EUVD-2011-0019

Malware in sbrugna...

CVE-2013-4191

zip.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly enforce access restrictions when including content in a zip archive, which allows remote attackers to obtain sensitive information by reading a generated archive...

Plone and Zope - Remote Command Execution

Plone and Zope - Remote Command Execution Exploit Title: Plone - Remote Command Execution Date: 12/21/2011 Author: Nick Miles www.npenetrable.com Tested on: 12/21/2011 CVE : CVE-2011-3587 Versions Affected without hotfix: Plone 4.0 through 4.0.9; Plone 4.1; Plone 4.2 a1 and a2; Zope 2.12.x and Zo...

Design/Logic Flaw

Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2, allows remote attackers to execute arbitrary commands via vectors related to the p class in OFS/misc.py and the use of Python modules...

Zope未明安全绕过漏洞

Bugtraq ID: 48498 Zope是一款开放源代码的WEB应用服务器。 Zope存在一个未明错误，允许攻击者绕过安全限制未授权访问应用服务器。 目前没有详细漏洞细节提供。 Zope Zope 2.12.3 Zope Zope 2.13 Zope Zope 2.12 Plone Plone 3.3.5 Plone Plone 3.3.4 Plone Plone 3.3.3 Plone Plone 3.3.2 Plone Plone 3.3.1 Plone Plone 3.2.3 Plone Plone 3.2.2 Plone Plone 3.1.6 Plone Plone 3.0...

CVE-2011-1948

Cross-site scripting XSS vulnerability in Plone 4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL...

CVE-2011-1948

Cross-site scripting XSS vulnerability in Plone 4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL...

Cross site scripting

Cross-site scripting XSS vulnerability in the safehtml filter in Products.PortalTransforms in Plone 2.1 through 4.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2010-2422...

Design/Logic Flaw

plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as exploited in the wild in June 2011...

CVE-2011-1948

CVE-2011-1948 is a documented cross-site scripting (XSS) vulnerability affecting Plone 4.1 and earlier, where a crafted URL could cause remote attackers to inject arbitrary web script or HTML. Several connected sources corroborate XSS in Plone-related components (e.g., GHSA- P7H9-VF92-5FJ5 and re...

CVE-2011-1949

CVE-2011-1949 is a Plone XSS issue in the PortalTransforms safe_html filter (Plone 2.1–4.1). The vulnerability allows remote authenticated users to inject arbitrary script or HTML via unspecified vectors, caused by the safe_html transform path. This is described as a different vulnerability from ...

CVE-2011-1948

Cross-site scripting XSS vulnerability in Plone 4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted URL...