41 matches found
EUVD-2001-1259
Malware in sbrugna...
EUVD-2022-1669
Malicious code in bioql PyPI...
EUVD-2022-1854
Malicious code in bioql PyPI...
EUVD-2022-1752
Malicious code in bioql PyPI...
PYSEC-2023-118
RestrictedPython is a tool that helps to define a subset of the Python language which allows users to provide a program input into a trusted environment. RestrictedPython does not check access to stack frames and their attributes. Stack frames are accessible within at least generators and generat...
GHSA-HHMF-7RGG-GCW5 Plone SQL Injection Vulnerability
SQL Injection in DTML or in connection objects in Plone 4.0 through 5.2.1 allows users to perform unwanted SQL queries. This is a problem in Zope...
Plone SQL Injection Vulnerability
SQL Injection in DTML or in connection objects in Plone 4.0 through 5.2.1 allows users to perform unwanted SQL queries. This is a problem in Zope...
GHSA-H2XH-JVPF-XQ42 Zope does not properly perform security registration for legacy names
Zope 2.2.0 through 2.2.4 does not properly perform security registration for legacy names of object constructors such as DTML method objects, which could allow attackers to perform unauthorized activities...
Zope does not properly perform security registration for legacy names
Zope 2.2.0 through 2.2.4 does not properly perform security registration for legacy names of object constructors such as DTML method objects, which could allow attackers to perform unauthorized activities...
GHSA-9CMQ-PJ6P-HGWF Zope does not properly restrict access to the getRoles method
Zope before 2.2.1 does not properly restrict access to the getRoles method, which allows users who can edit DTML to add or modify roles by modifying the roles list that is included in a request...
GHSA-WCWP-R3FJ-MM3P Zope DTML implementation Improper Authentication
The DTML implementation in the Z Object Publishing Environment Zope allows remote attackers to conduct unauthorized activities...
Zope DTML implementation Improper Authentication
The DTML implementation in the Z Object Publishing Environment Zope allows remote attackers to conduct unauthorized activities...
CVE-2020-7939
SQL Injection in DTML or in connection objects in Plone 4.0 through 5.2.1 allows users to perform unwanted SQL queries. This is a problem in Zope...
CVE-2020-7939
SQL Injection in DTML or in connection objects in Plone 4.0 through 5.2.1 allows users to perform unwanted SQL queries. This is a problem in Zope...
PYSEC-2020-88
SQL Injection in DTML or in connection objects in Plone 4.0 through 5.2.1 allows users to perform unwanted SQL queries. This is a problem in Zope...
PYSEC-2020-88
SQL Injection in DTML or in connection objects in Plone 4.0 through 5.2.1 allows users to perform unwanted SQL queries. This is a problem in Zope...
Mandrake Linux Security Advisory : Zope (MDKSA-2000:086)
A potential security issue exists in versions of Zope up to and including 2.2.4. This issue involves incorrect protection of a data updating method on Image and File objects. Because the method was not correctly protected, it was possible for users with DTML editing privileges to update the raw...
Mandrake Linux Security Advisory : Zope (MDKSA-2000:043)
The exploit that was not fixed with the previous Zope hotfix involves the getRoles method of user objects contained in the default UserFolder implementation returning a mutable Python type. Because the mutable object is still associated with the persistent User object, users with the ability to...
Mandrake Linux Security Advisory : Zope (MDKSA-2001:080)
A new Zope hotfix is available that fixes a problem with DTML scripting as described in the README.txt of Hotfix2001-09-28 : 'The issue involves the fmt attribute of dtml-var tags. Without this correction, Zope does not check security access to methods invoked through fmt. This issue could allow...
Mandrake Linux Security Advisory : Zope (MDKSA-2000:035)
A problem exists in the Zope package with the getRoles method of user objects contained in the default UserFolder implementation. Users with the ability to edit DTML could arrange to give themselves extra roles for the duration of a single request by mutating the roles list as a part of the reque...