CVE-2024-33866

An issue was discovered in linqi before 1.4.0.1 on Windows. There is /api/DocumentTemplate/GUID XSS...

CVE-2024-33865

An issue was discovered in linqi before 1.4.0.1 on Windows. There is an NTLM hash leak via the /api/Cdn/GetFile and /api/DocumentTemplate/GUID endpoints...

CVE-2024-33866

An issue was discovered in linqi before 1.4.0.1 on Windows. There is /api/DocumentTemplate/GUID XSS...

CVE-2024-33866

An issue was discovered in linqi before 1.4.0.1 on Windows. There is /api/DocumentTemplate/GUID XSS...

CVE-2024-33866

Linqi prior to 1.4.0.1 on Windows contains a cross‑site scripting vulnerability in the /api/DocumentTemplate/{GUID} API endpoint. The issue affects versions before 1.4.0.1 and could allow execution of injected scripts when authenticated users interact with the endpoint. The recommended remediatio...

CVE-2024-33866

An issue was discovered in linqi before 1.4.0.1 on Windows. There is /api/DocumentTemplate/GUID XSS...

CVE-2024-33865

CVE-2024-33865 affects linqi prior to 1.4.0.1 on Windows, where an NTLM hash leak can occur via the endpoints /api/Cdn/GetFile and /api/DocumentTemplate/{GUID]. Multiple connected sources corroborate the issue and specify that upgrading to version 1.4.0.1 or later resolves the vulnerability. A pr...

PT-2024-25520 · Linqi · Linqi

Name of the Vulnerable Software and Affected Versions: linqi versions prior to 1.4.0.1 Description: An issue was discovered that leads to an NTLM hash leak. This occurs via the "api/Cdn/GetFile" and "api/DocumentTemplate/GUID" endpoints. Recommendations: For versions prior to 1.4.0.1, update to...

GHSA-J5CC-3H6R-JQH4 Zope DocumentTemplate package allows unauthenticated write

The DocumentTemplate package in Zope 2.2 and earlier allows a remote attacker to modify DTMLDocuments or DTMLMethods without authorization...

Zope DocumentTemplate package allows unauthenticated write

The DocumentTemplate package in Zope 2.2 and earlier allows a remote attacker to modify DTMLDocuments or DTMLMethods without authorization...

Zope < 2.1.7 DocumentTemplate Unauthorized Modification

Binary data 1444.prm...

Дырка в zope :&#41;

Класс DocumentTemplate содержит методы, которые позволяют изменить характеристики класса удаленно через DTML без авторизации. Кроме того проблеммы с классом ZClasses. Часть небезопасных методов могут быть вызваны ограниченным пользователем...

CVE-2000-0483

The CVE-2000-0483 entry concerns the Zope DocumentTemplate package in Zope 2.2 and earlier. The issue allows a remote attacker to modify DTMLDocuments or DTMLMethods without authorization (unauthenticated write), representing a potential for content tampering. The root cause is a lack of proper a...

Conectiva Linux Security Announcement - ZOPE

---------------------------------------------------------------------- CONECTIVA LINUX SECURITY ANNOUNCEMENT ---------------------------------------------------------------------- PACKAGE: zope SUMMARY : Security problems in DocumentTemplate DATE : 2000-06-16 AFFECTED CONECTIVA VERSIONS : 4.2, 5....