| CVE-2011-3587 |
critical |
— |
10.0 |
|
|
|
15y ago |
Zope Command Execution Vulnerability |
| CVE-2011-2528 |
high |
— |
7.5 |
|
|
|
15y ago |
Unspecified vulnerability in (1) Zope 2.12.x before 2.12.19 and 2.13.x before 2.13.8, as used in Plone 4.x and other products, and (2) PloneHotfix20110720 for Plone 3.x allows attackers to gain privi… |
| CVE-2012-5489 |
medium |
— |
6.5 |
|
|
|
12y ago |
The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 2.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to g… |
| CVE-2012-5486 |
medium |
— |
6.4 |
|
|
|
8y ago |
ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character. |
| CVE-2009-5145 |
medium |
6.1 |
6.1 |
|
|
|
4y ago |
Cross-site scripting (XSS) vulnerability in ZMI pages that use the manage_tabs_message in Zope 2.11.4, 2.11.2, 2.10.9, 2.10.7, 2.10.6, 2.10.5, 2.10.4, 2.10.2, 2.10.1, 2.12. |
| CVE-2012-6661 |
medium |
— |
5.0 |
|
|
|
8y ago |
Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, does not reseed the pseudo-random number generator (PRNG), which makes it easier for remote attackers to guess the value via … |
| CVE-2012-5507 |
medium |
— |
4.3 |
|
|
|
8y ago |
AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain passwords via vectors involving timing discrepancies in pa… |
| CVE-2010-1104 |
medium |
— |
4.3 |
|
|
|
16y ago |
Moderate severity vulnerability that affects Zope2 |
