258681
|
- |
|
plone
|
plone
|
The object manager implementation (objectmanager.py) in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly restrict access to internal methods, which allows remote …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4196
|
2014-03-12 10:37 |
2014-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258682
|
- |
|
plone
|
plone
|
Multiple open redirect vulnerabilities in (1) marmoset_patch.py, (2) publish.py, and (3) principiaredirect.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote attac…
|
CWE-20
Improper Input Validation
|
CVE-2013-4195
|
2014-03-12 10:30 |
2014-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258683
|
- |
|
plone
|
plone
|
The WYSIWYG component (wysiwyg.py) in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote attackers to obtain sensitive information via a crafted URL, which reveals the …
|
CWE-200
Information Exposure
|
CVE-2013-4194
|
2014-03-12 10:28 |
2014-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258684
|
- |
|
plone
|
plone
|
typeswidget.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly enforce the immutable setting on unspecified content edit forms, which allows remote attackers …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4193
|
2014-03-12 10:24 |
2014-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258685
|
- |
|
plone
|
plone
|
sendto.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to spoof emails via unspecified vectors.
|
CWE-20
Improper Input Validation
|
CVE-2013-4192
|
2014-03-12 10:22 |
2014-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258686
|
- |
|
plone
|
plone
|
zip.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly enforce access restrictions when including content in a zip archive, which allows remote attackers to o…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4191
|
2014-03-12 10:10 |
2014-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258687
|
- |
|
plone
|
plone
|
Multiple cross-site scripting (XSS) vulnerabilities in (1) spamProtect.py, (2) pts.py, and (3) request.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote attackers…
|
CWE-79
Cross-site Scripting
|
CVE-2013-4190
|
2014-03-12 10:06 |
2014-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258688
|
- |
|
plone
|
plone
|
Multiple unspecified vulnerabilities in (1) dataitems.py, (2) get.py, and (3) traverseName.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote authenticated users w…
|
NVD-CWE-noinfo
|
CVE-2013-4189
|
2014-03-12 10:02 |
2014-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258689
|
- |
|
plone
|
plone
|
traverser.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote attackers with administrator privileges to cause a denial of service (infinite loop and resource cons…
|
CWE-399
Resource Management Errors
|
CVE-2013-4188
|
2014-03-12 09:59 |
2014-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258690
|
- |
|
umi-cms
|
umi.cms
|
Cross-site request forgery (CSRF) vulnerability in Umisoft UMI.CMS before 2.9 build 21905 allows remote attackers to hijack the authentication of administrators for requests that add administrator ac…
|
CWE-352
Origin Validation Error
|
CVE-2013-2754
|
2014-03-12 09:47 |
2014-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|