Plone

Plone

103 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.4

CVE-2012-5486

  • EPSS 0.82%
  • Published 30.09.2014 14:55:05
  • Last modified 12.04.2025 10:46:40

ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character.

8.5

CVE-2012-5487

  • EPSS 0.79%
  • Published 30.09.2014 14:55:05
  • Last modified 12.04.2025 10:46:40

The sandbox whitelisting function (allowmodule.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain privileges to bypass the Python sandbox restriction and execute arbitrary Python code via vectors related to...

5

CVE-2012-5488

  • EPSS 0.64%
  • Published 30.09.2014 14:55:05
  • Last modified 12.04.2025 10:46:40

python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to createObject.

5

CVE-2013-7060

  • EPSS 0.28%
  • Published 02.05.2014 14:55:05
  • Last modified 12.04.2025 10:46:40

Products/CMFPlone/FactoryTool.py in Plone 3.3 through 4.3.2 allows remote attackers to obtain the installation path via vectors related to a file object for unspecified documentation which is initialized in class scope.

5.5

CVE-2013-7061

  • EPSS 0.26%
  • Published 02.05.2014 14:55:05
  • Last modified 12.04.2025 10:46:40

Products/CMFPlone/CatalogTool.py in Plone 3.3 through 4.3.2 allows remote administrators to bypass restrictions and obtain sensitive information via an unspecified search API.

4.3

CVE-2013-4188

  • EPSS 0.56%
  • Published 11.03.2014 19:37:02
  • Last modified 12.04.2025 10:46:40

traverser.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote attackers with administrator privileges to cause a denial of service (infinite loop and resource consumption) via unspecified vectors related to "retrie...

6.5

CVE-2013-4189

  • EPSS 0.5%
  • Published 11.03.2014 19:37:02
  • Last modified 12.04.2025 10:46:40

Multiple unspecified vulnerabilities in (1) dataitems.py, (2) get.py, and (3) traverseName.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote authenticated users with administrator access to a subtree to access nod...

4.3

CVE-2013-4190

  • EPSS 0.26%
  • Published 11.03.2014 19:37:02
  • Last modified 12.04.2025 10:46:40

Multiple cross-site scripting (XSS) vulnerabilities in (1) spamProtect.py, (2) pts.py, and (3) request.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote attackers to inject arbitrary web script or HTML via unspeci...

5.8

CVE-2013-4191

  • EPSS 0.31%
  • Published 11.03.2014 19:37:02
  • Last modified 12.04.2025 10:46:40

zip.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly enforce access restrictions when including content in a zip archive, which allows remote attackers to obtain sensitive information by reading a generated ...

4

CVE-2013-4192

  • EPSS 0.22%
  • Published 11.03.2014 19:37:02
  • Last modified 12.04.2025 10:46:40

sendto.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to spoof emails via unspecified vectors.