Plone Filesystem path information leak

Products/CMFPlone/FactoryTool.py in Plone 3.3 through 4.3.2 allows remote attackers to obtain the installation path via vectors related to a file object for unspecified documentation which is initialized in class scope...

Weak Password Requirements

Products.CMFPlone uses weak password requirements. The vulnerability exists as password strength checks were not always checked...

GHSA-P7H9-VF92-5FJ5 Cross-site scripting in Products.CMFPlone and Products.PasswordResetTool

Cross-site scripting XSS vulnerability in Plone 4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL...

Redirect Attacks

Products.CMFPlone is vulnerable to redirect attacks. Attackers can set a url to contain the data: pre-fix and redirect users to a malicious website...

CVE-2013-7060

Products/CMFPlone/FactoryTool.py in Plone 3.3 through 4.3.2 allows remote attackers to obtain the installation path via vectors related to a file object for unspecified documentation which is initialized in class scope...

CVE-2013-7061

Products/CMFPlone/CatalogTool.py in Plone 3.3 through 4.3.2 allows remote administrators to bypass restrictions and obtain sensitive information via an unspecified search API...

Design/Logic Flaw

Products/CMFPlone/FactoryTool.py in Plone 3.3 through 4.3.2 allows remote attackers to obtain the installation path via vectors related to a file object for unspecified documentation which is initialized in class scope...

CVE-2013-7061

Products/CMFPlone/CatalogTool.py in Plone 3.3 through 4.3.2 allows remote administrators to bypass restrictions and obtain sensitive information via an unspecified search API...

Debian Security Advisory DSA 1405-2 (zope-cmfplone)

The remote host is missing an update to zope-cmfplone announced via advisory DSA 1405-2. OpenVAS Vulnerability Test $Id: deb14052.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1405-2 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

Debian Security Advisory DSA 1405-1 (zope-cmfplone)

The remote host is missing an update to zope-cmfplone announced via advisory DSA 1405-1. OpenVAS Vulnerability Test $Id: deb14051.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1405-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

Debian Security Advisory DSA 1405-3 (zope-cmfplone)

The remote host is missing an update to zope-cmfplone announced via advisory DSA 1405-3. OpenVAS Vulnerability Test $Id: deb14053.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1405-3 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

Debian Security Advisory DSA 1032-1 (zope-cmfplone)

The remote host is missing an update to zope-cmfplone announced via advisory DSA 1032-1. It was discovered that the Plone content management system lacks security declarations for three internal classes. This allows manipulation of user portraits by unprivileged users. The old stable distribution...

Debian: Security Advisory (DSA-1405-2)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian Security Advisory DSA 1405-2 (zope-cmfplone)

The remote host is missing an update to zope-cmfplone announced via advisory DSA 1405-2. This VT has been deprecated and merged into the VT SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

Debian Security Advisory DSA 1405-1 (zope-cmfplone)

The remote host is missing an update to zope-cmfplone announced via advisory DSA 1405-1. This VT has been deprecated and merged into the VT SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

Debian: Security Advisory (DSA-1032-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DSA 1405-3] New zope-cmfplone packages fix regression

-------------------------------------------------------------------------- Debian Security Advisory DSA 1405-3 [email protected] http://www.debian.org/security/ Thijs Kinkhorst December 1st, 2007 http://www.debian.org/security/faq -...

Debian DSA-1405-3 : zope-cmfplone - missing input sanitising

It was discovered that Plone, a web content management system, allows remote attackers to execute arbitrary code via specially crafted web browser cookies. The oldstable distribution sarge is not affected by this problem. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text a...

[SECURITY] [DSA 1405-2] New zope-cmfplone packages fix regression

-------------------------------------------------------------------------- Debian Security Advisory DSA 1405-2 [email protected] http://www.debian.org/security/ Thijs Kinkhorst November 11th, 2007 http://www.debian.org/security/faq -...

[SECURITY] [DSA 1405-1] New zope-cmfplone packages fix arbitrary code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 1405-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst November 9th, 2007 http://www.debian.org/security/faq -...