Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
plone plone vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2020-35190
The official plone Docker images before version of 4.3.18-alpine (Alpine specific) contain a blank password for a root user. System using the plone docker container deployed by affected versions of the docker image may allow a remote malicious user to achieve root access with a b...
Plone Plone
10
CVSSv2
CVE-2008-1393
Plone CMS 3.0.5, and probably other 3.x versions, places a base64 encoded form of the username and password in the __ac cookie for the admin account, which makes it easier for remote malicious users to obtain administrative privileges by sniffing the network.
Plone Plone Cms
9.3
CVSSv2
CVE-2011-3587
Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in Plone 4.0.x up to and including 4.0.9, 4.1, and 4.2 up to and including 4.2a2, allows remote malicious users to execute arbitrary commands via vectors related to the p_ class in OFS/misc_.py and the use of Python mod...
Zope Zope 2.12.9
Zope Zope 2.12.13
Zope Zope 2.12.2
Zope Zope 2.12.0
Zope Zope 2.12.17
Zope Zope 2.12.15
Zope Zope 2.13.0
Zope Zope 2.13.1
Plone Plone 4.0.8
Plone Plone 4.0.1
Plone Plone 4.1
Plone Plone 4.2
Zope Zope 2.12.12
Zope Zope 2.12.14
Zope Zope 2.12.18
Zope Zope 2.12.6
Zope Zope 2.13.2
Zope Zope 2.12.19
Zope Zope 2.12.20
Plone Plone 4.0.3
Plone Plone 4.0.2
Plone Plone 4.2a2
1 EDB exploit
9.3
CVSSv2
CVE-2011-4030
The CMFEditions component 2.x in Plone 4.0.x up to and including 4.0.9, 4.1, and 4.2 up to and including 4.2a2 does not prevent the KwAsAttributes classes from being publishable, which allows remote malicious users to access sub-objects via unspecified vectors, a different vulner...
Plone Cmfeditions 2.0b6
Plone Cmfeditions 2.0b7
Plone Cmfeditions 2.0b8
Plone Plone 4.0.4
Plone Plone 4.0.6.1
Plone Plone 4.2a1
Plone Cmfeditions 2.0a1
Plone Cmfeditions 2.0b1
Plone Cmfeditions 2.0b9
Plone Plone 4.0.1
Plone Plone 4.0.7
Plone Plone 4.0.9
Plone Cmfeditions 2.0b4
Plone Cmfeditions 2.0b5
Plone Plone 4.0.5
Plone Plone 4.0
Plone Plone 4.2a2
Plone Plone 4.2
Plone Cmfeditions 2.0b2
Plone Cmfeditions 2.0b3
Plone Plone 4.0.3
Plone Plone 4.0.2
8.5
CVSSv2
CVE-2021-33509
Plone up to and including 5.2.4 allows remote authenticated managers to perform disk I/O via crafted keyword arguments to the ReStructuredText transform in a Python script.
Plone Plone
8.5
CVSSv2
CVE-2012-5487
The sandbox whitelisting function (allowmodule.py) in Plone prior to 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain privileges to bypass the Python sandbox restriction and execute arbitrary Python code via vectors related to importing.
Plone Plone 1.0
Plone Plone 1.0.1
Plone Plone 1.0.2
Plone Plone 2.1.2
Plone Plone 2.1.3
Plone Plone 2.1.4
Plone Plone 2.5
Plone Plone 3.1.1
Plone Plone 3.1.2
Plone Plone 3.1.3
Plone Plone 3.1.4
Plone Plone 4.0
Plone Plone 4.0.1
Plone Plone 4.0.2
Plone Plone 4.0.3
Plone Plone 4.2
Plone Plone 4.2.0.1
Plone Plone 4.2.1.1
Plone Plone 4.2.1
Plone Plone 2.0
Plone Plone 2.0.1
Plone Plone 2.0.2
8.5
CVSSv2
CVE-2012-5493
gtbn.py in Plone prior to 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain permissions to bypass the Python sandbox and execute arbitrary Python code via unspecified vectors.
Plone Plone 4.3
Plone Plone
Plone Plone 4.2.1
Plone Plone 4.2.1.1
Plone Plone 4.0.6.1
Plone Plone 4.0.5
Plone Plone 4.0.4
Plone Plone 4.0.3
Plone Plone 3.1.7
Plone Plone 3.1.6
Plone Plone 3.1.5.1
Plone Plone 3.1.4
Plone Plone 2.5.3
Plone Plone 4.2
Plone Plone 3.3.4
Plone Plone 3.3.3
Plone Plone 3.3.2
Plone Plone 3.3.1
Plone Plone 3.3
Plone Plone 3.0.6
Plone Plone 3.0.5
Plone Plone 3.0.4
7.5
CVSSv2
CVE-2020-7941
A privilege escalation issue in plone.app.contenttypes in Plone 4.3 up to and including 5.2.1 allows users to PUT (overwrite) some content without needing write permission.
Plone Plone
7.5
CVSSv2
CVE-2016-4041
Plone 4.0 up to and including 5.1a1 does not have security declarations for Dexterity content-related WebDAV requests, which allows remote malicious users to gain webdav access via unspecified vectors.
Plone Plone 5.0
Plone Plone 5.0.4
Plone Plone 4.3.9
Plone Plone 4.3.7
Plone Plone 4.3
Plone Plone 4.2.6
Plone Plone 4.2.1
Plone Plone 4.1.6
Plone Plone 4.1.4
Plone Plone 4.0.10
Plone Plone 4.0.8
Plone Plone 4.0
Plone Plone 5.0.3
Plone Plone 5.0.2
Plone Plone 5.0.1
Plone Plone 4.2.5
Plone Plone 4.2.4
Plone Plone 4.2.3
Plone Plone 4.2.2
Plone Plone 4.0.5
Plone Plone 4.0.4
Plone Plone 4.0.3
7.5
CVSSv2
CVE-2011-2528
Unspecified vulnerability in (1) Zope 2.12.x prior to 2.12.19 and 2.13.x prior to 2.13.8, as used in Plone 4.x and other products, and (2) PloneHotfix20110720 for Plone 3.x allows malicious users to gain privileges via unspecified vectors, related to a "highly serious vulner...
Plone Plone Hotfix 20110720
Plone Plone 3.1.4
Plone Plone 3.1.3
Plone Plone 3.1.2
Plone Plone 3.1.1
Plone Plone 3.1
Plone Plone 3.0.3
Plone Plone 3.0.4
Plone Plone 3.0.5
Plone Plone 3.0
Plone Plone 3.1.6
Plone Plone 3.0.6
Plone Plone 3.3.1
Plone Plone 3.3.5
Plone Plone 3.3.4
Plone Plone 3.0.2
Plone Plone 3.3.6
Plone Plone 3.2.3
Plone Plone 3.2.2
Plone Plone 3.2.1
Plone Plone 3.2
Plone Plone 3.1.5.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028
memory leak
log injection
CVE-2024-3400
CVE-2022-48695
CVE-2022-48675
CVE-2024-34487
CVE-2024-33792
spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »