CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2006-4247
https://notcve.org/view.php?id=CVE-2006-4247
Unspecified vulnerability in the Password Reset Tool before 0.4.1 on Plone 2.5 and 2.5.1 Release Candidate allows attackers to reset the passwords of other users, related to "an erroneous security declaration." Vulnerabilidad no especificada en el Password Reset Tool anterior a 0.4.1 sobre Plone 2.5 y 2.5.1 Release Candidate, permite a un atacante remoto reiniciar las contraseñas de otros usuarios, relacionado con "una declaración erronea de seguridad". • http://plone.org/about/security/advisories/cve-2006-4247 •
CVSS: 5.0EPSS: 14%CPEs: 3EXPL: 1CVE-2006-1711 – Plone 2.x - MembershipTool Access Control Bypass
https://notcve.org/view.php?id=CVE-2006-1711
Plone 2.0.5, 2.1.2, and 2.5-beta1 does not restrict access to the (1) changeMemberPortrait, (2) deletePersonalPortrait, and (3) testCurrentPassword methods, which allows remote attackers to modify portraits. • https://www.exploit-db.com/exploits/27630 http://dev.plone.org/plone/ticket/5432 http://secunia.com/advisories/19633 http://secunia.com/advisories/19640 http://www.debian.org/security/2006/dsa-1032 http://www.securityfocus.com/bid/17484 http://www.vupen.com/english/advisories/2006/1340 https://exchange.xforce.ibmcloud.com/vulnerabilities/25781 https://svn.plone.org/svn/plone/PloneHotfix20060410/trunk/README.txt •