EUVD-2018-0324

Malware in sbrugna...

EUVD-2017-0142

Malware in sbrugna...

SUSE CVE-2006-3458

Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 Zope2 does not disable the "raw" command when providing untrusted users with restructured text reStructuredText functionality from docutils, which allows local users to read arbitrary files...

PYSEC-2021-370

Zope is an open-source web application server. Zope versions prior to versions 4.6.3 and 5.3 have a remote code execution security issue. In order to be affected, one must use Python 3 for one's Zope deployment, run Zope 4 below version 4.6.3 or Zope 5 below version 5.3, and have the optional...

PYSEC-2021-88

Zope is an open-source web application server. In Zope versions prior to 4.6 and 5.2, users can access untrusted modules indirectly through Python modules that are available for direct use. By default, only users with the Manager role can add or edit Zope Page Templates through the web, but sites...

VulnCheck KEV: CVE-2011-3587

Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2, allows remote attackers to execute arbitrary commands via vectors related to the p class in OFS/misc.py and the use of Python modules...

PYSEC-2017-148

Cross-site scripting XSS vulnerability in ZMI pages that use the managetabsmessage in Zope 2.11.4, 2.11.2, 2.10.9, 2.10.7, 2.10.6, 2.10.5, 2.10.4, 2.10.2, 2.10.1, 2.12...

PYSEC-2017-148

Cross-site scripting XSS vulnerability in ZMI pages that use the managetabsmessage in Zope 2.11.4, 2.11.2, 2.10.9, 2.10.7, 2.10.6, 2.10.5, 2.10.4, 2.10.2, 2.10.1, 2.12...

PT-2014-2313 · Plone +2 · Plone +2

Name of the Vulnerable Software and Affected Versions: Zope versions prior to 2.13.19 Plone versions prior to 4.3 beta 1 Description: The issue allows remote attackers to inject arbitrary HTTP headers via a linefeed LF character in the ZPublisher.HTTPRequest. scrubHeader function. Recommendations...

Plone and Zope - Remote Command Execution

Exploit Title: Plone - Remote Command Execution Date: 12/21/2011 Author: Nick Miles www.npenetrable.com Tested on: 12/21/2011 CVE : CVE-2011-3587 Versions Affected without hotfix: Plone 4.0 through 4.0.9; Plone 4.1; Plone 4.2 a1 and a2; Zope 2.12.x and Zope 2.13.x. Versions Not Affected: Versions...

PYSEC-2011-32

Unspecified vulnerability in 1 Zope 2.12.x before 2.12.19 and 2.13.x before 2.13.8, as used in Plone 4.x and other products, and 2 PloneHotfix20110720 for Plone 3.x allows attackers to gain privileges via unspecified vectors, related to a "highly serious vulnerability." NOTE: this vulnerability...

PYSEC-2011-25

Unspecified vulnerability in 1 Zope 2.12.x before 2.12.19 and 2.13.x before 2.13.8, as used in Plone 4.x and other products, and 2 PloneHotfix20110720 for Plone 3.x allows attackers to gain privileges via unspecified vectors, related to a "highly serious vulnerability." NOTE: this vulnerability...

Zope Python Scripts Local Denial of Service Vulnerability

This host is running Zope, and is prone to Denial of Service Vulnerability. OpenVAS Vulnerability Test $Id: gbzopepythonscriptsdosvulnlin.nasl 5785 2017-03-30 09:19:35Z cfi $ Zope Python Scripts Local Denial of Service Vulnerability Authors: Chandan S Copyright: Copyright c 2008 Greenbone Network...

FreeBSD : zope -- XSS vulnerability (34414a1e-e377-11db-b8ab-000c76189c4c)

The Zope Team reports : A vulnerability has been discovered in Zope, where by certain types of misuse of HTTP GET, an attacker could gain elevated privileges. All Zope versions up to and including 2.10.2 are affected. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...

Zope < 2.1.7 DocumentTemplate Unauthorized Modification

Binary data 1444.prm...

Zope < 2.3.3 ZClass Permission Mapping Modification Local Privilege Escalation

Binary data 1446.prm...

CVE-2002-0688

ZCatalog plug-in index support capability for Zope 2.4.0 through 2.5.1 allows anonymous users and untrusted code to bypass access restrictions and call arbitrary methods of catalog indexes...

CVE-2002-0688

ZCatalog plug-in index support capability for Zope 2.4.0 through 2.5.1 allows anonymous users and untrusted code to bypass access restrictions and call arbitrary methods of catalog indexes...

CVE-2002-0170

Zope 2.2.0 through 2.5.1 does not properly verify the access for objects with proxy roles, which could allow some users to access documents in violation of the intended configuration...

CVE-2000-1211

Zope 2.2.0 through 2.2.4 does not properly perform security registration for legacy names of object constructors such as DTML method objects, which could allow attackers to perform unauthorized activities...