Lucene search
Debian Security Advisory DSA 1405-1 (zope-cmfplone)
🗓️ 17 Jan 2008 00:00:00Reported by Copyright (C) 2008 E-Soft Inc.Type 
openvas🔗 plugins.openvas.org👁 9 Views
Debian Security Advisory DSA 1405-1 for zope-cmfplone. Allows remote code execution via crafted web cookies. Update zope-cmfplone package
Show more
| Reporter | Title | Published | Views | Family All 25 |
|---|---|---|---|---|
| Debian Security Advisory DSA 1405-2 (zope-cmfplone) | 17 Jan 200800:00 | – | openvas |
| FreeBSD Ports: plone | 4 Sep 200800:00 | – | openvas |
| Debian Security Advisory DSA 1405-1 (zope-cmfplone) | 17 Jan 200800:00 | – | openvas |
| Debian Security Advisory DSA 1405-3 (zope-cmfplone) | 17 Jan 200800:00 | – | openvas |
| FreeBSD Ports: plone | 4 Sep 200800:00 | – | openvas |
| Debian: Security Advisory (DSA-1405-2) | 17 Jan 200800:00 | – | openvas |
| Debian Security Advisory DSA 1405-2 (zope-cmfplone) | 17 Jan 200800:00 | – | openvas |
 | PYSEC-2007-4 | 7 Nov 200721:46 | – | osv |
| GHSA-HF26-VVMX-X8C8 Plone Arbitrary Code Execution via Unsafe Handling of Pickles | 1 May 202218:36 | – | osv |
| DSA-1405-1 zope-cmfplone - arbitrary code | 9 Nov 200700:00 | – | osv |
10
| Source | Link |
|---|---|
| secure1 | www.secure1.securityspace.com/smysecure/catid.html |
# SPDX-FileCopyrightText: 2008 E-Soft Inc.
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.58737");
script_version("2025-01-17T05:37:18+0000");
script_tag(name:"last_modification", value:"2025-01-17 05:37:18 +0000 (Fri, 17 Jan 2025)");
script_tag(name:"creation_date", value:"2008-01-17 23:23:47 +0100 (Thu, 17 Jan 2008)");
script_cve_id("CVE-2007-5741");
script_tag(name:"cvss_base", value:"7.5");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_name("Debian Security Advisory DSA 1405-1 (zope-cmfplone)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2008 E-Soft Inc.");
script_family("Debian Local Security Checks");
script_xref(name:"URL", value:"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201405-1");
script_tag(name:"insight", value:"It was discovered that Plone, a web content management system, allows
remote attackers to execute arbitrary code via specially crafted web
browser cookies.
The oldstable distribution (sarge) is not affected by this problem.
For the stable distribution (etch) this problem has been fixed in
version 2.5.1-4etch1.
For the unstable distribution (sid) this problem will be fixed soon.");
script_tag(name:"solution", value:"We recommend that you upgrade your zope-cmfplone package.");
script_tag(name:"summary", value:"The remote host is missing an update to zope-cmfplone announced via advisory DSA 1405-1.
This VT has been deprecated and merged into the VT 'Debian: Security Advisory (DSA-1405)' (OID: 1.3.6.1.4.1.25623.1.0.58739).");
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"deprecated", value:TRUE);
exit(0);
}
exit(66);
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo17 Jan 2008 00:00Current
6.4Medium risk
Vulners AI Score6.4
CVSS27.5
EPSS0.03388