EUVD-2007-4120

Malware in sbrugna...

RHEL 5 : ricci (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - ricci: Cluster Configuration System css tool ignores invalid passwords after a successful authentication...

RHEL 6 : ricci (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - ricci: Cluster Configuration System css tool ignores invalid passwords after a successful authentication...

Oracle Linux 5 : conga (ELSA-2007-0640)

The remote Oracle Linux 5 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2007-0640 advisory. 0.10.0-6.el5.0.1 - Replaced Redhat copyrighted and trademarked images in the conga-0.10.0 tarball. 0.10.0-6 - Fixed bz253783 - Fixed bz253914 conga doesn't allo...

ricci-transports-corse.fr Cross Site Scripting vulnerability OBB-3110498

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Denial Of Service (DoS)

The Conga is vulnerable to Denial Of Service DoS. A flaw was found in ricci during a code audit. A remote attacker who is able to connect to ricci could cause ricci to temporarily refuse additional connections, a denial of service...

Access Restriction Bypass

The Conga project is a management system for remote workstations. It consists of luci, which is a secure web-based front end, and ricci, which is a secure daemon that dispatches incoming messages to underlying management modules. It was discovered that Plone, included as a part of luci, did not...

Information Disclosure

The Conga project is a management system for remote workstations. It consists of luci, which is a secure web-based front end, and ricci, which is a secure daemon that dispatches incoming messages to underlying management modules. It was discovered that Plone, included as a part of luci, did not...

Oracle: Security Advisory (ELSA-2011-0394)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

luci, ricci security update

CentOS Errata and Security Advisory CESA-2014:1194 Updated conga packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVS...

Moderate: Red Hat Security Advisory: conga security and bug fix update

Updated conga packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings...

RHEL 5 : conga (RHSA-2013:0128)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2013:0128 advisory. - conga: insecure handling of luci web interface sessions CVE-2012-3359 Note that Nessus has not tested for this issue but has instead relied only on...

RHEL 5 : conga (RHSA-2007:0640)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2007:0640 advisory. The Conga package is a web-based administration tool for remote cluster and storage management. A flaw was found in ricci during a code audit. A remo...

CentOS 5 : conga (CESA-2013:0128)

Updated conga packages that fix one security issue, multiple bugs, and add two enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score, which gives ...

luci, ricci security update

CentOS Errata and Security Advisory CESA-2013:0128 Updated conga packages that fix one security issue, multiple bugs, and add two enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common...

Low: Red Hat Security Advisory: conga security, bug fix, and enhancement update

Updated conga packages that fix one security issue, multiple bugs, and add two enhancements are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score, which gives ...

Scientific Linux Security Update : conga on SL5.x i386/x86_64

A flaw was found in ricci during a code audit. A remote attacker who is able to connect to ricci could cause ricci to temporarily refuse additional connections, a denial of service CVE-2007-4136. Fixes in this updated package include : - The nodename is now set for manual fencing. - The node log ...

luci, ricci security update

CentOS Errata and Security Advisory CESA-2011:0394 Updated conga packages that fix one security issue are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base...

Moderate: Red Hat Security Advisory: conga security, bug fix, and enhancement update

Packages have been updated to include PowerPC and xenU packages. Updated conga packages that fix a security flaw, several bugs, and add enhancements are now available for Red Hat Cluster Suite. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Th...

ricci is vulnerable to a connect DoS attack

The ricci daemon in Red Hat Conga 0.10.0 allows remote attackers to cause a denial of service loss of new connections by repeatedly sending data or attempting connections...