zenwryly

3 exploits Active since Sep 2014
CVE-2012-5489 WRITEUP WRITEUP
Zope <2.12.21, <3.13.x - Privilege Escalation
The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 3.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via unspecified vectors.
CVE-2012-5493 WRITEUP WRITEUP
Plone <4.2.3, <4.3 - Beta 1 - Auth Bypass
gtbn.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain permissions to bypass the Python sandbox and execute arbitrary Python code via unspecified vectors.
CVE-2012-5496 WRITEUP WRITEUP
Kupu <4.0 - DoS
kupu_spellcheck.py in Kupu in Plone before 4.0 allows remote attackers to cause a denial of service (ZServer thread lock) via a crafted URL.