14 matches found
EUVD-2014-0067
Malware in sbrugna...
EUVD-2001-0560
Malware in sbrugna...
EUVD-2014-0069
Malware in sbrugna...
EUVD-2001-1259
Malware in sbrugna...
CVE-2023-44389
Zope is an open-source web application server. The title property, available on most Zope objects, can be used to store script code that is executed while viewing the affected object in the Zope Management Interface ZMI. All versions of Zope 4 and Zope 5 are affected. Patches will be released wit...
GHSA-5R4X-QC7Q-VJ27 Zope Cross-site scripting (XSS) vulnerability in ZMI pages
Cross-site scripting XSS vulnerability in ZMI pages that use the managetabsmessage in Zope 2.11.4, 2.11.2, 2.10.9, 2.10.7, 2.10.6, 2.10.5, 2.10.4, 2.10.2, 2.10.1, 2.12...
GHSA-JCJP-QQPQ-PC54 Zope allows local users to read arbitrary files
Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 Zope2 does not disable the "raw" command when providing untrusted users with restructured text reStructuredText functionality from docutils, which allows local users to read arbitrary files...
CVE-2002-0687
The "through the web code" capability for Zope 2.0 through 2.5.1 b1 allows untrusted users to shut down the Zope server via certain headers...
CVE-2001-1227
Zope before 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags...
CVE-2001-1278
Zope before 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags...
CVE-2001-1227
Zope before 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags...
CVE-2000-1212
Zope 2.2.0 through 2.2.4 does not properly protect a data updating method on Image and File objects, which allows attackers with DTML editing privileges to modify the raw data of these objects...
CVE-2000-0725
Zope before 2.2.1 does not properly restrict access to the getRoles method, which allows users who can edit DTML to add or modify roles by modifying the roles list that is included in a request...
Zope < 2.1.7 DocumentTemplate Unauthorized DTML Entity Modification
The remote web server is Zope 2.1.7. There is a security problem in these versions that can allow the contents of DTMLDocuments or DTMLMethods to be changed without forcing proper user authentication. C Tenable Network Security, Inc. include"compat.inc"; ifdescription scriptid10447; scriptversion...