CVE-2007-0240
https://notcve.org/view.php?id=CVE-2007-0240
Cross-site scripting (XSS) vulnerability in Zope 2.10.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a HTTP GET request. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Zope 2.10.2 y versiones anteriores permite a atacantes remotos inyectar scripts web o HTML de su elección mediante vectores sin especificar en una petición HTTP GET. • http://lists.suse.com/archive/suse-security-announce/2007-May/0005.html http://secunia.com/advisories/24017 http://secunia.com/advisories/24713 http://secunia.com/advisories/25239 http://www.debian.org/security/2007/dsa-1275 http://www.securityfocus.com/bid/23084 http://www.vupen.com/english/advisories/2007/1041 http://www.zope.org/Products/Zope/Hotfix-2007-03-20/announcement/view https://exchange.xforce.ibmcloud.com/vulnerabilities/33187 •
CVE-2002-0687
https://notcve.org/view.php?id=CVE-2002-0687
The "through the web code" capability for Zope 2.0 through 2.5.1 b1 allows untrusted users to shut down the Zope server via certain headers. La capacidad through the web code de Zope desde la versión 2.0 a la 2.5.1 b1, permite a usuarios no fiables parar el servidor mediante ciertas cabeceras. • http://www.iss.net/security_center/static/9621.php http://www.osvdb.org/5166 http://www.redhat.com/support/errata/RHSA-2002-060.html http://www.securityfocus.com/bid/5813 http://www.zope.org/Products/Zope/Hotfix_2002-04-15/security_alert •
CVE-2002-0688
https://notcve.org/view.php?id=CVE-2002-0688
ZCatalog plug-in index support capability for Zope 2.4.0 through 2.5.1 allows anonymous users and untrusted code to bypass access restrictions and call arbitrary methods of catalog indexes. El plug-in de capacidad de soporte de índice ZCatalog para Zope 2.4.0 a 2.5.1 permite a usuarios anónimos y código no de confianza evadir ciertas restricciones y llamar a métodos arbitrarios de ínidices de catálogos. • http://www.debian.org/security/2004/dsa-490 http://www.iss.net/security_center/static/9610.php http://www.redhat.com/support/errata/RHSA-2002-060.html http://www.securityfocus.com/bid/5812 http://www.zope.org/Products/Zope/Hotfix_2002-06-14/security_alert •
CVE-2002-0170
https://notcve.org/view.php?id=CVE-2002-0170
Zope 2.2.0 through 2.5.1 does not properly verify the access for objects with proxy roles, which could allow some users to access documents in violation of the intended configuration. Zope 2.2.0 a 2.5.1 no verifica adecuamente el acceso a objetos con perfiles del proxy, lo que podría permitir a algunos usuarios acceder a documentos violando la configuración pretendida. • http://marc.info/?l=bugtraq&m=101503023511996&w=2 http://www.iss.net/security_center/static/8334.php http://www.osvdb.org/5350 http://www.redhat.com/support/errata/RHSA-2002-060.html http://www.securityfocus.com/bid/4229 http://www.zope.org/Products/Zope/hotfixes •
CVE-2001-1227
https://notcve.org/view.php?id=CVE-2001-1227
Zope before 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags. • http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-080.php3 http://www.redhat.com/support/errata/RHSA-2001-072.html http://www.redhat.com/support/errata/RHSA-2001-115.html http://www.securityfocus.com/bid/3425 https://exchange.xforce.ibmcloud.com/vulnerabilities/7271 https://access.redhat.com/security/cve/CVE-2001-1227 https://bugzilla.redhat.com/show_bug.cgi?id=1616651 •