Total
104 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-5741 | 1 Plone | 1 Plone | 2024-11-21 | 7.5 HIGH | N/A |
| Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to execute arbitrary Python code via network data containing pickled objects for the (1) statusmessages or (2) linkintegrity module, which the module unpickles and executes. | |||||
| CVE-2006-4249 | 1 Plone | 1 Plone | 2024-11-21 | 4.3 MEDIUM | N/A |
| Unspecified vulnerability in PlonePAS in Plone 2.5 and 2.5.1, when anonymous member registration is enabled, allows an attacker to "masquerade as a group." | |||||
| CVE-2006-4247 | 1 Plone | 1 Plone | 2024-11-21 | 6.4 MEDIUM | N/A |
| Unspecified vulnerability in the Password Reset Tool before 0.4.1 on Plone 2.5 and 2.5.1 Release Candidate allows attackers to reset the passwords of other users, related to "an erroneous security declaration." | |||||
| CVE-2006-1711 | 1 Plone | 1 Plone | 2024-11-21 | 5.0 MEDIUM | N/A |
| Plone 2.0.5, 2.1.2, and 2.5-beta1 does not restrict access to the (1) changeMemberPortrait, (2) deletePersonalPortrait, and (3) testCurrentPassword methods, which allows remote attackers to modify portraits. | |||||