Lucene search
K
RedhatConga

6 matches found

CVE
CVE
added 2011/02/03 4:0 p.m.123 views

CVE-2011-0720

CVE-2011-0720 affects Plone 2.5–4.0 as used in Conga and luci. The vulnerability enables a remote attacker to obtain administrative access, read or create arbitrary content, and change the site skin via unspecified vectors due to improper access controls in the Conga/luci web components. Public a...

7.5CVSS6.4AI score0.03171EPSS
CVE
CVE
added 2014/03/30 12:0 a.m.74 views

CVE-2012-3359

CVE-2012-3359 concerns Luci in Red Hat Conga storing the user’s username and password in a Base64-encoded string in the __ac session cookie. This encoding is not secure, and access to the cookie can allow an attacker to gain privileges. The issue is explicitly split from CVE-2013-7347, which cove...

3.7CVSS6.8AI score0.0034EPSS
CVE
CVE
added 2014/03/30 12:0 a.m.66 views

CVE-2013-7347

CVE-2013-7347 affects Luci in Red Hat Conga, where user session timeout is not properly enforced. This could allow an attacker to gain access to an active session by reading the __ac session cookie. The issue is split from CVE-2012-3359, which covers base64-encoded storage of user credentials in ...

3.7CVSS6.8AI score0.0034EPSS
CVE
CVE
added 2007/11/14 12:0 a.m.64 views

CVE-2007-4136

CVE-2007-4136 : A denial-of-service flaw in the ricci daemon of Red Hat Conga 0.10.0 allows remote attackers to temporarily refuse new connections by repeatedly sending data or attempting connections. The issue is documented in multiple sources (RHSA-2007:0640, RHSA advisories, and Oracle/Linux u...

5CVSS6.4AI score0.01745EPSS
CVE
CVE
added 2014/10/06 2:0 p.m.59 views

CVE-2013-6496

CVE-2013-6496 affects Red Hat Conga 0.12.2, enabling a remote attacker to cause information disclosure by issuing a crafted request to the Luci extension endpoints: (1) homebase, (2) cluster, (3) storage, (4) portal_skins/custom, or (5) logs. The linked sources corroborate this as the vulnerabili...

5CVSS6AI score0.01779EPSS
CVE
CVE
added 2014/10/06 2:0 p.m.57 views

CVE-2014-3521

CVE-2014-3521 affects Red Hat Conga 0.12.2 in the luci/homebase and luci/cluster menu. The issue allows remote authenticated users to bypass access restrictions by sending a crafted URL, enabling partial disclosure/ modification concerns (per CVSS 2.0: AV:N/AC:L/Au:S/C:P/I:P/A:N). Exploitation st...

5.5CVSS6AI score0.01428EPSS