Plone » Plone » 3.3.6 : Security Vulnerabilities, CVEs, Published In 2014 (Information Leak) CVSS score >= 5
Products/CMFPlone/FactoryTool.py in Plone 3.3 through 4.3.2 allows remote attackers to obtain the installation path via vectors related to a file object for unspecified documentation which is initialized in class scope.
Max CVSS
5.0
EPSS Score
0.31%
Published
2014-05-02
Updated
2014-06-30
The error pages in Plone before 4.2.3 and 4.3 before beta 1 allow remote attackers to obtain random numbers and derive the PRNG state for password resets via unspecified vectors. NOTE: this identifier was SPLIT per ADT2 due to different vulnerability types. CVE-2012-6661 was assigned for the PRNG reseeding issue in Zope.
Max CVSS
5.0
EPSS Score
0.74%
Published
2014-11-03
Updated
2023-02-13
atat.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read private data structures via a request for a view without a name.
Max CVSS
5.0
EPSS Score
0.36%
Published
2014-09-30
Updated
2014-10-02
membership_tool.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to enumerate user account names via a crafted URL.
Max CVSS
5.0
EPSS Score
0.53%
Published
2014-09-30
Updated
2023-02-13
uid_catalog.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to obtain metadata about hidden objects via a crafted URL.
Max CVSS
5.0
EPSS Score
0.36%
Published
2014-09-30
Updated
2014-10-01
5 vulnerabilities found