Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
redhat luci vulnerabilities and exploits
(subscribe to this query)
570
VMScore
CVE-2010-3852
The default configuration of Luci 0.22.4 and previous versions in Red Hat Conga uses "[INSERT SECRET HERE]" as its secret key for cookies, which makes it easier for remote malicious users to bypass repoze.who authentication via a forged ticket cookie.
Redhat Luci
552
VMScore
CVE-2013-4482
Untrusted search path vulnerability in python-paste-script (aka paster) in Luci 0.26.0, when started using the initscript, allows local users to gain privileges via a Trojan horse .egg-info file in the (1) current working directory or (2) its parent directories.
Redhat Enterprise Linux 6.0
Scientificlinux Luci 0.26.0
169
VMScore
CVE-2013-4481
Race condition in Luci 0.26.0 creates /var/lib/luci/etc/luci.ini with world-readable permissions before restricting the permissions, which allows local users to read the file and obtain sensitive information such as "authentication secrets."
Scientificlinux Luci 0.26.0
Redhat Enterprise Linux 6.0
329
VMScore
CVE-2012-3359
Luci in Red Hat Conga stores the user's username and password in a Base64 encoded string in the __ac session cookie, which allows malicious users to gain privileges by accessing this cookie. NOTE: this issue has been SPLIT due to different vulnerability types. Use CVE-2013-7...
Redhat Conga
Redhat Enterprise Linux 5
329
VMScore
CVE-2013-7347
Luci in Red Hat Conga does not properly enforce the user session timeout, which might allow malicious users to gain access to the session by reading the __ac session cookie. NOTE: this issue has been SPLIT due to different vulnerability types. Use CVE-2012-3359 for the base64-enc...
Redhat Enterprise Linux 5
Redhat Conga
668
VMScore
CVE-2011-0720
Unspecified vulnerability in Plone 2.5 up to and including 4.0, as used in Conga, luci, and possibly other products, allows remote malicious users to obtain administrative access, read or create arbitrary content, and change the site skin via unknown vectors.
Plone Plone 3.0.2
Plone Plone 3.0.1
Plone Plone 3.1.1
Plone Plone 3.1.6
Plone Plone 3.3.1
Plone Plone 3.0.4
Plone Plone 2.5.1
Plone Plone 3.3.5
Plone Plone 3.0.6
Plone Plone 3.1.3
Plone Plone 3.2
Plone Plone 3.1.5.1
Plone Plone 3.3.3
Plone Plone 3.0
Plone Plone 2.5
Plone Plone 4.0
Plone Plone 3.0.3
Plone Plone 2.5.4
Plone Plone 3.0.5
Plone Plone 3.1
Plone Plone 3.2.2
Plone Plone 3.3
NA
CVE-2023-48795
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH prior to 9.6 and other products, allows remote malicious users to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may conseque...
Openbsd Openssh
Putty Putty
Filezilla-project Filezilla Client
Microsoft Powershell
Panic Transmit 5
Panic Nova
Roumenpetrov Pkixssh
Winscp Winscp
Bitvise Ssh Client
Bitvise Ssh Server
Lancom-systems Lcos
Lancom-systems Lcos Fx -
Lancom-systems Lcos Lx -
Lancom-systems Lcos Sx 5.20
Lancom-systems Lcos Sx 4.20
Lancom-systems Lanconfig -
Vandyke Securecrt
Libssh Libssh
Net-ssh Net-ssh 7.2.0
Ssh2 Project Ssh2
Proftpd Proftpd
Freebsd Freebsd
8 Github repositories
1 Article
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4367
CVE-2024-35977
CVE-2023-49335
man-in-the-middle
CVE-2024-4947
CVE-2024-31714
memory leak
SQL
CVE-2024-35994
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started