3 matches found
CVE-2001-0128
Zope before 2.2.4 contains a bug in how local roles are computed, enabling bypass of access restrictions and privilege escalation. The issue is documented across multiple sources (NVD/CVE entry and Mandrake MDKSA-2000:086) and affects Zope 2.2.4 and earlier. Remediation is to apply the update to ...
CVE-2001-0869
CVE-2001-0869 is a format-string vulnerability in the Cyrus SASL library (cyrus-sasl) affecting the default logging callback _sasl_syslog in common.c. The Mandrake MDKSA-2002:018 advisory notes a format bug in cyrus-sasl that could allow a remote attacker to obtain access or elevate privileges, w...
CVE-2000-0483
The CVE-2000-0483 entry concerns the Zope DocumentTemplate package in Zope 2.2 and earlier. The issue allows a remote attacker to modify DTMLDocuments or DTMLMethods without authorization (unauthenticated write), representing a potential for content tampering. The root cause is a lack of proper a...