EUVD-2021-0471

Malware in sbrugna...

EUVD-2022-1845

Malicious code in bioql PyPI...

Plone Security Vulnerability

Plone is an open source content management system CMS built on the Zope application server. A security vulnerability exists in Plone version 5.2.13 that stems from allowing remote code execution...

PYSEC-2010-32

ZServer in Zope 2.10.x before 2.10.12 and 2.11.x before 2.11.7 allows remote attackers to cause a denial of service crash of worker threads via vectors that trigger uncaught exceptions...

Debian Security Advisory DSA 1176-1 (zope2.7)

The remote host is missing an update to zope2.7 announced via advisory DSA 1176-1. It was discovered that the Zope web application server does not disable the csvtable directive in web pages containing ReST markup, allowing the exposure of files readable by the Zope server. OpenVAS Vulnerability...

Zope Invalid Query Path Disclosure

The remote Zope web server may be forced into disclosing its physical path when calling 'Examples/ShoppingCart/addItems' with a blank quantity. Note that this install is also likely to be affected by several other vulnerabilities, although Nessus has not checked for them. C Tenable Network...

Zope ZClass Modification Local DoS

The remote web server is Zope 2.2.5. Such versions allow any Zope user to create a denial of service by modifying Zope data structures, thus rendering the site unusable. Since Nessus solely relied on the version number of the server, consider this a false positive if the hotfix has already been...