CVE-2006-4684

CVE-2006-4684 details (Zope/Zope2, docutils integration): Affects Zope 2.7.0–2.7.9 and 2.8.0–2.8.8. The vulnerability stems from improper handling of reStructuredText (reST) in web pages, allowing a remote attacker to read arbitrary files via a csv_table directive. CVSSv2 base metrics reported: A...

zope -- restructuredText "csv_table" Information Disclosure

Secunia reports: A vulnerability has been reported in Zope, which can be exploited by malicious people to disclose potentially sensitive information. The vulnerability is caused due to an error in the use of the docutils module to parse and render "restructured" text. This can be exploited to...

[SECURITY] [DSA 1152-1] New trac packages fix information disclosure

-------------------------------------------------------------------------- Debian Security Advisory DSA 1152-1 [email protected] http://www.debian.org/security/ Martin Schulze August 18th, 2006 http://www.debian.org/security/faq -...

DSA-1152 trac - missing input sanitising

Bulletin has no description...

PYSEC-2006-2

Trac before 0.9.6 does not disable the "raw" or "include" commands when providing untrusted users with restructured text reStructuredText functionality from docutils, which allows remote attackers to read arbitrary files, perform cross-site scripting XSS attacks, or cause a denial of service via...

CVE-2006-3695

Trac up to 0.9.5/0.9.6 era vulnerability: enabling reStructuredText functionality via docutils allows remote access to read arbitrary files, possible XSS, and denial of service due to not disabling the raw/include commands for untrusted users. No patch/version details are provided in the supplied...

[SA20988] Zope reStructuredText "raw" Directive Information Disclosure

---------------------------------------------------------------------- Hardcore Disassembler / Reverse Engineer Reversing must be a passion as your skills will be challenged on a daily basis and you will be working several hours everyday in IDA, Ollydbg, and with BinDiff. Often, it is also requir...

FreeBSD : trac -- reStructuredText breach of privacy and denial of service vulnerability (b0d61f73-0e11-11db-a47b-000c2957fdf1)

The Trac 0.9.6 Release Notes reports : Fixed reStructuredText breach of privacy and denial of service vulnerability found by Felix Wiemann. The discovered vulnerability requires docutils to be installed and enabled. Systems that do not have docutils installed or enabled are not vulnerable. As of...

CVE-2006-3458

Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 Zope2 does not disable the "raw" command when providing untrusted users with restructured text reStructuredText functionality from docutils, which allows local users to read arbitrary files...

CVE-2006-3458

The CVE-2006-3458 issue concerns Zope 2.7.0–2.7.9 and 2.8.0–2.8.8 (Zope2) not disabling the raw command for untrusted users using reStructuredText from docutils, enabling local file disclosure. Connected advisories (Debian/Ubuntu/OpenVAS/GHSA) corroborate that Zope2’s handling of reStructuredText...

trac -- reStructuredText breach of privacy and denial of service vulnerability

The Trac 0.9.6 Release Notes reports: Fixed reStructuredText breach of privacy and denial of service vulnerability found by Felix Wiemann. The discovered vulnerability requires docutils to be installed and enabled. Systems that do not have docutils installed or enabled are not vulnerable. As of...

zope -- information disclosure vulnerability

Zope team reports: Unspecified vulnerability in Zope2 allows local users to obtain sensitive information via unknown attack vectors related to the docutils module and "restructured text"...

FreeBSD : zope -- expose RestructuredText functionality to untrusted users (d2b80c7c-3aae-11da-9484-00123ffe8333)

A Zope Hotfix Alert reports : This hotfix resolves a security issue with docutils. Affected are possibly all Zope instances that expose RestructuredText functionalies to untrusted users through the web. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks i...

CVE-2005-3323

docutils in Zope 2.6, 2.7 before 2.7.8, and 2.8 before 2.8.2 allows remote attackers to include arbitrary files via include directives in RestructuredText functionality...

CVE-2005-3323

docutils in Zope 2.6, 2.7 before 2.7.8, and 2.8 before 2.8.2 allows remote attackers to include arbitrary files via include directives in RestructuredText functionality...

CVE-2005-3323

CVE-2005-3323 affects docutils in Zope: Zope 2.6, Zope 2.7 before 2.7.8, and Zope 2.8 before 2.8.2 are vulnerable. The flaw allows remote attackers to include arbitrary files via include directives in RestructuredText functionality. Root cause: insecure handling of include directives in docutils ...

[SA17173] Zope Unspecified docutils Security Issue

TITLE: Zope Unspecified docutils Security Issue SECUNIA ADVISORY ID: SA17173 VERIFY ADVISORY: http://secunia.com/advisories/17173/ CRITICAL: Moderately critical IMPACT: Unknown WHERE: From remote SOFTWARE: Zope 2.x http://secunia.com/product/397/ DESCRIPTION: A security issue with an unknown impa...