23 matches found
EUVD-2017-0086
Malware in sbrugna...
EUVD-2014-0049
Malware in sbrugna...
EUVD-2014-0069
Malware in sbrugna...
EUVD-2017-0089
Malware in sbrugna...
EUVD-2020-0139
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2015-7315
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.0 through 4.3.6, and 5.0rc1 allows remote attackers to add a new...
VulnCheck KEV: CVE-2011-3587
Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2, allows remote attackers to execute arbitrary commands via vectors related to the p class in OFS/misc.py and the use of Python modules...
PYSEC-2020-87
plone.restapi in Plone 5.2.0 through 5.2.1 allows users with a certain privilege level to escalate their privileges up to the highest level...
PYSEC-2020-90
A privilege escalation issue in plone.app.contenttypes in Plone 4.3 through 5.2.1 allows users to PUT overwrite some content without needing write permission...
PYSEC-2020-88
SQL Injection in DTML or in connection objects in Plone 4.0 through 5.2.1 allows users to perform unwanted SQL queries. This is a problem in Zope...
PYSEC-2017-53
Cross-site scripting XSS vulnerability in Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, 4.2.0 through 4.2.7, 4.3.x before 4.3.7, and 5.0rc1...
PYSEC-2017-54
Plone 3.3.0 through 3.3.6 allows remote attackers to inject headers into HTTP responses...
Plone Incompletely Fixes Cross-Site Scripting Vulnerability
Plone is the United States Plone Foundation's set of free and open source content management system CMS built on Zope based on Python's open source object-oriented Web application server.Zope ZMI is one of the management interface. A cross-site scripting vulnerability exists in the managefindResu...
PYSEC-2017-64
Cross-site scripting XSS vulnerability in the managefindResult component in the search feature in Zope ZMI in Plone before 4.3.12 and 5.x before 5.0.7 allows remote attackers to inject arbitrary web script or HTML via vectors involving double quotes, as demonstrated by the objids:tokens parameter...
PT-2014-2313 · Plone +2 · Plone +2
Name of the Vulnerable Software and Affected Versions: Zope versions prior to 2.13.19 Plone versions prior to 4.3 beta 1 Description: The issue allows remote attackers to inject arbitrary HTTP headers via a linefeed LF character in the ZPublisher.HTTPRequest. scrubHeader function. Recommendations...
PYSEC-2014-63
1 cbdecode.py and 2 linkintegrity.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote authenticated users to cause a denial of service resource consumption via a large zip archive, which is expanded decompressed...
PYSEC-2014-58
The WYSIWYG component wysiwyg.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote attackers to obtain sensitive information via a crafted URL, which reveals the installation path in an error message...
Plone and Zope - Remote Command Execution
Exploit Title: Plone - Remote Command Execution Date: 12/21/2011 Author: Nick Miles www.npenetrable.com Tested on: 12/21/2011 CVE : CVE-2011-3587 Versions Affected without hotfix: Plone 4.0 through 4.0.9; Plone 4.1; Plone 4.2 a1 and a2; Zope 2.12.x and Zope 2.13.x. Versions Not Affected: Versions...
PYSEC-2011-27
The CMFEditions component 2.x in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2 does not prevent the KwAsAttributes classes from being publishable, which allows remote attackers to access sub-objects via unspecified vectors, a different vulnerability than CVE-2011-3587...
PYSEC-2011-26
Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2, allows remote attackers to execute arbitrary commands via vectors related to the p class in OFS/misc.py and the use of Python modules...