4 matches found
CVE-2013-4197
Plone CVE-2013-4197 affects member_portrait.py in Plone 2.1–4.1, 4.2.x–4.2.5, and 4.3.x–4.3.1. The issue allows remote authenticated users to modify or delete portraits of other users via unspecified vectors due to an access-control weakness. No exploitation details or direct fix are provided in ...
Debian Security Advisory DSA 1032-1 (zope-cmfplone)
The remote host is missing an update to zope-cmfplone announced via advisory DSA 1032-1. It was discovered that the Plone content management system lacks security declarations for three internal classes. This allows manipulation of user portraits by unprivileged users. The old stable distribution...
[SECURITY] [DSA 1032-1] New zope-cmfplone packages fix unprivileged data manipulation
-------------------------------------------------------------------------- Debian Security Advisory DSA 1032-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff April 12th, 2006 http://www.debian.org/security/faq -...
CVE-2006-1711
Plone 2.0.5, 2.1.2, and 2.5-beta1 does not restrict access to the 1 changeMemberPortrait, 2 deletePersonalPortrait, and 3 testCurrentPassword methods, which allows remote attackers to modify portraits...