Vulnerabilities > Plone > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-02-03 | CVE-2011-0720 | Remote Security Bypass vulnerability in Plone Unspecified vulnerability in Plone 2.5 through 4.0, as used in Conga, luci, and possibly other products, allows remote attackers to obtain administrative access, read or create arbitrary content, and change the site skin via unknown vectors. | 7.5 |
| 2008-03-20 | CVE-2008-1395 | Improper Authentication vulnerability in Plone CMS Plone CMS does not record users' authentication states, and implements the logout feature solely on the client side, which makes it easier for context-dependent attackers to reuse a logged-out session. | 7.5 |
| 2008-03-20 | CVE-2008-1394 | Credentials Management vulnerability in Plone CMS Plone CMS before 3 places a base64 encoded form of the username and password in the __ac cookie for all user accounts, which makes it easier for remote attackers to obtain access by sniffing the network. | 7.5 |
| 2007-11-07 | CVE-2007-5741 | Code Injection vulnerability in Plone Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to execute arbitrary Python code via network data containing pickled objects for the (1) statusmessages or (2) linkintegrity module, which the module unpickles and executes. | 7.5 |