CVE-2002-0170
https://notcve.org/view.php?id=CVE-2002-0170
Zope 2.2.0 through 2.5.1 does not properly verify the access for objects with proxy roles, which could allow some users to access documents in violation of the intended configuration. Zope 2.2.0 a 2.5.1 no verifica adecuamente el acceso a objetos con perfiles del proxy, lo que podría permitir a algunos usuarios acceder a documentos violando la configuración pretendida. • http://marc.info/?l=bugtraq&m=101503023511996&w=2 http://www.iss.net/security_center/static/8334.php http://www.osvdb.org/5350 http://www.redhat.com/support/errata/RHSA-2002-060.html http://www.securityfocus.com/bid/4229 http://www.zope.org/Products/Zope/hotfixes •
CVE-2001-1227
https://notcve.org/view.php?id=CVE-2001-1227
Zope before 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags. • http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-080.php3 http://www.redhat.com/support/errata/RHSA-2001-072.html http://www.redhat.com/support/errata/RHSA-2001-115.html http://www.securityfocus.com/bid/3425 https://exchange.xforce.ibmcloud.com/vulnerabilities/7271 https://access.redhat.com/security/cve/CVE-2001-1227 https://bugzilla.redhat.com/show_bug.cgi?id=1616651 •
CVE-2001-1278
https://notcve.org/view.php?id=CVE-2001-1278
Zope before 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags. • http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-080.php3 http://www.redhat.com/support/errata/RHSA-2001-115.html http://www.securityfocus.com/bid/3425 •
CVE-2001-0567
https://notcve.org/view.php?id=CVE-2001-0567
Digital Creations Zope 2.3.2 and earlier allows a local attacker to gain additional privileges via the changing of ZClass permission mappings for objects and methods in the ZClass. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000407 http://www.debian.org/security/2001/dsa-055 http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-049.php3 http://www.redhat.com/support/errata/RHSA-2001-065.html http://www.zope.org/Products/Zope/Hotfix_2001-05-01/security_alert https://exchange.xforce.ibmcloud.com/vulnerabilities/6958 •
CVE-2001-0568
https://notcve.org/view.php?id=CVE-2001-0568
Digital Creations Zope 2.3.1 b1 and earlier allows a local attacker (Zope user) with through-the-web scripting capabilities to alter ZClasses class attributes. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000382 http://www.debian.org/security/2001/dsa-043 http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-025.php3 http://www.redhat.com/support/errata/RHSA-2001-021.html http://www.zope.org/Products/Zope/Products/Zope/Products/Zope/Hotfix_2001-02-23 •