Max CVSS | 6.8 | Min CVSS | 4.3 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2012-5500 | 4.3 |
The batch id change script (renameObjectsByPaths.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to change the titles of content items by leveraging a valid CSRF token in a crafted request.
|
13-02-2023 - 04:37 | 03-11-2014 - 22:55 | |
CVE-2012-5498 | 5.0 |
queryCatalog.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to bypass caching and cause a denial of service via a crafted request to a collection.
|
13-02-2023 - 04:37 | 30-09-2014 - 14:55 | |
CVE-2012-5497 | 5.0 |
membership_tool.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to enumerate user account names via a crafted URL.
|
13-02-2023 - 04:36 | 30-09-2014 - 14:55 | |
CVE-2012-5488 | 5.0 |
python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to createObject.
|
13-02-2023 - 04:36 | 30-09-2014 - 14:55 | |
CVE-2012-5486 | 6.4 |
ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character.
|
13-02-2023 - 04:36 | 30-09-2014 - 14:55 | |
CVE-2012-5485 | 6.8 |
registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via unspecified vectors, related to the admin interface.
|
13-02-2023 - 04:35 | 30-09-2014 - 14:55 | |
CVE-2014-3521 | 5.5 |
The component in (1) /luci/homebase and (2) /luci/cluster menu in Red Hat Conga 0.12.2 allows remote authenticated users to bypass intended access restrictions via a crafted URL.
|
13-02-2023 - 00:40 | 06-10-2014 - 14:55 | |
CVE-2013-6496 | 5.0 |
Red Hat Conga 0.12.2 allows remote attackers to obtain sensitive information via a crafted request to the (1) homebase, (2) cluster, (3) storage, (4) portal_skins/custom, or (5) logs Luci extension.
|
13-02-2023 - 00:29 | 06-10-2014 - 14:55 | |
CVE-2012-5499 | 5.0 |
python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to cause a denial of service (memory consumption) via a large value, related to formatColumns.
|
13-02-2023 - 00:26 | 30-09-2014 - 14:55 |