CVE-2006-4684
https://notcve.org/view.php?id=CVE-2006-4684
The docutils module in Zope (Zope2) 2.7.0 through 2.7.9 and 2.8.0 through 2.8.8 does not properly handle web pages with reStructuredText (reST) markup, which allows remote attackers to read arbitrary files via a csv_table directive, a different vulnerability than CVE-2006-3458. El módulo docutils en Zope (Zope2) desde 2.7.0 hasta 2.7.9 y desde 2.8.0 hasta 2.8.8 no maneja adecuadamente páginas web con el marcado reStructuredText (reST), lo cual permite a atacantes remotos leer ficheros de su elección vía una directiva csv_table, una vulnerabilidad diferente que CVE-2006-3458. • http://mail.zope.org/pipermail/zope-announce/2006-August/002005.html http://secunia.com/advisories/21947 http://secunia.com/advisories/21953 http://www.debian.org/security/2006/dsa-1176 http://www.securityfocus.com/bid/20022 http://www.vupen.com/english/advisories/2006/3653 http://www.zope.org/Products/Zope/Hotfix-2006-08-21/Hotfix-20060821/README.txt •
CVE-2006-3458
https://notcve.org/view.php?id=CVE-2006-3458
Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 (Zope2) does not disable the "raw" command when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows local users to read arbitrary files. Zope 2.7.0 a 2.7.8, 2.8.0 a 2.8.7, y 2.9.0 a 2.9.3 (Zope2) no desabilita el comando "raw" cuando se mantiene a usuarios no válidos con la funcionalidad de texto reestructurado (reStructuredText) desde docutils, lo cual permite a usuarios locales leer archivos de su elección. • http://mail.zope.org/pipermail/zope-announce/2006-July/001984.html http://secunia.com/advisories/20988 http://secunia.com/advisories/21025 http://secunia.com/advisories/21130 http://secunia.com/advisories/21459 http://www.debian.org/security/2006/dsa-1113 http://www.novell.com/linux/security/advisories/2006_19_sr.html http://www.securityfocus.com/bid/18856 http://www.vupen.com/english/advisories/2006/2681 http://www.zope.org/Products/Zope/Hotfix-2006-07-05/Hotfix-200 •
CVE-2005-3323
https://notcve.org/view.php?id=CVE-2005-3323
docutils in Zope 2.6, 2.7 before 2.7.8, and 2.8 before 2.8.2 allows remote attackers to include arbitrary files via include directives in RestructuredText functionality. • http://secunia.com/advisories/17173 http://secunia.com/advisories/17309 http://secunia.com/advisories/17676 http://www.debian.org/security/2005/dsa-910 http://www.gentoo.org/security/en/glsa/glsa-200510-20.xml http://www.novell.com/linux/security/advisories/2005_27_sr.html http://www.securityfocus.com/bid/15082 http://www.zope.org/Products/Zope/Hotfix_2005-10-09/security_alert https://usn.ubuntu.com/229-1 •
CVE-2002-0687
https://notcve.org/view.php?id=CVE-2002-0687
The "through the web code" capability for Zope 2.0 through 2.5.1 b1 allows untrusted users to shut down the Zope server via certain headers. La capacidad through the web code de Zope desde la versión 2.0 a la 2.5.1 b1, permite a usuarios no fiables parar el servidor mediante ciertas cabeceras. • http://www.iss.net/security_center/static/9621.php http://www.osvdb.org/5166 http://www.redhat.com/support/errata/RHSA-2002-060.html http://www.securityfocus.com/bid/5813 http://www.zope.org/Products/Zope/Hotfix_2002-04-15/security_alert •
CVE-2002-0688
https://notcve.org/view.php?id=CVE-2002-0688
ZCatalog plug-in index support capability for Zope 2.4.0 through 2.5.1 allows anonymous users and untrusted code to bypass access restrictions and call arbitrary methods of catalog indexes. El plug-in de capacidad de soporte de índice ZCatalog para Zope 2.4.0 a 2.5.1 permite a usuarios anónimos y código no de confianza evadir ciertas restricciones y llamar a métodos arbitrarios de ínidices de catálogos. • http://www.debian.org/security/2004/dsa-490 http://www.iss.net/security_center/static/9610.php http://www.redhat.com/support/errata/RHSA-2002-060.html http://www.securityfocus.com/bid/5812 http://www.zope.org/Products/Zope/Hotfix_2002-06-14/security_alert •