Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redhat conga vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2007-4136
The ricci daemon in Red Hat Conga 0.10.0 allows remote malicious users to cause a denial of service (loss of new connections) by repeatedly sending data or attempting connections.
Redhat Conga 0.10.0
NA
CVE-2012-3359
Luci in Red Hat Conga stores the user's username and password in a Base64 encoded string in the __ac session cookie, which allows malicious users to gain privileges by accessing this cookie. NOTE: this issue has been SPLIT due to different vulnerability types. Use CVE-2013-7...
Redhat Conga
Redhat Enterprise Linux 5
NA
CVE-2013-7347
Luci in Red Hat Conga does not properly enforce the user session timeout, which might allow malicious users to gain access to the session by reading the __ac session cookie. NOTE: this issue has been SPLIT due to different vulnerability types. Use CVE-2012-3359 for the base64-enc...
Redhat Enterprise Linux 5
Redhat Conga
NA
CVE-2010-3852
The default configuration of Luci 0.22.4 and previous versions in Red Hat Conga uses "[INSERT SECRET HERE]" as its secret key for cookies, which makes it easier for remote malicious users to bypass repoze.who authentication via a forged ticket cookie.
Redhat Luci
NA
CVE-2011-0720
Unspecified vulnerability in Plone 2.5 up to and including 4.0, as used in Conga, luci, and possibly other products, allows remote malicious users to obtain administrative access, read or create arbitrary content, and change the site skin via unknown vectors.
Plone Plone 3.0.2
Plone Plone 3.0.1
Plone Plone 3.1.1
Plone Plone 3.1.6
Plone Plone 3.3.1
Plone Plone 3.0.4
Plone Plone 2.5.1
Plone Plone 3.3.5
Plone Plone 3.0.6
Plone Plone 3.1.3
Plone Plone 3.2
Plone Plone 3.1.5.1
Plone Plone 3.3.3
Plone Plone 3.0
Plone Plone 2.5
Plone Plone 4.0
Plone Plone 3.0.3
Plone Plone 2.5.4
Plone Plone 3.0.5
Plone Plone 3.1
Plone Plone 3.2.2
Plone Plone 3.3
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22460
CVE-2024-4646
CVE-2024-29212
IMAP
CVE-2023-36672
CVE-2024-34547
command injection
CVE-2024-4651
stored XSS
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started