CVSS: 8.8EPSS: 0%CPEs: 47EXPL: 3CVE-2015-7293 – Zope Management Interface 4.3.7 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2015-7293
07 Oct 2015 — Multiple cross-site request forgery (CSRF) vulnerabilities in Zope Management Interface 4.3.7 and earlier, and Plone before 5.x. Existen múltiples vulnerabilidades de Cross-Site Request Forgery (CSRF) en Zope Management Interface 4.3.7 y anteriores, así como en Plone en versiones anteriores a la 5.x. Zope Management Interface version 4.3.7 suffers from a cross site request forgery vulnerability. • https://packetstorm.news/files/id/133889 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.3EPSS: 0%CPEs: 65EXPL: 1CVE-2012-6661
https://notcve.org/view.php?id=CVE-2012-6661
03 Nov 2014 — Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, does not reseed the pseudo-random number generator (PRNG), which makes it easier for remote attackers to guess the value via unspecified vectors. NOTE: this issue was SPLIT from CVE-2012-5508 due to different vulnerability types (ADT2). Zope anterior a 2.13.19, utilizado en Plone anterior a 4.2.3 y 4.3 anterior a beta 1, no resiembra el generador de números seudo aleatorios (PRNG), lo que facilita a atacantes remotos adivinar el valor... • http://www.openwall.com/lists/oss-security/2012/11/10/1 • CWE-310: Cryptographic Issues •
CVSS: 5.3EPSS: 1%CPEs: 64EXPL: 1CVE-2012-5508
https://notcve.org/view.php?id=CVE-2012-5508
03 Nov 2014 — The error pages in Plone before 4.2.3 and 4.3 before beta 1 allow remote attackers to obtain random numbers and derive the PRNG state for password resets via unspecified vectors. NOTE: this identifier was SPLIT per ADT2 due to different vulnerability types. CVE-2012-6661 was assigned for the PRNG reseeding issue in Zope. Las páginas de errores en Plone anterior a 4.2.3 y 4.3 anterior a beta 1 permiten a atacantes remotos obtener números aleatorios y derivar el estado PRNG para la restablecimiento de contras... • http://www.openwall.com/lists/oss-security/2012/11/10/1 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 72EXPL: 0CVE-2012-5506
https://notcve.org/view.php?id=CVE-2012-5506
30 Sep 2014 — python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to cause a denial of service (infinite loop) via an RSS feed request for a folder the user does not have permission to access. python_scripts.py en Plone anterior a 4.2.3 y 4.3 anterior a beta 1 permite a atacantes remotos causar una denegación de servicio (bucle infinito) a través de una solicitud de alimentación RSS para una carpeta al cual el usuario no tiene permiso de acceso. • http://www.openwall.com/lists/oss-security/2012/11/10/1 • CWE-399: Resource Management Errors •
CVSS: 5.3EPSS: 0%CPEs: 72EXPL: 0CVE-2012-5503
https://notcve.org/view.php?id=CVE-2012-5503
30 Sep 2014 — ftp.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read hidden folder contents via unspecified vectors. ftp.py en Plone anterior a 4.2.3 y 4.3 anterior a beta 1 permite a atacantes remotos leer el contenido de carpetas escondidas a través de vectores no especificados. • http://www.openwall.com/lists/oss-security/2012/11/10/1 •
CVSS: 5.3EPSS: 0%CPEs: 72EXPL: 0CVE-2012-5495
https://notcve.org/view.php?id=CVE-2012-5495
30 Sep 2014 — python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to "go_back." python_scripts.py en Plone anterior a 4.2.3 y 4.3 anterior a beta 1 permite a atacantes remotos ejecutar código Python a través de una URL manipulada, relacionado con 'go_back.' • http://www.openwall.com/lists/oss-security/2012/11/10/1 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.5EPSS: 0%CPEs: 72EXPL: 0CVE-2012-5487
https://notcve.org/view.php?id=CVE-2012-5487
30 Sep 2014 — The sandbox whitelisting function (allowmodule.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain privileges to bypass the Python sandbox restriction and execute arbitrary Python code via vectors related to importing. La función sandbox whitelisting (allowmodule.py) en Plone anterior a 4.2.3 y 4.3 anterior a beta 1 permite a usuarios remotos autenticados con ciertos privilegios evadir la restricción sandbox de Python y ejecutar código Python arbitrario a través de... • http://www.openwall.com/lists/oss-security/2012/11/10/1 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.3EPSS: 0%CPEs: 72EXPL: 0CVE-2012-5501
https://notcve.org/view.php?id=CVE-2012-5501
30 Sep 2014 — at_download.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read arbitrary BLOBs (Files and Images) stored on custom content types via a crafted URL. at_download.py en Plone anterior a 4.2.3 y 4.3 anterior a beta 1 permite a atacantes remotos leer BLOBs arbitrarios (ficheros y imágenes) almacenados en tipos de contenidos personalizados a través de una URL manipulada. • http://www.openwall.com/lists/oss-security/2012/11/10/1 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.3EPSS: 0%CPEs: 72EXPL: 0CVE-2012-5505
https://notcve.org/view.php?id=CVE-2012-5505
30 Sep 2014 — atat.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read private data structures via a request for a view without a name. atat.py en Plone anterior a 4.2.3 y 4.3 anterior a beta 1 permite a atacantes remotos leer estructuras de datos privados a través de una solicitud para una visualización sin nombre. • http://www.openwall.com/lists/oss-security/2012/11/10/1 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.5EPSS: 0%CPEs: 72EXPL: 0CVE-2012-5493
https://notcve.org/view.php?id=CVE-2012-5493
30 Sep 2014 — gtbn.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain permissions to bypass the Python sandbox and execute arbitrary Python code via unspecified vectors. gtbn.py en Plone anterior a 4.2.3 y 4.3 anterior a beta 1 permite a usuarios remotos autenticados con ciertos permisos evadir el sandbox de Python y ejecutar código Python arbitrario a través de vectores no especificados. • http://www.openwall.com/lists/oss-security/2012/11/10/1 • CWE-94: Improper Control of Generation of Code ('Code Injection') •