CVSS: 5.3EPSS: 0%CPEs: 33EXPL: 0CVE-2013-7060
https://notcve.org/view.php?id=CVE-2013-7060
02 May 2014 — Products/CMFPlone/FactoryTool.py in Plone 3.3 through 4.3.2 allows remote attackers to obtain the installation path via vectors related to a file object for unspecified documentation which is initialized in class scope. Products/CMFPlone/FactoryTool.py en Plone 3.3 hasta 4.3.2 permite a atacantes remotos obtener la ruta de instalación a través de vectores relacionados con un objeto de archivo para documentación no especificada que es inicializada en el ámbito de clase. • http://www.openwall.com/lists/oss-security/2013/12/10/15 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 52EXPL: 0CVE-2013-4196
https://notcve.org/view.php?id=CVE-2013-4196
11 Mar 2014 — The object manager implementation (objectmanager.py) in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly restrict access to internal methods, which allows remote attackers to obtain sensitive information via a crafted request. La implementación object manager (objectmanager.py) en Plone 2.1 hasta 4.1, 4.2.x hasta 4.2.5 y 4.3.x hasta 4.3.1 no restringe debidamente acceso a los métodos internos, lo que permite a atacantes remotos obtener información sensible a través de un... • http://plone.org/products/plone-hotfix/releases/20130618 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.8EPSS: 0%CPEs: 52EXPL: 0CVE-2013-4195
https://notcve.org/view.php?id=CVE-2013-4195
11 Mar 2014 — Multiple open redirect vulnerabilities in (1) marmoset_patch.py, (2) publish.py, and (3) principiaredirect.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. Múltiples vulnerabilidades de redirección abierta en (1) marmoset_patch.py, (2) publish.py y (3) principiaredirect.py en Plone 2.1 hasta 4.1, 4.2.x hasta 4.2.5 y 4.3.x hasta 4.3.1 permiten a atacantes remotos redi... • http://plone.org/products/plone-hotfix/releases/20130618 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 52EXPL: 0CVE-2013-4193
https://notcve.org/view.php?id=CVE-2013-4193
11 Mar 2014 — typeswidget.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly enforce the immutable setting on unspecified content edit forms, which allows remote attackers to hide fields on the forms via a crafted URL. typeswidget.py en Plone 2.1 hasta 4.1, 4.2.x hasta 4.2.5 y 4.3.x hasta 4.3.1 no fuerza debidamente la configuración inmutable en formularios de editar contenido no especificados, lo que permite a atacantes remotos esconder campos en los formularios a través de una U... • http://plone.org/products/plone-hotfix/releases/20130618 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 3.5EPSS: 1%CPEs: 52EXPL: 0CVE-2013-4199
https://notcve.org/view.php?id=CVE-2013-4199
11 Mar 2014 — (1) cb_decode.py and (2) linkintegrity.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote authenticated users to cause a denial of service (resource consumption) via a large zip archive, which is expanded (decompressed). (1) cb_decode.py y (2) linkintegrity.py en Plone 2.1 hasta 4.1, 4.2.x hasta 4.2.5 y 4.3.x hasta 4.3.1 permiten a usuarios remotos autenticados causar una denegación de servicio (consumo de recursos) a través de un archivo zip grande, el cual es expandido ... • http://plone.org/products/plone-hotfix/releases/20130618 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 52EXPL: 0CVE-2013-4189
https://notcve.org/view.php?id=CVE-2013-4189
11 Mar 2014 — Multiple unspecified vulnerabilities in (1) dataitems.py, (2) get.py, and (3) traverseName.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote authenticated users with administrator access to a subtree to access nodes above the subtree via unknown vectors. Múltiples vulnerabilidades no especificadas en (1) dataitems.py, (2) get.py y (3) traverseName.py en Plone 2.1 hasta 4.1, 4.2.x hasta 4.2.5 y 4.3.x hasta 4.3.1 permiten a usuarios remotos autenticados con acceso administ... • http://plone.org/products/plone-hotfix/releases/20130618 •
CVSS: 4.3EPSS: 0%CPEs: 52EXPL: 0CVE-2013-4194
https://notcve.org/view.php?id=CVE-2013-4194
11 Mar 2014 — The WYSIWYG component (wysiwyg.py) in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote attackers to obtain sensitive information via a crafted URL, which reveals the installation path in an error message. El componente WYSIWYG (wysiwyg.py) en Plone 2.1 hasta 4.1, 4.2.x hasta 4.2.5 y 4.3.x hasta 4.3.1 permite a atacantes remotos obtener información sensible a través de una URL manipulada, lo que revela la ruta de instalación en un mensaje de error. • http://plone.org/products/plone-hotfix/releases/20130618 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 52EXPL: 0CVE-2013-4188
https://notcve.org/view.php?id=CVE-2013-4188
11 Mar 2014 — traverser.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote attackers with administrator privileges to cause a denial of service (infinite loop and resource consumption) via unspecified vectors related to "retrieving information for certain resources." traverser.py en Plone 2.1 hasta 4.1, 4.2.x hasta 4.2.5 y 4.3.x hasta 4.3.1 permite a atacantes remotos con privilegios de administrador causar una denegación de servicio (bucle infinito y consumo de recursos) a través de ... • http://plone.org/products/plone-hotfix/releases/20130618 • CWE-399: Resource Management Errors •
CVSS: 5.8EPSS: 0%CPEs: 52EXPL: 0CVE-2013-4191
https://notcve.org/view.php?id=CVE-2013-4191
11 Mar 2014 — zip.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly enforce access restrictions when including content in a zip archive, which allows remote attackers to obtain sensitive information by reading a generated archive. zip.py en Plone 2.1 hasta 4.1, 4.2.x hasta 4.2.5 y 4.3.x hasta 4.3.1 no fuerza debidamente restricciones de acceso cuando involucra contenido en un archivo zip, lo que permite a atacantes remotos obtener información sensible mediante la lectura de un ar... • http://plone.org/products/plone-hotfix/releases/20130618 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 52EXPL: 0CVE-2013-4190
https://notcve.org/view.php?id=CVE-2013-4190
11 Mar 2014 — Multiple cross-site scripting (XSS) vulnerabilities in (1) spamProtect.py, (2) pts.py, and (3) request.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de XSS en (1) spamProtect.py, (2) pts.py y (3) request.py en Plone 2.1 hasta 4.1, 4.2.x hasta 4.2.5 y 4.3.x hasta 4.3.1 permiten a atacantes remotos inyectar script Web o HTML arbitrarios a través de vectores no especific... • http://plone.org/products/plone-hotfix/releases/20130618 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •