Vulnerabilities > Plone > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-12-07 | CVE-2006-4249 | Group Spoofing vulnerability in Plone 2.5/2.5.1 Unspecified vulnerability in PlonePAS in Plone 2.5 and 2.5.1, when anonymous member registration is enabled, allows an attacker to "masquerade as a group." network plone | 4.3 |
| 2006-09-29 | CVE-2006-4247 | Remote Security vulnerability in Plone Unspecified vulnerability in the Password Reset Tool before 0.4.1 on Plone 2.5 and 2.5.1 Release Candidate allows attackers to reset the passwords of other users, related to "an erroneous security declaration." | 6.4 |
| 2006-04-11 | CVE-2006-1711 | Unspecified vulnerability in Plone 2.0.5/2.1.2/2.5Beta1 Plone 2.0.5, 2.1.2, and 2.5-beta1 does not restrict access to the (1) changeMemberPortrait, (2) deletePersonalPortrait, and (3) testCurrentPassword methods, which allows remote attackers to modify portraits. | 5.0 |