enterprise MRG Grid 2.4 does not properly enforce user roles, which allows remote authenticated users to bypass intended role restrictions and obtain sensitive information or perform privileged operations via unspecified vectors...
CVE-2013-4461
SQL injection vulnerability in the web interface for cumin in Red Hat Enterprise MRG Grid 2.4 allows remote attackers to execute arbitrary SQL commands via vectors related to the "filtering table operator."...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in the web interface for cumin in Red Hat Enterprise MRG Grid 2.4 allow remote attackers to hijack the authentication of cumin users for unspecified requests...
Sql injection
SQL injection vulnerability in the web interface for cumin in Red Hat Enterprise MRG Grid 2.4 allows remote attackers to execute arbitrary SQL commands via vectors related to the "filtering table operator."...
CVE-2013-4405
Consolidated information shows CVE-2013-4405 affects Red Hat Enterprise MRG Grid 2.4, specifically the cumin web interface. The issue is Cross-Site Request Forgery (CSRF) vulnerabilities that could allow a remote attacker to hijack the authentication of cumin users for unspecified requests. Conne...
CVE-2013-4404
CVE-2013-4404 affects cumin in Red Hat Enterprise MRG Grid 2.4, where user roles are not properly enforced. This allows remote authenticated users to bypass role restrictions and access privileged information or perform privileged operations via unspecified vectors (impact described as partial co...
CVE-2013-4461
CVE-2013-4461 is a SQL injection vulnerability in the cumin web interface of Red Hat Enterprise MRG Grid 2.4. The issue arises from how cumin parses POST request data, allowing a remote attacker (authenticated) to perform SQL injection against cumin’s database. Affected component: cumin in MRG Gr...
CVE-2013-4405
Multiple cross-site request forgery CSRF vulnerabilities in the web interface for cumin in Red Hat Enterprise MRG Grid 2.4 allow remote attackers to hijack the authentication of cumin users for unspecified requests...
CVE-2013-4404
cumin in Red Hat Enterprise MRG Grid 2.4 does not properly enforce user roles, which allows remote authenticated users to bypass intended role restrictions and obtain sensitive information or perform privileged operations via unspecified vectors...
CVE-2013-4414
CVE-2013-4414 affects Red Hat Enterprise MRG Grid 2.4, specifically the cumin web interface. The vulnerability arises because input from the Max allowance field in the Set limit form is not properly escaped, allowing remote attackers to inject arbitrary web script or HTML (XSS). The issue is miti...
CVE-2013-4461
SQL injection vulnerability in the web interface for cumin in Red Hat Enterprise MRG Grid 2.4 allows remote attackers to execute arbitrary SQL commands via vectors related to the "filtering table operator."...
cumin: CSRF protection does not work
Multiple cross-site request forgery CSRF vulnerabilities in the web interface for cumin in Red Hat Enterprise MRG Grid 2.4 allow remote attackers to hijack the authentication of cumin users for unspecified requests...