Plone » Plone » 3.3.4 * * * : Security Vulnerabilities Published In 2014 (Execute Code)
Cpe Name:
cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*
# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2012-5495 |
94 |
|
Exec Code |
2014-09-30 |
2014-10-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to "go_back." |
2 |
CVE-2012-5493 |
94 |
|
Exec Code Bypass |
2014-09-30 |
2014-10-01 |
8.5 |
None |
Remote |
Medium |
??? |
Complete |
Complete |
Complete |
gtbn.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain permissions to bypass the Python sandbox and execute arbitrary Python code via unspecified vectors. |
3 |
CVE-2012-5488 |
94 |
|
Exec Code |
2014-09-30 |
2014-10-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to createObject. |
4 |
CVE-2012-5487 |
264 |
|
Exec Code Bypass |
2014-09-30 |
2014-10-01 |
8.5 |
None |
Remote |
Medium |
??? |
Complete |
Complete |
Complete |
The sandbox whitelisting function (allowmodule.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain privileges to bypass the Python sandbox restriction and execute arbitrary Python code via vectors related to importing. |
5 |
CVE-2012-5485 |
94 |
|
Exec Code |
2014-09-30 |
2014-10-10 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via unspecified vectors, related to the admin interface. |
Total number of vulnerabilities :
5
Page :
1
(This Page)