MidnightBSD

Advisories for trevor_mckay

CVE-2012-1575 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in Cumin before r5238 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) widgets or (2) pages.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
trevor_mckay cumin *
CVE-2012-2683 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) "error message displays" or (2) "in source HTML on certain pages."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
trevor_mckay cumin 0.1.5137-1
trevor_mckay cumin 0.1.5192-1
redhat enterprise_mrg 2.0
trevor_mckay cumin 0.1.4916-1
trevor_mckay cumin 0.1.5105-1
trevor_mckay cumin *
trevor_mckay cumin 0.1.5068-1
trevor_mckay cumin 0.1.5137-3
trevor_mckay cumin 0.1.4794-1
trevor_mckay cumin 0.1.5137-2
trevor_mckay cumin 0.1.5033-1
trevor_mckay cumin 0.1.3160-1
trevor_mckay cumin 0.1.4494-1
trevor_mckay cumin 0.1.5092-1
trevor_mckay cumin 0.1.5037-1
trevor_mckay cumin 0.1.5054-1
trevor_mckay cumin 0.1.4410-2
trevor_mckay cumin 0.1.5137-5
trevor_mckay cumin 0.1.5098-2
trevor_mckay cumin 0.1.4369-1
trevor_mckay cumin 0.1.5137-4
CVE-2012-2734 MEDIUM

Multiple cross-site request forgery (CSRF) vulnerabilities in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allow remote attackers to hijack the authentication of arbitrary users for requests that execute commands via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
trevor_mckay cumin 0.1.5137-1
trevor_mckay cumin 0.1.5192-1
redhat enterprise_mrg 2.0
trevor_mckay cumin 0.1.4916-1
trevor_mckay cumin 0.1.5105-1
trevor_mckay cumin *
trevor_mckay cumin 0.1.5068-1
trevor_mckay cumin 0.1.5137-3
trevor_mckay cumin 0.1.4794-1
trevor_mckay cumin 0.1.5137-2
trevor_mckay cumin 0.1.5033-1
trevor_mckay cumin 0.1.3160-1
trevor_mckay cumin 0.1.4494-1
trevor_mckay cumin 0.1.5092-1
trevor_mckay cumin 0.1.5037-1
trevor_mckay cumin 0.1.5054-1
trevor_mckay cumin 0.1.4410-2
trevor_mckay cumin 0.1.5137-5
trevor_mckay cumin 0.1.5098-2
trevor_mckay cumin 0.1.4369-1
trevor_mckay cumin 0.1.5137-4
CVE-2012-2735 MEDIUM

Session fixation vulnerability in Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, allows remote attackers to hijack web sessions via a crafted session cookie.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
trevor_mckay cumin 0.1.5137-1
trevor_mckay cumin 0.1.5192-1
redhat enterprise_mrg 2.0
trevor_mckay cumin 0.1.4916-1
trevor_mckay cumin 0.1.5105-1
trevor_mckay cumin *
trevor_mckay cumin 0.1.5068-1
trevor_mckay cumin 0.1.5137-3
trevor_mckay cumin 0.1.4794-1
trevor_mckay cumin 0.1.5137-2
trevor_mckay cumin 0.1.5033-1
trevor_mckay cumin 0.1.3160-1
trevor_mckay cumin 0.1.4494-1
trevor_mckay cumin 0.1.5092-1
trevor_mckay cumin 0.1.5037-1
trevor_mckay cumin 0.1.5054-1
trevor_mckay cumin 0.1.4410-2
trevor_mckay cumin 0.1.5137-5
trevor_mckay cumin 0.1.5098-2
trevor_mckay cumin 0.1.4369-1
trevor_mckay cumin 0.1.5137-4