CVE List - 2014 / September
Showing 1001 - 1100 of 1146 CVEs for September 2014 (Page 11 of 12)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2014-6416 | 2014-09-28 | Buffer overflow in net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, allows remote attackers to cause a denial of service (memory corruption and panic) or possibly have... |
| CVE-2014-6417 | 2014-09-28 | net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, does not properly consider the possibility of kmalloc failure, which allows remote attackers to cause a denial of service... |
| CVE-2014-6418 | 2014-09-28 | net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, does not properly validate auth replies, which allows remote attackers to cause a denial of service (system crash) or... |
| CVE-2014-7145 | 2014-09-28 | The SMB2_tcon function in fs/cifs/smb2pdu.c in the Linux kernel before 3.16.3 allows remote CIFS servers to cause a denial of service (NULL pointer dereference and client system crash) or possibly... |
| CVE-2014-0205 | 2014-09-28 | The futex_wait function in kernel/futex.c in the Linux kernel before 2.6.37 does not properly maintain a certain reference count during requeue operations, which allows local users to cause a denial... |
| CVE-2014-2639 | 2014-09-28 | Unspecified vulnerability in HP MPIO Device Specific Module Manager before 4.02.00 allows local users to gain privileges via unknown vectors. |
| CVE-2014-3535 | 2014-09-28 | include/linux/netdevice.h in the Linux kernel before 2.6.36 incorrectly uses macros for netdev_printk and its related logging implementation, which allows remote attackers to cause a denial of service (NULL pointer dereference... |
| CVE-2014-7186 | 2014-09-28 | The redirection implementation in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or possibly have unspecified... |
| CVE-2014-7187 | 2014-09-28 | Off-by-one error in the read_token_word function in parse.y in GNU Bash through 4.3 bash43-026 allows remote attackers to cause a denial of service (out-of-bounds array access and application crash) or... |
| CVE-2014-6772 | 2014-09-29 | The United Educational CU (aka com.metova.cuae.uecu) application 1.0.27 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via... |
| CVE-2014-6773 | 2014-09-29 | The CIH Quiz game (aka com.bowenehs.cihquizgameapp) application 1.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via... |
| CVE-2014-6774 | 2014-09-29 | The USEK (aka com.university.usek) application 1.0.8 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted... |
| CVE-2014-6775 | 2014-09-29 | The Light for Pets (aka com.helenwoodward.light4pets) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via... |
| CVE-2014-6776 | 2014-09-29 | The United Advantage NW Federal Cr (aka com.myappengine.uanwfcu) application 1.7 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive... |
| CVE-2014-6777 | 2014-09-29 | The blueeleph (aka eg.film.blueeleph) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted... |
| CVE-2014-6778 | 2014-09-29 | The Goat Forum (aka com.gcspublishing.goatspot) application 3.9.15 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a... |
| CVE-2014-6779 | 2014-09-29 | The Cart App (aka com.virtecha.mobilewallet) application 1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a... |
| CVE-2014-6780 | 2014-09-29 | The MeiTalk (aka com.playjia.meitalk) application @7F060012 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted... |
| CVE-2014-6781 | 2014-09-29 | The Aloha Stadium - Hawaii (aka com.stadium.aloha) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information... |
| CVE-2014-6782 | 2014-09-29 | The Abraham Tours (aka com.mytoursapp.android.app432) application 1.1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a... |
| CVE-2014-6783 | 2014-09-29 | The Campus Link - Campus TV HKUSU (aka com.campus.tv.hkusu) application 2.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain... |
| CVE-2014-6784 | 2014-09-29 | The Fermononrespiri Mobile (aka com.tapatalk.rmonlineitforums) application 3.8.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a... |
| CVE-2014-6785 | 2014-09-29 | The Renny McLean Ministries (aka com.subsplash.thechurchapp.s_GJQX72) application 2.8.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via... |
| CVE-2014-6786 | 2014-09-29 | The Math for Kids - Subtraction (aka it.tinytap.attsa.deepsub) application 1.2.10 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive... |
