Lucene search
K

4 matches found

CVE
CVE
added 2014/03/11 3:0 p.m.52 views

CVE-2013-4197

Plone CVE-2013-4197 affects member_portrait.py in Plone 2.1–4.1, 4.2.x–4.2.5, and 4.3.x–4.3.1. The issue allows remote authenticated users to modify or delete portraits of other users via unspecified vectors due to an access-control weakness. No exploitation details or direct fix are provided in ...

5.5CVSS6.3AI score0.01255EPSS
Exploits0References4Affected Software1
OpenVAS
OpenVAS
added 2008/01/17 12:0 a.m.18 views

Debian Security Advisory DSA 1032-1 (zope-cmfplone)

The remote host is missing an update to zope-cmfplone announced via advisory DSA 1032-1. It was discovered that the Plone content management system lacks security declarations for three internal classes. This allows manipulation of user portraits by unprivileged users. The old stable distribution...

5CVSS0.4AI score0.03891EPSS
Exploits0
Debian
Debian
added 2006/04/12 12:48 p.m.20 views

[SECURITY] [DSA 1032-1] New zope-cmfplone packages fix unprivileged data manipulation

-------------------------------------------------------------------------- Debian Security Advisory DSA 1032-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff April 12th, 2006 http://www.debian.org/security/faq -...

5CVSS6.2AI score0.03891EPSS
Exploits0
NVD
NVD
added 2006/04/11 6:6 p.m.22 views

CVE-2006-1711

Plone 2.0.5, 2.1.2, and 2.5-beta1 does not restrict access to the 1 changeMemberPortrait, 2 deletePersonalPortrait, and 3 testCurrentPassword methods, which allows remote attackers to modify portraits...

5CVSS6.4AI score0.03891EPSS
Exploits0References8
Rows per page
Query Builder