8 matches found
PYSEC-2026-764 High severity vulnerability that affects Plone and Zope2
Unspecified vulnerability in 1 Zope 2.12.x before 2.12.19 and 2.13.x before 2.13.8, as used in Plone 4.x and other products, and 2 PloneHotfix20110720 for Plone 3.x allows attackers to gain privileges via unspecified vectors, related to a "highly serious vulnerability." NOTE: this vulnerability...
EUVD-2014-0051
Malware in sbrugna...
CVE-2024-22889
Due to incorrect access control in Plone version v6.0.9, remote attackers can view and list all files hosted on the website via sending a crafted request...
CVE-2024-22889
Due to incorrect access control in Plone version v6.0.9, remote attackers can view and list all files hosted on the website via sending a crafted request...
Plone Security Vulnerability
Plone is an open source content management system CMS built on the Zope application server. A security vulnerability exists in Plone version 5.2.13 that stems from allowing remote code execution via incorrect validation of HOST header input...
PYSEC-2020-246
Plone before 5.2.3 allows XXE attacks via a feature that is explicitly only available to the Manager role...
PYSEC-2018-73
By linking to a specific url in Plone 2.5-5.1rc1 with a parameter, an attacker could send you to his own website. On its own this is not so bad: the attacker could more easily link directly to his own website instead. But in combination with another attack, you could be sent to the Plone login fo...
PT-2014-2324 · Plone Foundation +1 · Plone +1
Name of the Vulnerable Software and Affected Versions: Plone versions prior to 4.2.3 Plone versions 4.3 prior to beta 1 Description: The issue allows remote attackers to enumerate user account names via a crafted URL. This is related to the membership tool.py script. Recommendations: For Plone...