3 matches found
.NET Partial-Trust bypass via browser command-line injection in System.Windows.Forms.Help
A command-line injection vulnerability exists in the core .NET class System.Windows.Forms.Help::ShowHelp function allowing an attacker without “UnmanagedCode” permission to nevertheless directly control arguments passed to a “ShellExecute” invocation of the users’ default browser. This...
security flaw
Zope before 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags...
CVE-2001-1278
Zope before 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags...