3 matches found
CVE-2011-0720
CVE-2011-0720 affects Plone 2.5–4.0 as used in Conga and luci. The vulnerability enables a remote attacker to obtain administrative access, read or create arbitrary content, and change the site skin via unspecified vectors due to improper access controls in the Conga/luci web components. Public a...
CVE-2012-3359
CVE-2012-3359 concerns Luci in Red Hat Conga storing the user’s username and password in a Base64-encoded string in the __ac session cookie. This encoding is not secure, and access to the cookie can allow an attacker to gain privileges. The issue is explicitly split from CVE-2013-7347, which cove...
CVE-2013-7347
CVE-2013-7347 affects Luci in Red Hat Conga, where user session timeout is not properly enforced. This could allow an attacker to gain access to an active session by reading the __ac session cookie. The issue is split from CVE-2012-3359, which covers base64-encoded storage of user credentials in ...