Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zope zope 2.5.1 vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2021-33507
Zope Products.CMFCore prior to 2.5.1 and Products.PluggableAuthService prior to 2.6.2, as used in Plone up to and including 5.2.4 and other products, allow Reflected XSS.
Plone Plone
Zope Zope
NA
CVE-2012-6661
Zope prior to 2.13.19, as used in Plone prior to 4.2.3 and 4.3 before beta 1, does not reseed the pseudo-random number generator (PRNG), which makes it easier for remote malicious users to guess the value via unspecified vectors. NOTE: this issue was SPLIT from CVE-2012-5508 due ...
Plone Plone 3.3
Plone Plone 1.0
Plone Plone 4.0.5
Plone Plone 3.0.1
Plone Plone 1.0.3
Plone Plone 3.0
Plone Plone 3.2.3
Plone Plone 3.1.4
Plone Plone 3.1.5.1
Plone Plone 2.1.4
Plone Plone 4.0.2
Plone Plone 3.3.5
Plone Plone 3.0.6
Plone Plone 2.5.4
Plone Plone 3.2
Plone Plone 3.1.1
Plone Plone 4.3
Plone Plone 2.1.1
Plone Plone 3.3.4
Plone Plone 2.0.3
Plone Plone 1.0.4
Plone Plone 3.3.2
NA
CVE-2012-5508
The error pages in Plone prior to 4.2.3 and 4.3 before beta 1 allow remote malicious users to obtain random numbers and derive the PRNG state for password resets via unspecified vectors. NOTE: this identifier was SPLIT per ADT2 due to different vulnerability types. CVE-2012-6661 ...
Plone Plone 3.3
Plone Plone 1.0
Plone Plone 4.0.5
Plone Plone 3.0.1
Plone Plone 1.0.3
Plone Plone 3.0
Plone Plone 3.2.3
Plone Plone 3.1.4
Plone Plone 3.1.5.1
Plone Plone 2.1.4
Plone Plone 4.0.2
Plone Plone 3.3.5
Plone Plone 3.0.6
Plone Plone 2.5.4
Plone Plone 3.2
Plone Plone 3.1.1
Plone Plone 4.3
Plone Plone 2.1.1
Plone Plone 3.3.4
Plone Plone 2.0.3
Plone Plone 1.0.4
Plone Plone 3.3.2
NA
CVE-2012-5486
ZPublisher.HTTPRequest._scrubHeader in Zope 2 prior to 2.13.19, as used in Plone prior to 4.3 beta 1, allows remote malicious users to inject arbitrary HTTP headers via a linefeed (LF) character.
Plone Plone 3.3
Plone Plone 1.0
Plone Plone 4.2
Plone Plone 4.0.5
Plone Plone 3.0.1
Plone Plone 1.0.3
Plone Plone 3.0
Plone Plone 3.2.3
Plone Plone 3.1.4
Plone Plone 3.1.5.1
Plone Plone 4.2.0.1
Plone Plone 2.1.4
Plone Plone 4.0.2
Plone Plone 4.2.1.1
Plone Plone 3.3.5
Plone Plone 3.0.6
Plone Plone 2.5.4
Plone Plone 3.2
Plone Plone 3.1.1
Plone Plone 4.3
Plone Plone 2.1.1
Plone Plone 3.3.4
NA
CVE-2012-5507
AccessControl/AuthEncoding.py in Zope prior to 2.13.19, as used in Plone prior to 4.2.3 and 4.3 before beta 1, allows remote malicious users to obtain passwords via vectors involving timing discrepancies in password validation.
Zope Zope 2.8.8
Zope Zope 2.10.8
Zope Zope 2.7.0
Zope Zope 2.11.1
Zope Zope 2.11.3
Zope Zope 2.9.2
Zope Zope 2.7.6
Zope Zope 2.9.4
Zope Zope 2.9.5
Zope Zope 2.7.5
Zope Zope 2.11.2
Zope Zope 2.11.0
Zope Zope 2.7.3
Zope Zope 2.13.18
Zope Zope 2.8.6
Zope Zope 2.9.7
Zope Zope 2.7.4
Zope Zope 2.9.6
Zope Zope 2.9.3
Zope Zope 2.10.3
Zope Zope 2.8.1
Zope Zope 2.6.4
NA
CVE-2012-5489
The App.Undo.UndoSupport.get_request_var_or_attr function in Zope prior to 2.12.21 and 3.13.x prior to 2.13.11, as used in Plone prior to 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via unspecified vectors.
Plone Plone 3.3
Plone Plone 1.0
Plone Plone 4.2
Plone Plone 4.0.5
Plone Plone 3.0.1
Plone Plone 1.0.3
Plone Plone 3.0
Plone Plone 3.2.3
Plone Plone 3.1.4
Plone Plone 3.1.5.1
Plone Plone 4.2.0.1
Plone Plone 2.1.4
Plone Plone 4.0.2
Plone Plone 4.2.1.1
Plone Plone 3.3.5
Plone Plone 3.0.6
Plone Plone 2.5.4
Plone Plone 3.2
Plone Plone 3.1.1
Plone Plone 4.3
Plone Plone 2.1.1
Plone Plone 3.3.4
NA
CVE-2008-5102
PythonScripts in Zope 2 2.11.2 and previous versions, as used in Conga and other products, allows remote authenticated users to cause a denial of service (resource consumption or application halt) via certain (1) raise or (2) import statements.
Zope Zope 2.0.0b6
Zope Zope 2.7.3-final
Zope Zope 2.4.0
Zope Zope 2.2.0b2
Zope Zope 2.7.3-b2
Zope Zope 2.7.0-final
Zope Zope 2.2.1
Zope Zope 2.7.4-b2
Zope Zope 2.3.1
Zope Zope 2.8.8
Zope Zope 2.2.0b4
Zope Zope 1.10.3
Zope Zope 2.7.4-c1
Zope Zope 2.10.5
Zope Zope 2.4.4b1
Zope Zope 2.8.9.1
Zope Zope 2.2.0
Zope Zope 2.1.2
Zope Zope 2.0.0b5
Zope Zope 2.3.0b3
Zope Zope 2.7.0-b2
Zope Zope 1.10.4
1 EDB exploit
NA
CVE-2007-5741
Plone 2.5 up to and including 2.5.4 and 3.0 up to and including 3.0.2 allows remote malicious users to execute arbitrary Python code via network data containing pickled objects for the (1) statusmessages or (2) linkintegrity module, which the module unpickles and executes.
Plone Plone 2.5 Beta1
Plone Plone 3.0.1
Plone Plone 3.0
Plone Plone 2.5.4
Plone Plone 2.5.1
Plone Plone 2.5
Plone Plone 2.5.1 Rc
Plone Plone 3.0.2
NA
CVE-2002-0687
The "through the web code" capability for Zope 2.0 up to and including 2.5.1 b1 allows untrusted users to shut down the Zope server via certain headers.
Zope Zope
NA
CVE-2002-0688
ZCatalog plug-in index support capability for Zope 2.4.0 up to and including 2.5.1 allows anonymous users and untrusted code to bypass access restrictions and call arbitrary methods of catalog indexes.
Zope Zope 2.4.0
Zope Zope 2.5.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »