CVE-2007-5741 Information

Description

Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to execute arbitrary Python code via network data containing pickled objects for the (1) statusmessages or (2) linkintegrity module which the module unpickles and executes.

Reference

http://osvdb.org/42071 http://osvdb.org/42072 http://plone.org/about/security/advisories/cve-2007-5741 http://secunia.com/advisories/27530 http://secunia.com/advisories/27559 http://www.debian.org/security/2007/dsa-1405 http://www.securityfocus.com/archive/1/483343/100/0/threaded http://www.securityfocus.com/bid/26354 http://www.vupen.com/english/advisories/2007/3754 https://exchange.xforce.ibmcloud.com/vulnerabilities/38288