| CVE-2014-6787 | 2014-09-29 | The Counter Intuition (aka com.counter.intuition) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a... |
| CVE-2014-6788 | 2014-09-29 | The Oman News (aka com.oman.news.rmtzlnbuooordciw) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a... |
| CVE-2014-6789 | 2014-09-29 | The Anaheim Library 2Go! (aka com.bredir.boopsie.anaheim) application 4.5.110 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via... |
| CVE-2014-6790 | 2014-09-29 | The INVEX (aka com.mobilatolye.keyinternet) application 1.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted... |
| CVE-2014-6791 | 2014-09-29 | The Angel Reigns (aka com.conduit.app_dab60e7bd60d4f23a14b3fb7357f9dcd.app) application 1.2.6.185 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a... |
| CVE-2014-6792 | 2014-09-29 | The Suriname Radio (aka com.wordbox.surinameRadio) application 1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a... |
| CVE-2014-6793 | 2014-09-29 | The Arch Friend (aka com.xyproto.archfriend) application 0.4.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a... |
| CVE-2014-6794 | 2014-09-29 | The AAPLD (aka com.bredir.boopsie.aapld) application 4.5.110 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted... |
| CVE-2014-6795 | 2014-09-29 | The Beekeeping Forum (aka com.tapatalk.supporttapatalkcomxxxxx) application 3.9.15 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a... |
| CVE-2014-6796 | 2014-09-29 | The LocalSense (aka com.LocalSense) application 1.2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted... |
| CVE-2014-6797 | 2014-09-29 | The Abu Ali Anasheeds (aka com.faapps.abuali_anasheeds) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via... |
| CVE-2014-6798 | 2014-09-29 | The McMaster Marauders (aka com.weever.marauders) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a... |
| CVE-2014-6799 | 2014-09-29 | The Investigation Tool (aka gov.ca.post.lp.itool) application 1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a... |
| CVE-2014-6800 | 2014-09-29 | The Bloom Township 206 (aka net.parentlink.bloom) application 4.0.500 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via... |
| CVE-2014-6801 | 2014-09-29 | The frank matano (aka com.frank.matano) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a... |
| CVE-2014-6802 | 2014-09-29 | The First Assembly NLR (aka com.subsplash.thechurchapp.firstassemblynlr) application 2.8.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via... |
| CVE-2014-6803 | 2014-09-29 | The Bank of Moscow EIRTS Rent (aka ru.bm.rbs.android) application 1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive... |
| CVE-2014-6804 | 2014-09-29 | The Deschutes Public MobileLibrary (aka com.bredir.boopsie.deschutes) application 4.5.110 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via... |
| CVE-2014-3811 | 2014-09-29 | Juniper Installer Service (JIS) Client 7.x before 7.4R6 for Windows and Junos Pulse Client before 4.0R6 allows local users to gain privileges via unspecified vectors. |
| CVE-2014-3820 | 2014-09-29 | Cross-site scripting (XSS) vulnerability in the SSL VPN/UAC web server in the Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 7.1 before 7.1r16, 7.4 before 7.4r3,... |
| CVE-2014-3823 | 2014-09-29 | The Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 8.0 before 8.0r1, 7.4 before 7.4r5, and 7.1 before 7.1r18 allows remote attackers to conduct clickjacking attacks... |
| CVE-2014-3824 | 2014-09-29 | Cross-site scripting (XSS) vulnerability in the web server in the Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 8.0 before 8.0r6, 7.4 before 7.4r13, and 7.1... |
| CVE-2012-5619 | 2014-09-29 | The Sleuth Kit (TSK) 4.0.1 does not properly handle "." (dotfile) file system entries in FAT file systems and other file systems for which . is not a reserved name,... |
| CVE-2012-5621 | 2014-09-29 | lib/engine/components/opal/opal-call.cpp in ekiga before 4.0.0 allows remote attackers to cause a denial of service (crash) via an OPAL connection with a party name that contains invalid UTF-8 strings. |
| CVE-2012-6107 | 2014-09-29 | Apache Axis2/C does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers... |
| CVE-2012-6110 | 2014-09-29 | bcron-exec in bcron before 0.10 does not close file descriptors associated with temporary files when running a cron job, which allows local users to modify job files and send spam... |
