FreeBSD : trac -- reStructuredText breach of privacy and denial of service vulnerability (b0d61f73-0e11-11db-a47b-000c2957fdf1)

The Trac 0.9.6 Release Notes reports : Fixed reStructuredText breach of privacy and denial of service vulnerability found by Felix Wiemann. The discovered vulnerability requires docutils to be installed and enabled. Systems that do not have docutils installed or enabled are not vulnerable. As of...

CVE-2006-3458

Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 Zope2 does not disable the "raw" command when providing untrusted users with restructured text reStructuredText functionality from docutils, which allows local users to read arbitrary files...

PYSEC-2006-7

Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 Zope2 does not disable the "raw" command when providing untrusted users with restructured text reStructuredText functionality from docutils, which allows local users to read arbitrary files...

PYSEC-2006-7

Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 Zope2 does not disable the "raw" command when providing untrusted users with restructured text reStructuredText functionality from docutils, which allows local users to read arbitrary files...

CVE-2006-3458

Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 Zope2 does not disable the "raw" command when providing untrusted users with restructured text reStructuredText functionality from docutils, which allows local users to read arbitrary files...

CVE-2006-3458

The CVE-2006-3458 issue concerns Zope 2.7.0–2.7.9 and 2.8.0–2.8.8 (Zope2) not disabling the raw command for untrusted users using reStructuredText from docutils, enabling local file disclosure. Connected advisories (Debian/Ubuntu/OpenVAS/GHSA) corroborate that Zope2’s handling of reStructuredText...

trac -- reStructuredText breach of privacy and denial of service vulnerability

The Trac 0.9.6 Release Notes reports: Fixed reStructuredText breach of privacy and denial of service vulnerability found by Felix Wiemann. The discovered vulnerability requires docutils to be installed and enabled. Systems that do not have docutils installed or enabled are not vulnerable. As of...

FreeBSD : zope -- expose RestructuredText functionality to untrusted users (d2b80c7c-3aae-11da-9484-00123ffe8333)

A Zope Hotfix Alert reports : This hotfix resolves a security issue with docutils. Affected are possibly all Zope instances that expose RestructuredText functionalies to untrusted users through the web. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks i...

USN-229-1: Zope vulnerability

Zope did not deactivate the file inclusion feature when exposing RestructuredText functionalities to untrusted users. A remote user with the privilege of editing Zope webpages with RestructuredText could exploit this to expose arbitrary files that can be read with the privileges of the Zope serve...

[SECURITY] [DSA 910-1] New zope2.7 packages fix arbitrary file inclusion

-------------------------------------------------------------------------- Debian Security Advisory DSA 910-1 [email protected] http://www.debian.org/security/ Martin Schulze November 24th, 2005 http://www.debian.org/security/faq -...

[SECURITY] [DSA 910-1] New zope2.7 packages fix arbitrary file inclusion

-------------------------------------------------------------------------- Debian Security Advisory DSA 910-1 [email protected] http://www.debian.org/security/ Martin Schulze November 24th, 2005 http://www.debian.org/security/faq -...

DSA-910-1 zope2.7 - design error

Bulletin has no description...

GLSA-200510-20 : Zope: File inclusion through RestructuredText

The remote host is affected by the vulnerability described in GLSA-200510-20 Zope: File inclusion through RestructuredText Zope honors file inclusion directives in RestructuredText objects by default. Impact : An attacker could exploit the vulnerability by sending malicious input that would be...

CVE-2005-3323

docutils in Zope 2.6, 2.7 before 2.7.8, and 2.8 before 2.8.2 allows remote attackers to include arbitrary files via include directives in RestructuredText functionality...

CVE-2005-3323

docutils in Zope 2.6, 2.7 before 2.7.8, and 2.8 before 2.8.2 allows remote attackers to include arbitrary files via include directives in RestructuredText functionality...

Zope: File inclusion through RestructuredText

Background Zope is an application server that can be used to build content management systems, intranets, portals or other custom applications. Description Zope honors file inclusion directives in RestructuredText objects by default. Impact An attacker could exploit the vulnerability by sending...

[Full-disclosure] [ GLSA 200510-20 ] Zope: File inclusion through RestructuredText

Gentoo Linux Security Advisory GLSA 200510-20 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...

zope -- expose RestructuredText functionality to untrusted users

A Zope Hotfix Alert reports: This hotfix resolves a security issue with docutils. Affected are possibly all Zope instances that expose RestructuredText functionalies to untrusted users through the web...