CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2006-4247
https://notcve.org/view.php?id=CVE-2006-4247
29 Sep 2006 — Unspecified vulnerability in the Password Reset Tool before 0.4.1 on Plone 2.5 and 2.5.1 Release Candidate allows attackers to reset the passwords of other users, related to "an erroneous security declaration." Vulnerabilidad no especificada en el Password Reset Tool anterior a 0.4.1 sobre Plone 2.5 y 2.5.1 Release Candidate, permite a un atacante remoto reiniciar las contraseñas de otros usuarios, relacionado con "una declaración erronea de seguridad". • http://plone.org/about/security/advisories/cve-2006-4247 •
CVSS: 7.5EPSS: 14%CPEs: 3EXPL: 1CVE-2006-1711 – Plone 2.x - MembershipTool Access Control Bypass
https://notcve.org/view.php?id=CVE-2006-1711
11 Apr 2006 — Plone 2.0.5, 2.1.2, and 2.5-beta1 does not restrict access to the (1) changeMemberPortrait, (2) deletePersonalPortrait, and (3) testCurrentPassword methods, which allows remote attackers to modify portraits. • https://www.exploit-db.com/exploits/27630 •