|
295651
|
- |
|
schneems
|
wicked
|
Directory traversal vulnerability in controller/concerns/render_redirect.rb in the Wicked gem before 1.0.1 for Ruby allows remote attackers to read arbitrary files via a %2E%2E%2F (encoded dot dot sl…
|
CWE-22
Path Traversal
|
CVE-2013-4413
|
2024-11-21 10:55 |
2014-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295652
|
- |
|
plone
|
plone
|
mail_password.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to bypass the prohibition on password changes via the forgotten password emai…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4198
|
2024-11-21 10:55 |
2014-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295653
|
- |
|
plone
|
plone
|
(1) cb_decode.py and (2) linkintegrity.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote authenticated users to cause a denial of service (resource consumption) v…
|
CWE-20
Improper Input Validation
|
CVE-2013-4199
|
2024-11-21 10:55 |
2014-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295654
|
- |
|
plone
|
plone
|
member_portrait.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to modify or delete portraits of other users via unspecified vectors.
|
CWE-20
Improper Input Validation
|
CVE-2013-4197
|
2024-11-21 10:55 |
2014-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295655
|
- |
|
plone
|
plone
|
Multiple open redirect vulnerabilities in (1) marmoset_patch.py, (2) publish.py, and (3) principiaredirect.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote attac…
|
CWE-20
Improper Input Validation
|
CVE-2013-4195
|
2024-11-21 10:55 |
2014-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295656
|
- |
|
plone
|
plone
|
The object manager implementation (objectmanager.py) in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly restrict access to internal methods, which allows remote …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4196
|
2024-11-21 10:55 |
2014-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295657
|
- |
|
plone
|
plone
|
typeswidget.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly enforce the immutable setting on unspecified content edit forms, which allows remote attackers …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4193
|
2024-11-21 10:55 |
2014-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295658
|
- |
|
plone
|
plone
|
The WYSIWYG component (wysiwyg.py) in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote attackers to obtain sensitive information via a crafted URL, which reveals the …
|
CWE-200
Information Exposure
|
CVE-2013-4194
|
2024-11-21 10:55 |
2014-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295659
|
- |
|
plone
|
plone
|
sendto.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to spoof emails via unspecified vectors.
|
CWE-20
Improper Input Validation
|
CVE-2013-4192
|
2024-11-21 10:55 |
2014-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295660
|
- |
|
plone
|
plone
|
zip.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly enforce access restrictions when including content in a zip archive, which allows remote attackers to o…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4191
|
2024-11-21 10:55 |
2014-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
