3.3.4 * * * : Security Vulnerabilities Published In 2014 (Gain Information)

Cpe Name:cpe:2.3:a:plone:plone:3.3.4:*:*:*:*:*:*:*

2014 : January February March April May June July August September October November December

CVSS Scores Greater Than: 0 1 2 3 4 5 6 7 8 9

Sort Results By : CVE Number Descending CVE Number Ascending CVSS Score Descending Number Of Exploits Descending

#	CVE ID	CWE ID	Vulnerability Type(s)	Publish Date	Update Date	Score	Gained Access Level	Access	Complexity	Authentication	Conf.	Integ.	Avail.
1	CVE-2013-7061	264	Bypass +Info	2014-05-02	2014-06-30	5.5	None	Remote	Low	???	Partial	Partial	None
Products/CMFPlone/CatalogTool.py in Plone 3.3 through 4.3.2 allows remote administrators to bypass restrictions and obtain sensitive information via an unspecified search API.
2	CVE-2013-7060	200	+Info	2014-05-02	2014-06-30	5.0	None	Remote	Low	Not required	Partial	None	None
Products/CMFPlone/FactoryTool.py in Plone 3.3 through 4.3.2 allows remote attackers to obtain the installation path via vectors related to a file object for unspecified documentation which is initialized in class scope.
3	CVE-2013-4196	264	+Info	2014-03-11	2014-03-12	5.0	None	Remote	Low	Not required	Partial	None	None
The object manager implementation (objectmanager.py) in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly restrict access to internal methods, which allows remote attackers to obtain sensitive information via a crafted request.
4	CVE-2013-4194	200	+Info	2014-03-11	2014-03-12	4.3	None	Remote	Medium	Not required	Partial	None	None
The WYSIWYG component (wysiwyg.py) in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote attackers to obtain sensitive information via a crafted URL, which reveals the installation path in an error message.
5	CVE-2013-4191	264	+Info	2014-03-11	2014-03-12	5.8	None	Remote	Medium	Not required	Partial	Partial	None
zip.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly enforce access restrictions when including content in a zip archive, which allows remote attackers to obtain sensitive information by reading a generated archive.
6	CVE-2012-5508	200	+Info	2014-11-03	2014-11-05	5.0	None	Remote	Low	Not required	Partial	None	None
The error pages in Plone before 4.2.3 and 4.3 before beta 1 allow remote attackers to obtain random numbers and derive the PRNG state for password resets via unspecified vectors. NOTE: this identifier was SPLIT per ADT2 due to different vulnerability types. CVE-2012-6661 was assigned for the PRNG reseeding issue in Zope.
7	CVE-2012-5505	200	+Info	2014-09-30	2014-10-02	5.0	None	Remote	Low	Not required	Partial	None	None
atat.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to read private data structures via a request for a view without a name.
8	CVE-2012-5497	200	+Info	2014-09-30	2014-10-10	5.0	None	Remote	Low	Not required	Partial	None	None
membership_tool.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to enumerate user account names via a crafted URL.
9	CVE-2012-5492	200	+Info	2014-09-30	2014-10-01	5.0	None	Remote	Low	Not required	Partial	None	None
uid_catalog.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to obtain metadata about hidden objects via a crafted URL.
10	CVE-2012-5491	200	+Info	2014-09-30	2014-10-01	4.3	None	Remote	Medium	Not required	Partial	None	None
z3c.form, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain the default form field values by leveraging knowledge of the form location and the element id.

Total number of vulnerabilities : 10 Page : 1 (This Page)