Mandrake Linux Security Advisory : Zope (MDKSA-2000:035)

A problem exists in the Zope package with the getRoles method of user objects contained in the default UserFolder implementation. Users with the ability to edit DTML could arrange to give themselves extra roles for the duration of a single request by mutating the roles list as a part of the reque...

zope 2.2.4 DTML权限提升漏洞

No description provided by source...

zope 2.2 DTML模板和DTML方法远程修改漏洞

No description provided by source...

Debian Security Advisory DSA 043-1 (zope)

The remote host is missing an update to zope announced via advisory DSA 043-1. OpenVAS Vulnerability Test $Id: deb0431.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 043-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

CVE-2000-1212

Zope 2.2.0 through 2.2.4 does not properly protect a data updating method on Image and File objects, which allows attackers with DTML editing privileges to modify the raw data of these objects...

CVE-2000-1212

CVE-2000-1212 concerns Zope 2.2.0–2.2.4, where a data updating method on Image and File objects is not properly protected. This flaw enables attackers with DTML editing privileges to modify the raw data of these objects. The vulnerability is rooted in insufficient access controls on a data update...

CVE-2001-1278

Zope vulnerable before 2.2.4: partially trusted users could bypass security checks by invoking methods via the fmt attribute of dtml-var tags. The Mandrake MDKSA-2001:080 hotfix addresses this DTML scripting issue, remedying the fmt access problem and preventing unauthorized method calls. The vul...

CVE-2001-1278

Zope before 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags...

MDKSA-2001:080 - Zope update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandrake Linux Security Update Advisory Package name: Zope Date: October 15th, 2001 Advisory ID: MDKSA-2001:080 Affected versions: 7.1, 7.2, Corporate Server 1.0.1 Problem Description: A new Zope hotfix is available that fixes a problem with DTML...

Moderate: Red Hat Security Advisory: : New Zope packages are available

New Zope packages are available which fix a security flaw with DTML scripting. The updated packages include a "hotfix" product which addresses a security problem with DTML scripting, as described in the Hotfix2001-09-28 README.txt file: "The issue involves the fmt attribute of dtml-var tags...

[SECURITY] [DSA 043-1] New Zope packages available

---------------------------------------------------------------------------- Debian Security Advisory DSA-043-1 [email protected] http://www.debian.org/security/ Martin Schulze March 9, 2001 - ---------------------------------------------------------------------------- Packages : zope...

Zope DTML Role Issue

For those of you that haven't seen it, this is the advisory that came across the zope list regarding the DTML role issue. Begin Advisory Brian Lloyd [email protected] Fri, 8 Dec 2000 15:48:52 -0500 Hi all, Aleksander Salwa has brought a security issue to our attention that affects all Zope...

Zope Image and File Update Data Protection Bypass

According to its banner, the remote web server is Zope 2.2.5. Such versions suffer from a security issue involving incorrect protection of a data updating method on Image and File objects. Because the method is not correctly protected, it is possible for users with DTML editing privileges to upda...

CVE-2000-1212

Zope 2.2.0 through 2.2.4 does not properly protect a data updating method on Image and File objects, which allows attackers with DTML editing privileges to modify the raw data of these objects...

CVE-2000-0725

CVE-2000-0725 affects Zope prior to 2.2.1. The vulnerability arises in the getRoles method, where access is insufficiently restricted, allowing a user who can edit DTML to modify the roles list included in a request and thereby add or modify roles. The issue is described across multiple connected...

FreeBSD-SA-00:38.zope

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:38 Security Advisory FreeBSD, Inc. Topic: zope port allows remote modification of DTML documents Category: ports Module: zope Announced: 2000-08-14 Credits: Unknown...

[SECURITY] new version of zope released

Package: zope Vulnerability type: remote unprivileged access Debian-specific: no On versions of Zope prior to 2.2beta1 it was possible for a user with the ability to edit DTML can gain unauthorized access to extra roles during a request. Debian 2.1 slink did not include zope, and is not vulnerabl...

Zope < 2.1.7 DocumentTemplate Unauthorized DTML Entity Modification

The remote web server is Zope 2.1.7. There is a security problem in these versions that can allow the contents of DTMLDocuments or DTMLMethods to be changed without forcing proper user authentication. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid10447; scriptversion...

CVE-2000-0062

CVE-2000-0062 pertains to the DTML implementation in Zope, where remote attackers could perform unauthorized activities. Connected advisories (GHSA-WCWP-R3FJ-MM3P; OSV) describe this as an Improper Authentication issue in Zope DTML, aligning with the historical vulnerability where DTML access cou...

CVE-2000-0062

The DTML implementation in the Z Object Publishing Environment Zope allows remote attackers to conduct unauthorized activities...