Plone vulnerable to privilege escalation in WebDAV

Plone 4.0 through 5.1a1 does not have security declarations for Dexterity content-related WebDAV requests, which allows remote attackers to gain webdav access via unspecified vectors...

PYSEC-2017-55

Plone 4.0 through 5.1a1 does not have security declarations for Dexterity content-related WebDAV requests, which allows remote attackers to gain webdav access via unspecified vectors...

CVE-2016-4041

Plone 4.0 through 5.1a1 does not have security declarations for Dexterity content-related WebDAV requests, which allows remote attackers to gain webdav access via unspecified vectors...

CVE-2016-4041

Plone 4.0 through 5.1a1 does not have security declarations for Dexterity content-related WebDAV requests, which allows remote attackers to gain webdav access via unspecified vectors...

Debian Security Advisory DSA 1032-1 (zope-cmfplone)

The remote host is missing an update to zope-cmfplone announced via advisory DSA 1032-1. It was discovered that the Plone content management system lacks security declarations for three internal classes. This allows manipulation of user portraits by unprivileged users. The old stable distribution...

plone -- "member_id" Parameter Portrait Manipulation Vulnerability

Secunia reports: The vulnerability is caused due to missing security declarations in "changeMemberPortrait" and "deletePersonalPortrait". This can be exploited to manipulate or delete another user's portrait via the "memberid" parameter...

[SECURITY] [DSA 1032-1] New zope-cmfplone packages fix unprivileged data manipulation

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 1032-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff April 12th, 2006 http://www.debian.org/security/faq -...