Plone version 5.0.5 suffers from a cross site scripting vulnerability.
f23f365ad7be4890c9801cbb5c09c3060407d0b8d444fc6d52637f10df958c28Plone CMS version 5.2.3 suffers from a persistent cross site scripting vulnerability.
8ae74e8ce03f77c2aacf762bcb74285351b79da04e86298c9c7fd3d677d930c8Plone CMS versions 4.3.11 and below and versions 5.0.6 and below suffer from cross site scripting, open redirection, and path traversal vulnerabilities.
7eddc9c56db82733428ab5449f625b5f1fb7cded46d37d40ff878f1154123451Red Hat Security Advisory 2014-1194-01 - The Conga project is a management system for remote workstations. It consists of luci, which is a secure web-based front end, and ricci, which is a secure daemon that dispatches incoming messages to underlying management modules. It was discovered that Plone, included as a part of luci, did not properly protect the administrator interface. A remote attacker could use this flaw to inject a specially crafted Python statement or script into Plone's restricted Python sandbox that, when the administrator interface was accessed, would be executed with the privileges of that administrator user.
d2b4a051b06967cb7e9e03441e16eaa7fdb2d3261a4d22c3444f5f96f9dca83ePlone CMS suffers from a URL redirection credential disclosure vulnerability.
c8126f47351b05580931419b3561fe0a88c1f95cf8946c7dcd4656a6d3036dc7Secunia Security Advisory - Some vulnerabilities have been reported in Plone, which can be exploited by malicious people to bypass certain security restrictions and compromise a vulnerable system.
b9f1b973d49d1d98aee72bb89245dac083d4cac44cba025f3ee585dcb9633775Plown is a security scanner for Plone CMS. Although Plone has the best security track record of any major CMS and is considered highly secure, misconfigurations and weak passwords might enable system break-ins. Plown has been developed to ease the discovery of usernames and passwords, and act as an assistant to system administrators to strengthen their Plone sites.
49b65aa4f0f52ef71f03cc8968519322ebf0529377bec261d23cc1024bf2747eSecunia Security Advisory - A vulnerability has been reported in Plone, which can be exploited by malicious people to cause a DoS (Denial of Service).
4a2ac19c6da13d24fad94b3772255813440486cb2bb53265c54ecf6462b2d393Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2, allows remote attackers to execute arbitrary commands via vectors related to the p_ class in OFS/misc_.py and the use of Python modules.
d488e05390fc02274354b9eb2deb35cb28a9702082aeccf1b3d64435758ea353Proof of concept code that demonstrates a remote command execution in Plone versions 4.0 through 4.0.9, 4.1, 4.2 (a1 and a2) and Zope versions 2.12.x and 2.13.x.
233198580f60b5c19807e7dc79ce1f1aaf6a9b1290ddd21adb2e624fea5f177dSecunia Security Advisory - Two vulnerabilities have been reported in Plone, which can be exploited by malicious people to compromise a vulnerable system.
f8662c63e85559c5dcd95b3a2045d2da4a05f204647ace39ae6655b2c5ee4791Secunia Security Advisory - A vulnerability has been reported in Plone, which can be exploited by malicious users to bypass certain security restrictions.
d54634d80561ac75bc6641bafcc3cd06e3a82bcdd0b2e84fdb98949a32899fcdSecunia Security Advisory - Two vulnerabilities have been reported in Plone, which can be exploited by malicious people to conduct cross-site scripting and script insertion attacks.
1c424e324557afe248806d09fa2531c149ba420502f6c57bc130bc19d0927769Secunia Security Advisory - Some vulnerabilities have been reported in Plone, which can be exploited by malicious users to bypass certain security restrictions and by malicious people to conduct cross-site scripting and script insertion attacks
49f66b3908413a7d31d03fbf1e0dc579d48e39a800cb85950ee3731feefc3e82A vulnerability in Plone versions 2.5 through 4.0 allows anonymous users to gain manager access to a Plone site.
79e092e1d534a28ffd0d9972fb4e03acfded23d325e25ac7e9e8c3348f2ed599Secunia Security Advisory - A vulnerability has been reported in Plone, which can be exploited by malicious people to bypass certain security restrictions.
98d9151586e8b22ecdc43d37846ab67f9e08de4c6c8b5f97de290302826f4f2eSecunia Security Advisory - A vulnerability has been reported in Plone, which can be exploited by malicious users to conduct script insertion attacks.
b57456f5a336327436d8bd084f042bd379bf21180b8df2060af63bfe488f18fbSecunia Security Advisory - A vulnerability has been reported in Plone, which can be exploited by malicious people to conduct cross-site scripting attacks.
c7a930b8d66bf900ab5b2fa67c97229f3d595582e4eb88f2f527f5c5de18854eSecunia Security Advisory - A vulnerability has been reported in Plone, which can be exploited by malicious users to bypass certain security restrictions.
7375f3a4a4e104345a94aa4a6cbdf7601c211c09dc123f932b8a8a3281b03935Secunia Security Advisory - A vulnerability has been discovered in Plone, which can be exploited by malicious people to conduct cross-site request forgery attacks.
b6137148f4af59b27ac62f89c798f36b5d6e73d0093fc810c26d38f35f369bd3The Plone CMS is susceptible to cross site request forgery attacks and suffers from other vulnerabilities such as credentials being stored in cookies, a lack of authentication state on the server side, and session cookies never changing.
9fa210737534dab70aad652659316b887c987b046c5b5aec3193ff894d27743dSecunia Security Advisory - ilmila has discovered a vulnerability in Plone, which can be exploited by malicious users to conduct script insertion attacks.
c60b4e03e0f41e3ee6778530bc1a63f7d6559000300a2bcc34bf4663ef53fd96Debian Security Advisory 1405-3 - The Plone developers discovered that their hotfix, released as DSA 1405, introduced two regressions. This update corrects these flaws. It was discovered that Plone, a web content management system, allows remote attackers to execute arbitrary code via specially crafted web browser cookies.
f8c4cb7b087f9f2293e88fb37d88e5ff7d90d653a0b0d0fe36cda51d032dbfb8Secunia Security Advisory - Debian has issued an update for zope-cmfplone. This fixes some vulnerabilities, which can be exploited by malicious people to compromise a vulnerable system.
376557c77bbb66154df16a680a576333870344cab046cf83ecfa4511c0ca93deDebian Security Advisory 1405-2 - The zope-cmfplone update in DSA 1405 introduced a regression. This update corrects this flaw.
ddc8f5f88eaa01e22eab6126f2db39030335bd7cbeb0ff18da4430ea7846a392Debian Security Advisory 1405-1 - It was discovered that Plone, a web content management system, allows remote attackers to execute arbitrary code via specially crafted web browser cookies.
1936591490d4ba176fbd6f30549f59a2e90f8563ff20ca2609dfd1e68267d95b
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed