Vulnerabilities > Plone > Plone > 4.2.0.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-09-30 | CVE-2012-5507 | Race Condition vulnerability in multiple products AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain passwords via vectors involving timing discrepancies in password validation. | 4.3 |
2014-09-30 | CVE-2012-5506 | Resource Management Errors vulnerability in Plone python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to cause a denial of service (infinite loop) via an RSS feed request for a folder the user does not have permission to access. | 5.0 |
2014-09-30 | CVE-2012-5505 | Information Exposure vulnerability in Plone atat.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read private data structures via a request for a view without a name. | 5.0 |
2014-09-30 | CVE-2012-5504 | Cross-Site Scripting vulnerability in Plone Cross-site scripting (XSS) vulnerability in widget_traversal.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2014-09-30 | CVE-2012-5503 | Unspecified vulnerability in Plone ftp.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read hidden folder contents via unspecified vectors. | 5.0 |
2014-09-30 | CVE-2012-5502 | Cross-Site Scripting vulnerability in Plone Cross-site scripting (XSS) vulnerability in safe_html.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with permissions to edit content to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
2014-09-30 | CVE-2012-5501 | Permissions, Privileges, and Access Controls vulnerability in Plone at_download.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read arbitrary BLOBs (Files and Images) stored on custom content types via a crafted URL. | 5.0 |
2014-09-30 | CVE-2012-5495 | Code Injection vulnerability in Plone python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to "go_back." | 5.0 |
2014-09-30 | CVE-2012-5494 | Cross-Site Scripting vulnerability in Plone Cross-site scripting (XSS) vulnerability in python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to "{u,}translate." | 4.3 |
2014-09-30 | CVE-2012-5493 | Code Injection vulnerability in Plone gtbn.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain permissions to bypass the Python sandbox and execute arbitrary Python code via unspecified vectors. | 8.5 |