Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
conga conga vulnerabilities and exploits
(subscribe to this query)
3.7
CVSSv2
CVE-2012-3359
Luci in Red Hat Conga stores the user's username and password in a Base64 encoded string in the __ac session cookie, which allows malicious users to gain privileges by accessing this cookie. NOTE: this issue has been SPLIT due to different vulnerability types. Use CVE-2013-7...
Redhat Conga
Redhat Enterprise Linux 5
3.7
CVSSv2
CVE-2013-7347
Luci in Red Hat Conga does not properly enforce the user session timeout, which might allow malicious users to gain access to the session by reading the __ac session cookie. NOTE: this issue has been SPLIT due to different vulnerability types. Use CVE-2012-3359 for the base64-enc...
Redhat Enterprise Linux 5
Redhat Conga
4.3
CVSSv2
CVE-2011-1948
Cross-site scripting (XSS) vulnerability in Plone 4.1 and previous versions allows remote malicious users to inject arbitrary web script or HTML via a crafted URL.
Plone Plone 3.3
Plone Plone 1.0
Plone Plone 4.0.5
Plone Plone 3.0.1
Plone Plone 1.0.3
Plone Plone 3.0
Plone Plone 3.2.3
Plone Plone 3.1.4
Plone Plone 3.1.5.1
Plone Plone 2.1.4
Plone Plone 4.0.2
Plone Plone 3.3.5
Plone Plone 3.0.6
Plone Plone 2.5.4
Plone Plone 3.2
Plone Plone 3.1.1
Plone Plone 2.1.1
Plone Plone 3.3.4
Plone Plone 2.0.3
Plone Plone 1.0.4
Plone Plone 3.3.2
Plone Plone 2.0
7.5
CVSSv2
CVE-2011-0720
Unspecified vulnerability in Plone 2.5 up to and including 4.0, as used in Conga, luci, and possibly other products, allows remote malicious users to obtain administrative access, read or create arbitrary content, and change the site skin via unknown vectors.
Plone Plone 3.0.2
Plone Plone 3.0.1
Plone Plone 3.1.1
Plone Plone 3.1.6
Plone Plone 3.3.1
Plone Plone 3.0.4
Plone Plone 2.5.1
Plone Plone 3.3.5
Plone Plone 3.0.6
Plone Plone 3.1.3
Plone Plone 3.2
Plone Plone 3.1.5.1
Plone Plone 3.3.3
Plone Plone 3.0
Plone Plone 2.5
Plone Plone 4.0
Plone Plone 3.0.3
Plone Plone 2.5.4
Plone Plone 3.0.5
Plone Plone 3.1
Plone Plone 3.2.2
Plone Plone 3.3
6.4
CVSSv2
CVE-2010-3852
The default configuration of Luci 0.22.4 and previous versions in Red Hat Conga uses "[INSERT SECRET HERE]" as its secret key for cookies, which makes it easier for remote malicious users to bypass repoze.who authentication via a forged ticket cookie.
Redhat Luci
4.3
CVSSv2
CVE-2010-1104
Cross-site scripting (XSS) vulnerability in Zope 2.8.x prior to 2.8.12, 2.9.x prior to 2.9.12, 2.10.x prior to 2.10.11, 2.11.x prior to 2.11.6, and 2.12.x prior to 2.12.3 allows remote malicious users to inject arbitrary web script or HTML via vectors related to error messages.
Zope Zope 2.8.0-final
Zope Zope 2.8.1
Zope Zope 2.8.1-b1
Zope Zope 2.8.6
Zope Zope 2.8.0-b1
Zope Zope 2.8.0-b2
Zope Zope 2.8.4
Zope Zope 2.8.5
Zope Zope 2.9.0
Zope Zope 2.9.0-b1
Zope Zope 2.9.5
Zope Zope 2.9.6
Zope Zope 2.10.2-b1
Zope Zope 2.10.0-final
Zope Zope 2.10.4-final
Zope Zope 2.10.3
Zope Zope 2.11.2
Zope Zope 2.11.3
Zope Zope 2.11.0a1
Zope Zope 2.12.2
Zope Zope 2.8
Zope Zope 2.8.0
4
CVSSv2
CVE-2008-5102
PythonScripts in Zope 2 2.11.2 and previous versions, as used in Conga and other products, allows remote authenticated users to cause a denial of service (resource consumption or application halt) via certain (1) raise or (2) import statements.
Zope Zope 2.10.3-final
Zope Zope 2.10.2-final
Zope Zope 2.10.5
Zope Zope 2.9.0-final
Zope Zope 2.9.6
Zope Zope 2.9.5
Zope Zope 2.8.0-final
Zope Zope 2.8.0-b2
Zope Zope 2.8.7
Zope Zope 2.8.6
Zope Zope 2.7.6-final
Zope Zope 2.7.6-b2
Zope Zope 2.7.4-c1
Zope Zope 2.7.4-b2
Zope Zope 2.7.1-b2
Zope Zope 2.7.1-b1
Zope Zope 2.7.0-b1
Zope Zope 2.7.0-a1
Zope Zope 2.6.2.b4
Zope Zope 2.6.2.b3
Zope Zope 2.6.4
Zope Zope 2.6.3
1 EDB exploit
5
CVSSv2
CVE-2007-4136
The ricci daemon in Red Hat Conga 0.10.0 allows remote malicious users to cause a denial of service (loss of new connections) by repeatedly sending data or attempting connections.
Redhat Conga 0.10.0
4.3
CVSSv2
CVE-2007-1462
The luci server component in conga preserves the password between page loads for the Add System/Cluster task flow by storing the password in the Value attribute of a password entry field, which allows malicious users to steal the password by performing a "view source" o...
Conga Conga
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4671
unauthorized
CVE-2024-4776
CVE-2024-3407
CVE-2024-26026
CVE-2024-32888
wireless
CVE-2024-4656
template injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started