5 matches found
Trac reStructuredText breach of privacy and denial of service vulnerability
Trac before 0.9.6 does not disable the "raw" or "include" commands when providing untrusted users with restructured text reStructuredText functionality from docutils, which allows remote attackers to read arbitrary files, perform cross-site scripting XSS attacks, or cause a denial of service via...
FreeBSD Ports: zope
The remote host is missing an update to the system as announced in the referenced advisory. VID 5f2a0c40-1322-11db-bd23-000475abc56f OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...
Debian Security Advisory DSA 1113-1 (zope2.7)
The remote host is missing an update to zope2.7 announced via advisory DSA 1113-1. It was discovered that the Zope web application server allows read access to arbitrary pages on the server, if a user has the privilege to edit restructured text pages. OpenVAS Vulnerability Test $Id: deb11131.nasl...
PYSEC-2006-2
Trac before 0.9.6 does not disable the "raw" or "include" commands when providing untrusted users with restructured text reStructuredText functionality from docutils, which allows remote attackers to read arbitrary files, perform cross-site scripting XSS attacks, or cause a denial of service via...
CVE-2006-3458
The CVE-2006-3458 issue concerns Zope 2.7.0–2.7.9 and 2.8.0–2.8.8 (Zope2) not disabling the raw command for untrusted users using reStructuredText from docutils, enabling local file disclosure. Connected advisories (Debian/Ubuntu/OpenVAS/GHSA) corroborate that Zope2’s handling of reStructuredText...