CVSS: 6.5EPSS: 0%CPEs: 109EXPL: 0CVE-2012-5489
https://notcve.org/view.php?id=CVE-2012-5489
30 Sep 2014 — The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 3.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via unspecified vectors. La función App.Undo.UndoSupport.get_request_var_or_attr en Zope anterior a 2.12.21 y 3.13.x anterior a 2.13.11, utilizado en Plone anterior a 4.2.3 y 4.3 anterior a beta 1, permite a usuarios remotos autenticados ganar el acceso a atributos restringido... • http://www.openwall.com/lists/oss-security/2012/11/10/1 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 72EXPL: 0CVE-2012-5490
https://notcve.org/view.php?id=CVE-2012-5490
30 Sep 2014 — Cross-site scripting (XSS) vulnerability in kssdevel.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en kssdevel.py en Plone anterior a 4.2.3 y 4.3 anterior a beta 1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://www.openwall.com/lists/oss-security/2012/11/10/1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 72EXPL: 0CVE-2012-5491
https://notcve.org/view.php?id=CVE-2012-5491
30 Sep 2014 — z3c.form, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain the default form field values by leveraging knowledge of the form location and the element id. z3c.form, utilizado en Plone anterior a 4.2.3 y 4.3 anterior a beta 1, permite a atacantes remotos obtener los valores de los campos de formularios por defecto medinate el aprovechamiento de conocimientos de la localización de formularios y el elemento id. • http://www.openwall.com/lists/oss-security/2012/11/10/1 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 72EXPL: 0CVE-2012-5492
https://notcve.org/view.php?id=CVE-2012-5492
30 Sep 2014 — uid_catalog.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to obtain metadata about hidden objects via a crafted URL. uid_catalog.py en Plone anterior a 4.2.3 y 4.3 anterior a beta 1 permite a atacantes remotos obtener metadatos sobre objetos escondidos a través de una URL manipulada. • http://www.openwall.com/lists/oss-security/2012/11/10/1 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.5EPSS: 0%CPEs: 72EXPL: 0CVE-2012-5493
https://notcve.org/view.php?id=CVE-2012-5493
30 Sep 2014 — gtbn.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain permissions to bypass the Python sandbox and execute arbitrary Python code via unspecified vectors. gtbn.py en Plone anterior a 4.2.3 y 4.3 anterior a beta 1 permite a usuarios remotos autenticados con ciertos permisos evadir el sandbox de Python y ejecutar código Python arbitrario a través de vectores no especificados. • http://www.openwall.com/lists/oss-security/2012/11/10/1 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.3EPSS: 0%CPEs: 72EXPL: 0CVE-2012-5494
https://notcve.org/view.php?id=CVE-2012-5494
30 Sep 2014 — Cross-site scripting (XSS) vulnerability in python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to "{u,}translate." Vulnerabilidad de XSS en python_scripts.py en Plone anterior a 4.2.3 y 4.3 anterior a beta 1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados, relacionado con '{u,}translate.' • http://www.openwall.com/lists/oss-security/2012/11/10/1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 72EXPL: 0CVE-2012-5495
https://notcve.org/view.php?id=CVE-2012-5495
30 Sep 2014 — python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to "go_back." python_scripts.py en Plone anterior a 4.2.3 y 4.3 anterior a beta 1 permite a atacantes remotos ejecutar código Python a través de una URL manipulada, relacionado con 'go_back.' • http://www.openwall.com/lists/oss-security/2012/11/10/1 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: 49EXPL: 0CVE-2012-5496
https://notcve.org/view.php?id=CVE-2012-5496
30 Sep 2014 — kupu_spellcheck.py in Kupu in Plone before 4.0 allows remote attackers to cause a denial of service (ZServer thread lock) via a crafted URL. kupu_spellcheck.py en Kupu en Plone anterior a 4.0 permite a atacantes remotos causar una denegación de servicio (bloqueo del hilo ZServer) a través de una URL manipulada. • http://www.openwall.com/lists/oss-security/2012/11/10/1 • CWE-399: Resource Management Errors •
CVSS: 5.3EPSS: 0%CPEs: 72EXPL: 0CVE-2012-5501
https://notcve.org/view.php?id=CVE-2012-5501
30 Sep 2014 — at_download.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read arbitrary BLOBs (Files and Images) stored on custom content types via a crafted URL. at_download.py en Plone anterior a 4.2.3 y 4.3 anterior a beta 1 permite a atacantes remotos leer BLOBs arbitrarios (ficheros y imágenes) almacenados en tipos de contenidos personalizados a través de una URL manipulada. • http://www.openwall.com/lists/oss-security/2012/11/10/1 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 3.5EPSS: 0%CPEs: 72EXPL: 0CVE-2012-5502
https://notcve.org/view.php?id=CVE-2012-5502
30 Sep 2014 — Cross-site scripting (XSS) vulnerability in safe_html.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with permissions to edit content to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en safe_html.py en Plone anterior a 4.2.3 y 4.3 anterior a beta 1 permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://www.openwall.com/lists/oss-security/2012/11/10/1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •