41 matches found
EUVD-2001-1259
Malware in sbrugna...
EUVD-2022-1752
Malicious code in bioql PyPI...
EUVD-2022-1669
Malicious code in bioql PyPI...
EUVD-2022-1854
Malicious code in bioql PyPI...
PYSEC-2023-118
RestrictedPython is a tool that helps to define a subset of the Python language which allows users to provide a program input into a trusted environment. RestrictedPython does not check access to stack frames and their attributes. Stack frames are accessible within at least generators and generat...
GHSA-HHMF-7RGG-GCW5 Plone SQL Injection Vulnerability
SQL Injection in DTML or in connection objects in Plone 4.0 through 5.2.1 allows users to perform unwanted SQL queries. This is a problem in Zope...
Plone SQL Injection Vulnerability
SQL Injection in DTML or in connection objects in Plone 4.0 through 5.2.1 allows users to perform unwanted SQL queries. This is a problem in Zope...
Zope does not properly perform security registration for legacy names
Zope 2.2.0 through 2.2.4 does not properly perform security registration for legacy names of object constructors such as DTML method objects, which could allow attackers to perform unauthorized activities...
GHSA-H2XH-JVPF-XQ42 Zope does not properly perform security registration for legacy names
Zope 2.2.0 through 2.2.4 does not properly perform security registration for legacy names of object constructors such as DTML method objects, which could allow attackers to perform unauthorized activities...
GHSA-9CMQ-PJ6P-HGWF Zope does not properly restrict access to the getRoles method
Zope before 2.2.1 does not properly restrict access to the getRoles method, which allows users who can edit DTML to add or modify roles by modifying the roles list that is included in a request...
Zope DTML implementation Improper Authentication
The DTML implementation in the Z Object Publishing Environment Zope allows remote attackers to conduct unauthorized activities...
GHSA-WCWP-R3FJ-MM3P Zope DTML implementation Improper Authentication
The DTML implementation in the Z Object Publishing Environment Zope allows remote attackers to conduct unauthorized activities...
CVE-2020-7939
SQL Injection in DTML or in connection objects in Plone 4.0 through 5.2.1 allows users to perform unwanted SQL queries. This is a problem in Zope...
CVE-2020-7939
SQL Injection in DTML or in connection objects in Plone 4.0 through 5.2.1 allows users to perform unwanted SQL queries. This is a problem in Zope...
PYSEC-2020-88
SQL Injection in DTML or in connection objects in Plone 4.0 through 5.2.1 allows users to perform unwanted SQL queries. This is a problem in Zope...
PYSEC-2020-88
SQL Injection in DTML or in connection objects in Plone 4.0 through 5.2.1 allows users to perform unwanted SQL queries. This is a problem in Zope...
Mandrake Linux Security Advisory : Zope (MDKSA-2000:043)
The exploit that was not fixed with the previous Zope hotfix involves the getRoles method of user objects contained in the default UserFolder implementation returning a mutable Python type. Because the mutable object is still associated with the persistent User object, users with the ability to...
Mandrake Linux Security Advisory : Zope (MDKSA-2000:086)
A potential security issue exists in versions of Zope up to and including 2.2.4. This issue involves incorrect protection of a data updating method on Image and File objects. Because the method was not correctly protected, it was possible for users with DTML editing privileges to update the raw...
Mandrake Linux Security Advisory : Zope (MDKSA-2000:035)
A problem exists in the Zope package with the getRoles method of user objects contained in the default UserFolder implementation. Users with the ability to edit DTML could arrange to give themselves extra roles for the duration of a single request by mutating the roles list as a part of the reque...
Mandrake Linux Security Advisory : Zope (MDKSA-2000:083)
There is an issue involving security registration of 'legacy' names for certain object constructors such as the constructors for DTML Method Objects. Security was not being applied correctly for the legacy names, making it possible to call those constructors without the permissions that should ha...