| CVE-2013-1874 | 2014-09-29 | Untrusted search path vulnerability in csi in Chicken before 4.8.2 allows local users to execute arbitrary code via a Trojan horse .csirc in the current working directory. |
| CVE-2013-2100 | 2014-09-29 | The urlopen function in pym/portage/util/_urlopen.py in Gentoo Portage 2.1.12, when using HTTPS, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and modify binary... |
| CVE-2013-2586 | 2014-09-29 | XAMPP 1.8.1 does not properly restrict access to xampp/lang.php, which allows remote attackers to modify xampp/lang.tmp and execute cross-site scripting (XSS) attacks via the WriteIntoLocalDisk method. |
| CVE-2013-3064 | 2014-09-29 | Open redirect vulnerability in ui/dynamic/unsecured.html in Linksys EA6500 with firmware 1.1.28.147876 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the... |
| CVE-2013-3065 | 2014-09-29 | Cross-site scripting (XSS) vulnerability in the Parental Controls section in Linksys EA6500 with firmware 1.1.28.147876 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to... |
| CVE-2013-3066 | 2014-09-29 | Linksys EA6500 with firmware 1.1.28.147876 does not properly restrict access, which allows remote attackers to obtain sensitive information (clients and router configuration) via a request to /JNAP/. |
| CVE-2013-3068 | 2014-09-29 | Cross-site request forgery (CSRF) vulnerability in apply.cgi in Linksys WRT310Nv2 2.0.0.1 allows remote attackers to hijack the authentication of administrators for requests that change passwords and modify remote management ports. |
| CVE-2013-3083 | 2014-09-29 | Cross-site request forgery (CSRF) vulnerability in cgi-bin/system_setting.exe in Belkin F5D8236-4 v2 allows remote attackers to hijack the authentication of administrators for requests that open the remote management interface on arbitrary... |
| CVE-2013-3086 | 2014-09-29 | Cross-site request forgery (CSRF) vulnerability in util_system.html in Belkin N900 router allows remote attackers to hijack the authentication of administrators for requests that change configuration settings including passwords and remote... |
| CVE-2013-3089 | 2014-09-29 | Cross-site request forgery (CSRF) vulnerability in apply.cgi in Belkin N300 (F7D7301v1) router allows remote attackers to hijack the authentication of administrators for requests that modify configuration. |
| CVE-2013-3092 | 2014-09-29 | The Belkin N300 (F7D7301v1) router allows remote attackers to bypass authentication and gain privileges via vectors related to incorrect validation of the HTTP Authorization header. |
| CVE-2013-3632 | 2014-09-29 | The Cron service in rpc.php in OpenMediaVault allows remote authenticated users to execute cron jobs as arbitrary users and execute arbitrary commands via the username parameter. |
| CVE-2014-6805 | 2014-09-30 | The weibo (aka magic.weibo) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted... |
| CVE-2014-6806 | 2014-09-30 | The Thanodi - Setswana Translator (aka com.thanodi.thanodi) application 1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information... |
| CVE-2014-6807 | 2014-09-30 | The OLA School (aka com.conduit.app_00f9890a4f0145f2aae9d714e20b273a.app) application 1.2.7.132 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a... |
| CVE-2014-6808 | 2014-09-30 | The Active 24 (aka com.zentity.app.active24) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a... |
| CVE-2014-6810 | 2014-09-30 | The RIMS 2014 Annual Conference (aka com.coreapps.android.followme.rims2014) application 6.0.7.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information... |
| CVE-2014-6812 | 2014-09-30 | The Aloha Guide (aka com.aloha.guide.english) application 1.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a... |
| CVE-2014-6813 | 2014-09-30 | The klassens (aka com.mcreda.klassens.apps) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted... |
| CVE-2014-6814 | 2014-09-30 | The Sentinels Randomizer (aka com.mikehipps.sentinelsrandomizer) application 1.1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a... |
| CVE-2014-6815 | 2014-09-30 | The Vouch! (aka com.voucherry.voucherry) application 2.1.6 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted... |
| CVE-2014-6816 | 2014-09-30 | The WISDOM (aka lvtu99.com.nescmxiaoniuniu) application 2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted... |
