CVEdetails.com the ultimate security vulnerability data source

Log In Register Reset Password Activate Account

Vulnerability Feeds & Widgets^New www.itsecdb.com

Home Browse :
Vendors Products By Date By Type Reports :
CVSS Score Report CVSS Score Distribution Search :
Vendor Search Product Search Version Search Vulnerability Search By Microsoft References Top 50 :
Vendors Vendor Cvss Scores Products Product Cvss Scores Versions Other :
Microsoft Bulletins Bugtraq Entries CWE Definitions About & Contact Feedback CVE Help FAQ External Links :
NVD Website CWE Web Site

Zope » Zope » 2.2.4 : Security Vulnerabilities

Cpe Name:cpe:/a:zope:zope:2.2.4

CVSS Scores Greater Than: 0 1 2 3 4 5 6 7 8 9

Sort Results By : Cve Number Descending Cve Number Ascending CVSS Score Descending Number Of Exploits Descending

Copy Results Download Results Select Table

#	CVE ID	CWE ID	# of Exploits	Vulnerability Type(s)	Publish Date	Update Date	Score	Gained Access Level	Access	Complexity	Authentication	Conf.	Integ.	Avail.
1	CVE-2008-5102	399		DoS	2008-11-17	2009-09-01	4.0	None	Remote	Low	Single system	None	None	Partial
PythonScripts in Zope 2 2.11.2 and earlier, as used in Conga and other products, allows remote authenticated users to cause a denial of service (resource consumption or application halt) via certain (1) raise or (2) import statements.
2	CVE-2002-0170				2002-04-22	2008-09-10	7.5	User	Remote	Low	Not required	Partial	Partial	Partial
Zope 2.2.0 through 2.5.1 does not properly verify the access for objects with proxy roles, which could allow some users to access documents in violation of the intended configuration.
3	CVE-2001-1278			Bypass	2001-10-10	2008-09-10	7.5	User	Remote	Low	Not required	Partial	Partial	Partial
Zope before 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags.
4	CVE-2001-1227			Bypass	2001-10-10	2008-09-10	7.5	User	Remote	Low	Not required	Partial	Partial	Partial
Zope before 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags.
5	CVE-2001-0128			+Priv Bypass	2001-03-12	2008-09-10	7.2	Admin	Local	Low	Not required	Complete	Complete	Complete
Zope before 2.2.4 does not properly compute local roles, which could allow users to bypass specified access restrictions and gain privileges.
6	CVE-2000-1212				2000-12-18	2008-09-10	5.0	None	Remote	Low	Not required	None	Partial	None
Zope 2.2.0 through 2.2.4 does not properly protect a data updating method on Image and File objects, which allows attackers with DTML editing privileges to modify the raw data of these objects.
7	CVE-2000-1211				2000-12-16	2008-09-05	7.5	User	Remote	Low	Not required	Partial	Partial	Partial
Zope 2.2.0 through 2.2.4 does not properly perform security registration for legacy names of object constructors such as DTML method objects, which could allow attackers to perform unauthorized activities.

Total number of vulnerabilities : 7 Page : 1 (This Page)

CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.