Page 5 of 66 results (0.006 seconds)

CVSS: 5.0EPSS: 0%CPEs: 65EXPL: 1

Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, does not reseed the pseudo-random number generator (PRNG), which makes it easier for remote attackers to guess the value via unspecified vectors. NOTE: this issue was SPLIT from CVE-2012-5508 due to different vulnerability types (ADT2). Zope anterior a 2.13.19, utilizado en Plone anterior a 4.2.3 y 4.3 anterior a beta 1, no resiembra el generador de números seudo aleatorios (PRNG), lo que facilita a atacantes remotos adivinar el valor a través de vectores no especificados. NOTA: este problema fue dividido (SPLIT) de CVE-2012-5508 debido a tipos diferentes de vulnerabilidades (ADT2). • http://www.openwall.com/lists/oss-security/2012/11/10/1 https://bugs.launchpad.net/zope2/+bug/1071067 https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt https://plone.org/products/plone-hotfix/releases/20121124 https://plone.org/products/plone/security/advisories/20121106/24 • CWE-310: Cryptographic Issues •

CVSS: 8.5EPSS: 0%CPEs: 72EXPL: 0

gtbn.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain permissions to bypass the Python sandbox and execute arbitrary Python code via unspecified vectors. gtbn.py en Plone anterior a 4.2.3 y 4.3 anterior a beta 1 permite a usuarios remotos autenticados con ciertos permisos evadir el sandbox de Python y ejecutar código Python arbitrario a través de vectores no especificados. • http://www.openwall.com/lists/oss-security/2012/11/10/1 https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt https://plone.org/products/plone-hotfix/releases/20121106 https://plone.org/products/plone/security/advisories/20121106/09 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 8.5EPSS: 0%CPEs: 72EXPL: 0

The sandbox whitelisting function (allowmodule.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain privileges to bypass the Python sandbox restriction and execute arbitrary Python code via vectors related to importing. La función sandbox whitelisting (allowmodule.py) en Plone anterior a 4.2.3 y 4.3 anterior a beta 1 permite a usuarios remotos autenticados con ciertos privilegios evadir la restricción sandbox de Python y ejecutar código Python arbitrario a través de vectores relacionados con la importación. • http://www.openwall.com/lists/oss-security/2012/11/10/1 https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt https://plone.org/products/plone-hotfix/releases/20121106 https://plone.org/products/plone/security/advisories/20121106/03 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 5.0EPSS: 0%CPEs: 72EXPL: 0

ftp.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read hidden folder contents via unspecified vectors. ftp.py en Plone anterior a 4.2.3 y 4.3 anterior a beta 1 permite a atacantes remotos leer el contenido de carpetas escondidas a través de vectores no especificados. • http://www.openwall.com/lists/oss-security/2012/11/10/1 https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt https://plone.org/products/plone-hotfix/releases/20121106 https://plone.org/products/plone/security/advisories/20121106/19 •

CVSS: 5.0EPSS: 0%CPEs: 49EXPL: 0

kupu_spellcheck.py in Kupu in Plone before 4.0 allows remote attackers to cause a denial of service (ZServer thread lock) via a crafted URL. kupu_spellcheck.py en Kupu en Plone anterior a 4.0 permite a atacantes remotos causar una denegación de servicio (bloqueo del hilo ZServer) a través de una URL manipulada. • http://www.openwall.com/lists/oss-security/2012/11/10/1 https://github.com/plone/Products.CMFPlone/blob/4.2.3/docs/CHANGES.txt https://plone.org/products/plone-hotfix/releases/20121106 https://plone.org/products/plone/security/advisories/20121106/12 • CWE-399: Resource Management Errors •