Vulnerabilities > Plone
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-11-07 | CVE-2007-5741 | Code Injection vulnerability in Plone Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to execute arbitrary Python code via network data containing pickled objects for the (1) statusmessages or (2) linkintegrity module, which the module unpickles and executes. | 7.5 |
| 2006-12-07 | CVE-2006-4249 | Group Spoofing vulnerability in Plone 2.5/2.5.1 Unspecified vulnerability in PlonePAS in Plone 2.5 and 2.5.1, when anonymous member registration is enabled, allows an attacker to "masquerade as a group." network plone | 4.3 |
| 2006-09-29 | CVE-2006-4247 | Remote Security vulnerability in Plone Unspecified vulnerability in the Password Reset Tool before 0.4.1 on Plone 2.5 and 2.5.1 Release Candidate allows attackers to reset the passwords of other users, related to "an erroneous security declaration." | 6.4 |
| 2006-04-11 | CVE-2006-1711 | Unspecified vulnerability in Plone 2.0.5/2.1.2/2.5Beta1 Plone 2.0.5, 2.1.2, and 2.5-beta1 does not restrict access to the (1) changeMemberPortrait, (2) deletePersonalPortrait, and (3) testCurrentPassword methods, which allows remote attackers to modify portraits. | 5.0 |