| CVE-2014-6817 | 2014-09-30 | The Cove (aka org.covechurch.app) application 1.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted... |
| CVE-2014-6818 | 2014-09-30 | The OHBM 20th Annual Meeting (aka com.coreapps.android.followme.ohbm2014) application 6.0.9.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information... |
| CVE-2014-6819 | 2014-09-30 | The Lapp Group Catalogue (aka com.prinovis.LappKabel) application 1.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via... |
| CVE-2014-6820 | 2014-09-30 | The Amebra Ameba (aka jp.honeytrap15.amebra) application 1.0.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a... |
| CVE-2014-6821 | 2014-09-30 | The voetbal (aka nl.jborsje.android.voetbal.az) application 4.7.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted... |
| CVE-2014-6822 | 2014-09-30 | The Nerdico (aka com.nerdico.danielepais) application 1.9 Stable for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a... |
| CVE-2014-6823 | 2014-09-30 | The kuailecaidengmi (aka com.licai.kuailecaidengmi) application 1.7.12.15 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted... |
| CVE-2014-6824 | 2014-09-30 | The kamkomesan (aka com.anek.kamkomesan) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted... |
| CVE-2014-6825 | 2014-09-30 | The Teatro Franco Parenti (aka com.mintlab.mx.teatroparenti) application 1.4.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via... |
| CVE-2014-6826 | 2014-09-30 | The Tic-Tac To The MAX FREE (aka com.tothemax) application 1.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive... |
| CVE-2014-6827 | 2014-09-30 | The DK ONLINE Beta (aka com.sgmobile.dkonline) application 1.0.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via... |
| CVE-2014-6828 | 2014-09-30 | The Gulf Credit Union (aka Fi_Mobile.Gulf) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via... |
| CVE-2014-6829 | 2014-09-30 | The Hook (aka com.hook.android) application 0.9.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted... |
| CVE-2014-6830 | 2014-09-30 | The Covet Fashion - Shopping Game (aka com.crowdstar.covetfashion) application 2.14.40 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive... |
| CVE-2014-6831 | 2014-09-30 | The Hippo Studio (aka com.appgreen.hippostudio) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a... |
| CVE-2014-6832 | 2014-09-30 | The Bersa Forum (aka com.gcspublishing.bersaforum) application 3.9.16 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a... |
| CVE-2014-6833 | 2014-09-30 | The AuctionTrac Dealer (aka com.adesa.dealer.phone) application 2.0.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a... |
| CVE-2014-6834 | 2014-09-30 | The Instaroid - Instagram Viewer (aka net.muik.instaroid) application 1.2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information... |
| CVE-2014-6835 | 2014-09-30 | The Herbal Guide (aka com.pocket.herbal.guide) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a... |
| CVE-2014-6836 | 2014-09-30 | The DS photo+ (aka com.synology.dsphoto) application 3.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a... |
| CVE-2014-6278 | 2014-09-30 | GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary commands via a crafted environment, as... |
| CVE-2012-5485 | 2014-09-30 | registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via unspecified vectors, related to the admin interface. |
| CVE-2012-5486 | 2014-09-30 | ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character. |
| CVE-2012-5487 | 2014-09-30 | The sandbox whitelisting function (allowmodule.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain privileges to bypass the Python sandbox restriction and execute arbitrary... |
| CVE-2012-5488 | 2014-09-30 | python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to execute Python code via a crafted URL, related to createObject. |
| CVE-2012-5489 | 2014-09-30 | The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 3.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to... |
| CVE-2012-5490 | 2014-09-30 | Cross-site scripting (XSS) vulnerability in kssdevel.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2012-5491 | 2014-09-30 | z3c.form, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain the default form field values by leveraging knowledge of the form location and... |