CVE-2013-7061
https://notcve.org/view.php?id=CVE-2013-7061
Products/CMFPlone/CatalogTool.py in Plone 3.3 through 4.3.2 allows remote administrators to bypass restrictions and obtain sensitive information via an unspecified search API. Products/CMFPlone/CatalogTool.py en Plone 3.3 hasta 4.3.2 permite a administradores remotos evadir restricciones y obtener información sensible a través de una API de búsqueda no especificada. • http://www.openwall.com/lists/oss-security/2013/12/10/15 http://www.openwall.com/lists/oss-security/2013/12/12/3 https://plone.org/security/20131210/catalogue-exposure • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2013-7060
https://notcve.org/view.php?id=CVE-2013-7060
Products/CMFPlone/FactoryTool.py in Plone 3.3 through 4.3.2 allows remote attackers to obtain the installation path via vectors related to a file object for unspecified documentation which is initialized in class scope. Products/CMFPlone/FactoryTool.py en Plone 3.3 hasta 4.3.2 permite a atacantes remotos obtener la ruta de instalación a través de vectores relacionados con un objeto de archivo para documentación no especificada que es inicializada en el ámbito de clase. • http://www.openwall.com/lists/oss-security/2013/12/10/15 http://www.openwall.com/lists/oss-security/2013/12/12/3 https://plone.org/security/20131210/path-leak • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2013-4195
https://notcve.org/view.php?id=CVE-2013-4195
Multiple open redirect vulnerabilities in (1) marmoset_patch.py, (2) publish.py, and (3) principiaredirect.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Múltiples vulnerabilidades de redirección abierta en (1) marmoset_patch.py, (2) publish.py y (3) principiaredirect.py en Plone 2.1 hasta 4.1, 4.2.x hasta 4.2.5 y 4.3.x hasta 4.3.1 permiten a atacantes remotos redirigir usuarios a sitios web arbitrarios y realizar ataques de phishing a través de vectores no especificados. • http://plone.org/products/plone-hotfix/releases/20130618 http://plone.org/products/plone/security/advisories/20130618-announcement http://seclists.org/oss-sec/2013/q3/261 https://bugzilla.redhat.com/show_bug.cgi?id=978471 • CWE-20: Improper Input Validation •
CVE-2013-4191
https://notcve.org/view.php?id=CVE-2013-4191
zip.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly enforce access restrictions when including content in a zip archive, which allows remote attackers to obtain sensitive information by reading a generated archive. zip.py en Plone 2.1 hasta 4.1, 4.2.x hasta 4.2.5 y 4.3.x hasta 4.3.1 no fuerza debidamente restricciones de acceso cuando involucra contenido en un archivo zip, lo que permite a atacantes remotos obtener información sensible mediante la lectura de un archivo generado. • http://plone.org/products/plone-hotfix/releases/20130618 http://plone.org/products/plone/security/advisories/20130618-announcement http://seclists.org/oss-sec/2013/q3/261 https://bugzilla.redhat.com/show_bug.cgi?id=978453 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2013-4192
https://notcve.org/view.php?id=CVE-2013-4192
sendto.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to spoof emails via unspecified vectors. sendto.py en Plone 2.1 hasta 4.1, 4.2.x hasta 4.2.5 y 4.3.x hasta 4.3.1 permite a usuarios remotos autenticados falsificar emails a través de vectores no especificados. • http://plone.org/products/plone-hotfix/releases/20130618 http://plone.org/products/plone/security/advisories/20130618-announcement http://seclists.org/oss-sec/2013/q3/261 https://bugzilla.redhat.com/show_bug.cgi?id=978464 • CWE-20: Improper Input Validation •