CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Zope » Zope : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2011-3587 Exec Code 2011-10-10 2011-10-20
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2, allows remote attackers to execute arbitrary commands via vectors related to the p_ class in OFS/misc_.py and the use of Python modules.
2 CVE-2011-2528 +Priv 2011-07-19 2011-07-25
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in (1) Zope 2.12.x before 2.12.19 and 2.13.x before 2.13.8, as used in Plone 4.x and other products, and (2) PloneHotfix20110720 for Plone 3.x allows attackers to gain privileges via unspecified vectors, related to a "highly serious vulnerability." NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-0720.
3 CVE-2010-3198 DoS 2010-09-08 2010-09-10
4.3
None Remote Medium Not required None None Partial
ZServer in Zope 2.10.x before 2.10.12 and 2.11.x before 2.11.7 allows remote attackers to cause a denial of service (crash of worker threads) via vectors that trigger uncaught exceptions.
4 CVE-2010-1104 79 XSS 2010-03-25 2010-03-25
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Zope 2.8.x before 2.8.12, 2.9.x before 2.9.12, 2.10.x before 2.10.11, 2.11.x before 2.11.6, and 2.12.x before 2.12.3 allows remote attackers to inject arbitrary web script or HTML via vectors related to error messages.
5 CVE-2008-5102 399 DoS 2008-11-17 2009-09-01
4.0
None Remote Low Single system None None Partial
PythonScripts in Zope 2 2.11.2 and earlier, as used in Conga and other products, allows remote authenticated users to cause a denial of service (resource consumption or application halt) via certain (1) raise or (2) import statements.
6 CVE-2007-0240 XSS 2007-03-22 2008-09-05
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Zope 2.10.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a HTTP GET request.
7 CVE-2006-4684 2006-09-19 2008-09-05
5.0
None Remote Low Not required Partial None None
The docutils module in Zope (Zope2) 2.7.0 through 2.7.9 and 2.8.0 through 2.8.8 does not properly handle web pages with reStructuredText (reST) markup, which allows remote attackers to read arbitrary files via a csv_table directive, a different vulnerability than CVE-2006-3458.
8 CVE-2006-3458 2006-07-07 2011-03-10
2.1
None Local Low Not required Partial None None
Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 (Zope2) does not disable the "raw" command when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows local users to read arbitrary files.
9 CVE-2005-3323 2005-10-27 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
docutils in Zope 2.6, 2.7 before 2.7.8, and 2.8 before 2.8.2 allows remote attackers to include arbitrary files via include directives in RestructuredText functionality.
10 CVE-2002-0688 Bypass 2002-07-23 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
ZCatalog plug-in index support capability for Zope 2.4.0 through 2.5.1 allows anonymous users and untrusted code to bypass access restrictions and call arbitrary methods of catalog indexes.
11 CVE-2002-0687 2002-07-23 2008-09-05
5.0
None Remote Low Not required None None Partial
The "through the web code" capability for Zope 2.0 through 2.5.1 b1 allows untrusted users to shut down the Zope server via certain headers.
12 CVE-2002-0170 2002-04-22 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Zope 2.2.0 through 2.5.1 does not properly verify the access for objects with proxy roles, which could allow some users to access documents in violation of the intended configuration.
13 CVE-2001-1278 Bypass 2001-10-10 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Zope before 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags.
14 CVE-2001-1227 Bypass 2001-10-10 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Zope before 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags.
15 CVE-2001-0569 2001-08-22 2008-09-05
2.1
None Local Low Not required None Partial None
Digital Creations Zope 2.3.1 b1 and earlier contains a problem in the method return values related to the classes (1) ObjectManager, (2) PropertyManager, and (3) PropertySheet.
16 CVE-2001-0568 2001-08-22 2008-09-05
2.1
None Local Low Not required None Partial None
Digital Creations Zope 2.3.1 b1 and earlier allows a local attacker (Zope user) with through-the-web scripting capabilities to alter ZClasses class attributes.
17 CVE-2001-0567 +Priv 2001-08-14 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Digital Creations Zope 2.3.2 and earlier allows a local attacker to gain additional privileges via the changing of ZClass permission mappings for objects and methods in the ZClass.
18 CVE-2001-0128 +Priv Bypass 2001-03-12 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
Zope before 2.2.4 does not properly compute local roles, which could allow users to bypass specified access restrictions and gain privileges.
19 CVE-2000-1212 2000-12-18 2008-09-10
5.0
None Remote Low Not required None Partial None
Zope 2.2.0 through 2.2.4 does not properly protect a data updating method on Image and File objects, which allows attackers with DTML editing privileges to modify the raw data of these objects.
20 CVE-2000-1211 2000-12-16 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Zope 2.2.0 through 2.2.4 does not properly perform security registration for legacy names of object constructors such as DTML method objects, which could allow attackers to perform unauthorized activities.
21 CVE-2000-0725 2000-10-20 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
Zope before 2.2.1 does not properly restrict access to the getRoles method, which allows users who can edit DTML to add or modify roles by modifying the roles list that is included in a request.
22 CVE-2000-0483 2000-06-15 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
The DocumentTemplate package in Zope 2.2 and earlier allows a remote attacker to modify DTMLDocuments or DTMLMethods without authorization.
23 CVE-2000-0062 2000-01-04 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
The DTML implementation in the Z Object Publishing Environment (Zope) allows remote attackers to conduct unauthorized activities.
Total number of vulnerabilities : 23   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.