Page 11 of 102 results (0.006 seconds)

CVSS: 8.5EPSS: 0%CPEs: 72EXPL: 0

The sandbox whitelisting function (allowmodule.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain privileges to bypass the Python sandbox restriction and execute arbitrary Python code via vectors related to importing. La función sandbox whitelisting (allowmodule.py) en Plone anterior a 4.2.3 y 4.3 anterior a beta 1 permite a usuarios remotos autenticados con ciertos privilegios evadir la restricción sandbox de Python y ejecutar código Python arbitrario a través de vectores relacionados con la importación. • http://www.openwall.com/lists/oss-security/2012/11/10/1 https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt https://plone.org/products/plone-hotfix/releases/20121106 https://plone.org/products/plone/security/advisories/20121106/03 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.0EPSS: 0%CPEs: 72EXPL: 0

ftp.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read hidden folder contents via unspecified vectors. ftp.py en Plone anterior a 4.2.3 y 4.3 anterior a beta 1 permite a atacantes remotos leer el contenido de carpetas escondidas a través de vectores no especificados. • http://www.openwall.com/lists/oss-security/2012/11/10/1 https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt https://plone.org/products/plone-hotfix/releases/20121106 https://plone.org/products/plone/security/advisories/20121106/19 •

CVSS: 5.0EPSS: 0%CPEs: 49EXPL: 0

kupu_spellcheck.py in Kupu in Plone before 4.0 allows remote attackers to cause a denial of service (ZServer thread lock) via a crafted URL. kupu_spellcheck.py en Kupu en Plone anterior a 4.0 permite a atacantes remotos causar una denegación de servicio (bloqueo del hilo ZServer) a través de una URL manipulada. • http://www.openwall.com/lists/oss-security/2012/11/10/1 https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt https://plone.org/products/plone-hotfix/releases/20121106 https://plone.org/products/plone/security/advisories/20121106/12 • CWE-399: Resource Management Errors •

CVSS: 5.0EPSS: 0%CPEs: 72EXPL: 0

python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to cause a denial of service (infinite loop) via an RSS feed request for a folder the user does not have permission to access. python_scripts.py en Plone anterior a 4.2.3 y 4.3 anterior a beta 1 permite a atacantes remotos causar una denegación de servicio (bucle infinito) a través de una solicitud de alimentación RSS para una carpeta al cual el usuario no tiene permiso de acceso. • http://www.openwall.com/lists/oss-security/2012/11/10/1 https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt https://plone.org/products/plone-hotfix/releases/20121106 https://plone.org/products/plone/security/advisories/20121106/22 • CWE-399: Resource Management Errors •

CVSS: 4.3EPSS: 0%CPEs: 72EXPL: 0

Cross-site scripting (XSS) vulnerability in widget_traversal.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en widget_traversal.py en Plone anterior a 4.2.3 y 4.3 anterior a beta 1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://www.openwall.com/lists/oss-security/2012/11/10/1 https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt https://plone.org/products/plone-hotfix/releases/20121106 https://plone.org/products/plone/security/advisories/20121106/20 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •