Plone and Zope cmd Parameter Remote Command Execution (CVE-2011-3587)

A remote code execution vulnerability has been reported in Zope and Plone. The vulnerability is due to failing to properly validate user-supplied input. A remote attacker can exploit this vulnerability by execute arbitrary shell commands...

Plone and Zope Remote Command Execution PoC

BUGTRAQ ID: 49857 CVE ID: CVE-2011-3587 Zope是一个开源的web应用服务器，主要用python写成 Zope在实现上存在远程命令执行漏洞，非法攻击者可利用此漏洞部署特制的Web请求并以Zope/Plone服务权限执行任意命令 0 Zope 2.13.9 Zope 2.13.8 Zope 2.13 Zope 2.12.19 Zope 2.12 Plone 4.x 厂商补丁： Zope ---- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.zope.org/ Exploit Title: Plone -...

Plone Zope SAXutils Command Execution

Added: 01/13/2012 CVE: CVE-2011-3587 BID: 49857 OSVDB: 76105 Background Plone is a free and open source content management system built on top of the Zope application server. Plone can be used for any kind of website, including blogs, internet sites, webshops and internal websites. Problem Plone...

Plone Zope SAXutils Command Execution

Added: 01/13/2012 CVE: CVE-2011-3587 BID: 49857 OSVDB: 76105 Background Plone is a free and open source content management system built on top of the Zope application server. Plone can be used for any kind of website, including blogs, internet sites, webshops and internal websites. Problem Plone...

Plone and Zope XMLTools Remote Command Execution

Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2, allows remote attackers to execute arbitrary commands via vectors related to the p class in OFS/misc.py and the use of Python modules. This module requires Metasploit:...

Plone / Zope Remote Command Execution

Exploit Title: Plone - Remote Command Execution Date: 12/21/2011 Author: Nick Miles www.npenetrable.com Tested on: 12/21/2011 CVE : CVE-2011-3587 Versions Affected without hotfix: Plone 4.0 through 4.0.9; Plone 4.1; Plone 4.2 a1 and a2; Zope 2.12.x and Zope 2.13.x. Versions Not Affected: Versions...

Plone and Zope - Remote Command Execution

Plone and Zope - Remote Command Execution Exploit Title: Plone - Remote Command Execution Date: 12/21/2011 Author: Nick Miles www.npenetrable.com Tested on: 12/21/2011 CVE : CVE-2011-3587 Versions Affected without hotfix: Plone 4.0 through 4.0.9; Plone 4.1; Plone 4.2 a1 and a2; Zope 2.12.x and Zo...

Plone and Zope - Remote Command Execution

Exploit Title: Plone - Remote Command Execution Date: 12/21/2011 Author: Nick Miles www.npenetrable.com Tested on: 12/21/2011 CVE : CVE-2011-3587 Versions Affected without hotfix: Plone 4.0 through 4.0.9; Plone 4.1; Plone 4.2 a1 and a2; Zope 2.12.x and Zope 2.13.x. Versions Not Affected: Versions...

CVE-2011-3587

creationtimestamp| type| source ---|---|--- 2011-12-21 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/18262 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/plonepopen2.rb 2020-10-15 15:07:04+00:00| seen|...

Immunity Canvas: PLONE

Name| plone ---|--- CVE| CVE-2011-3587 Exploit Pack| CANVAS Description| Plone Zope Remote Command Execution Notes| CVE Name: CVE-2011-3587 Notes: Vulnerable versions include: Plone 4.0 through 4.0.9; Plone 4.1; Plone 4.2 a1 and a2; Zope 2.12.x and Zope 2.13.x. Repeatability: Infinite CVE Url:...

DSquare Exploit Pack: D2SEC_ZOPEPLONE

Name| d2seczopeplone ---|--- CVE| CVE-2011-3587 Exploit Pack| D2ExploitPack Description| Zope/Plone Remote Code Execution Vulnerability Notes|...

CVE-2011-3587

CVE-2011-3587 affects Zope 2.12.x and 2.13.x, as used by Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2. The underlying issue is an unspecified vulnerability in the p_ class in OFS/misc_.py and the use of Python modules that allows a remote attacker to execute arbitrary commands. Affected ...