|
292451
|
- |
|
plone
|
plone
|
The WYSIWYG component (wysiwyg.py) in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote attackers to obtain sensitive information via a crafted URL, which reveals the …
|
CWE-200
Information Exposure
|
CVE-2013-4194
|
2024-11-21 10:55 |
2014-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292452
|
- |
|
plone
|
plone
|
sendto.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to spoof emails via unspecified vectors.
|
CWE-20
Improper Input Validation
|
CVE-2013-4192
|
2024-11-21 10:55 |
2014-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292453
|
- |
|
plone
|
plone
|
zip.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly enforce access restrictions when including content in a zip archive, which allows remote attackers to o…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4191
|
2024-11-21 10:55 |
2014-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292454
|
- |
|
plone
|
plone
|
Multiple unspecified vulnerabilities in (1) dataitems.py, (2) get.py, and (3) traverseName.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote authenticated users w…
|
NVD-CWE-noinfo
|
CVE-2013-4189
|
2024-11-21 10:55 |
2014-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292455
|
- |
|
plone
|
plone
|
Multiple cross-site scripting (XSS) vulnerabilities in (1) spamProtect.py, (2) pts.py, and (3) request.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote attackers…
|
CWE-79
Cross-site Scripting
|
CVE-2013-4190
|
2024-11-21 10:55 |
2014-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292456
|
- |
|
plone
|
plone
|
traverser.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote attackers with administrator privileges to cause a denial of service (infinite loop and resource cons…
|
CWE-399
Resource Management Errors
|
CVE-2013-4188
|
2024-11-21 10:55 |
2014-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292457
|
- |
|
apache
debian
oracle
|
tomcat
debian_linux
solaris
|
Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 allows attackers to obtain "Tomcat internals" information by leveraging the presence of an untrusted web application with a c…
|
CWE-200
Information Exposure
|
CVE-2013-4590
|
2024-11-21 10:55 |
2014-02-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292458
|
- |
|
apache
|
tomcat
|
Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before 8.0.0-RC10 processes chunked transfer coding without properly handling (1) a large total amount of chunked data or (2) whitespace charac…
|
CWE-20
Improper Input Validation
|
CVE-2013-4322
|
2024-11-21 10:55 |
2014-02-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292459
|
- |
|
apache
|
tomcat
|
Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before 8.0.0-RC3, when an HTTP connector or AJP connector is used, does not properly handle certain inconsistent HTTP request headers, which al…
|
CWE-20
Improper Input Validation
|
CVE-2013-4286
|
2024-11-21 10:55 |
2014-02-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292460
|
- |
|
feep
|
libtar
|
Multiple directory traversal vulnerabilities in the (1) tar_extract_glob and (2) tar_extract_all functions in libtar 1.2.20 and earlier allow remote attackers to overwrite arbitrary files via a .. (d…
|
CWE-22
Path Traversal
|
CVE-2013-4420
|
2024-11-21 10:55 |
2014-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
