6 matches found
CVE-2011-0720
CVE-2011-0720 affects Plone 2.5–4.0 as used in Conga and luci. The vulnerability enables a remote attacker to obtain administrative access, read or create arbitrary content, and change the site skin via unspecified vectors due to improper access controls in the Conga/luci web components. Public a...
CVE-2012-3359
CVE-2012-3359 concerns Luci in Red Hat Conga storing the user’s username and password in a Base64-encoded string in the __ac session cookie. This encoding is not secure, and access to the cookie can allow an attacker to gain privileges. The issue is explicitly split from CVE-2013-7347, which cove...
CVE-2013-7347
CVE-2013-7347 affects Luci in Red Hat Conga, where user session timeout is not properly enforced. This could allow an attacker to gain access to an active session by reading the __ac session cookie. The issue is split from CVE-2012-3359, which covers base64-encoded storage of user credentials in ...
CVE-2007-4136
CVE-2007-4136 : A denial-of-service flaw in the ricci daemon of Red Hat Conga 0.10.0 allows remote attackers to temporarily refuse new connections by repeatedly sending data or attempting connections. The issue is documented in multiple sources (RHSA-2007:0640, RHSA advisories, and Oracle/Linux u...
CVE-2013-6496
CVE-2013-6496 affects Red Hat Conga 0.12.2, enabling a remote attacker to cause information disclosure by issuing a crafted request to the Luci extension endpoints: (1) homebase, (2) cluster, (3) storage, (4) portal_skins/custom, or (5) logs. The linked sources corroborate this as the vulnerabili...
CVE-2014-3521
CVE-2014-3521 affects Red Hat Conga 0.12.2 in the luci/homebase and luci/cluster menu. The issue allows remote authenticated users to bypass access restrictions by sending a crafted URL, enabling partial disclosure/ modification concerns (per CVSS 2.0: AV:N/AC:L/Au:S/C:P/I:P/A:N). Exploitation st...