Lucene search
K

5 matches found

Github Security Blog
Github Security Blog
added 2022/05/01 7:11 a.m.27 views

Trac reStructuredText breach of privacy and denial of service vulnerability

Trac before 0.9.6 does not disable the "raw" or "include" commands when providing untrusted users with restructured text reStructuredText functionality from docutils, which allows remote attackers to read arbitrary files, perform cross-site scripting XSS attacks, or cause a denial of service via...

6.8CVSS6.5AI score0.01864EPSS
Exploits0References11Affected Software1
OpenVAS
OpenVAS
added 2008/09/04 12:0 a.m.22 views

FreeBSD Ports: zope

The remote host is missing an update to the system as announced in the referenced advisory. VID 5f2a0c40-1322-11db-bd23-000475abc56f OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

2.1CVSS6.3AI score0.00422EPSS
Exploits0
OpenVAS
OpenVAS
added 2008/01/17 12:0 a.m.19 views

Debian Security Advisory DSA 1113-1 (zope2.7)

The remote host is missing an update to zope2.7 announced via advisory DSA 1113-1. It was discovered that the Zope web application server allows read access to arbitrary pages on the server, if a user has the privilege to edit restructured text pages. OpenVAS Vulnerability Test $Id: deb11131.nasl...

2.1CVSS0.00422EPSS
Exploits0
OSV
OSV
added 2006/07/21 2:3 p.m.21 views

PYSEC-2006-2

Trac before 0.9.6 does not disable the "raw" or "include" commands when providing untrusted users with restructured text reStructuredText functionality from docutils, which allows remote attackers to read arbitrary files, perform cross-site scripting XSS attacks, or cause a denial of service via...

6.8CVSS5.2AI score0.01864EPSS
Exploits0References10
CVE
CVE
added 2006/07/07 11:0 p.m.67 views

CVE-2006-3458

The CVE-2006-3458 issue concerns Zope 2.7.0–2.7.9 and 2.8.0–2.8.8 (Zope2) not disabling the raw command for untrusted users using reStructuredText from docutils, enabling local file disclosure. Connected advisories (Debian/Ubuntu/OpenVAS/GHSA) corroborate that Zope2’s handling of reStructuredText...

2.1CVSS6.1AI score0.00422EPSS
Exploits0References12Affected Software1
Rows per page
Query Builder