tilda.com Improper Access Control vulnerability OBB-2359421

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2021-38696

SoftVibe SARABAN for INFOMA 1.1 has Incorrect Access Control vulnerability, that allows attackers to access signature files on the application without any authentication...

diamondinvestmentestates.com Improper Access Control vulnerability OBB-2298605

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

vixcare.com Improper Access Control vulnerability OBB-2268167

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

yourlocaloffer.com Improper Access Control vulnerability OBB-2268099

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

livonialibrary.org Improper Access Control vulnerability OBB-2252407

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

weddingmatters.com.au Improper Access Control vulnerability OBB-2234736

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

weguang-plaza.com Improper Access Control vulnerability OBB-2215011

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

mediummundi.pl Improper Access Control vulnerability OBB-2181585

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

invisiblearabs.com Improper Access Control vulnerability OBB-2173981

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

curlytales.com Improper Access Control vulnerability OBB-2168091

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Remote Code Execution via unsafe classes in otherwise permitted modules

Impact The module AccessControl defines security policies for Python code used in restricted code within Zope applications. Restricted code is any code that resides in Zope's object database, such as the contents of Script Python objects. The policies defined in AccessControl severely restrict...

GHSA-G4GQ-J4P2-J8FR Remote Code Execution via Script (Python) objects under Python 3

Impact Background: The optional add-on package Products.PythonScripts adds Script Python to the list of content items a user can add to the Zope object database. Inside these scripts users can write Python code that is executed when rendered through the web. The code environment in these script...

Remote Code Execution via Script (Python) objects under Python 3

Impact Background: The optional add-on package Products.PythonScripts adds Script Python to the list of content items a user can add to the Zope object database. Inside these scripts users can write Python code that is executed when rendered through the web. The code environment in these script...

Remote Code Execution via unsafe classes in otherwise permitted modules

The module AccessControl defines security policies for Python code used in restricted code within Zope applications. Restricted code is any code that resides in Zope's object database, such as the contents of Script Python objects. The policies defined in AccessControl severely restrict access to...

Remote Code Execution (RCE)

Zope using the vulnerable versions of AccessControl is vulnerable to remote code execution. Untrusted users with the Zope Manager role are allowed to add/edit and execute the malicious scripts through the web...

Zope RCE Vulnerability (GHSA-g4gq-j4p2-j8fr)

Zope is prone to a remote code execution RCE vulnerability via Script Python objects under Python 3. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

CVE-2021-32807

The module AccessControl defines security policies for Python code used in restricted code within Zope applications. Restricted code is any code that resides in Zope's object database, such as the contents of Script Python objects. The policies defined in AccessControl severely restrict access to...

CVE-2021-32807

The module AccessControl defines security policies for Python code used in restricted code within Zope applications. Restricted code is any code that resides in Zope's object database, such as the contents of Script Python objects. The policies defined in AccessControl severely restrict access to...

PYSEC-2021-367

The module AccessControl defines security policies for Python code used in restricted code within Zope applications. Restricted code is any code that resides in Zope's object database, such as the contents of Script Python objects. The policies defined in AccessControl severely restrict access to...