CVSS: 5.0EPSS: 0%CPEs: 11EXPL: 0CVE-2000-1212
https://notcve.org/view.php?id=CVE-2000-1212
Zope 2.2.0 through 2.2.4 does not properly protect a data updating method on Image and File objects, which allows attackers with DTML editing privileges to modify the raw data of these objects. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000365 http://frontal2.mandriva.com/security/advisories?name=MDKSA-2000:086 http://www.debian.org/security/2001/dsa-007 http://www.osvdb.org/6283 http://www.redhat.com/support/errata/RHSA-2000-135.html http://www.zope.org/Products/Zope/Hotfix_2000-12-18/security_alert https://exchange.xforce.ibmcloud.com/vulnerabilities/5778 •
CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 0CVE-2000-1211
https://notcve.org/view.php?id=CVE-2000-1211
Zope 2.2.0 through 2.2.4 does not properly perform security registration for legacy names of object constructors such as DTML method objects, which could allow attackers to perform unauthorized activities. • http://www.iss.net/security_center/static/5824.php http://www.linux-mandrake.com/en/security/2000/MDKSA-2000-083.php3 http://www.osvdb.org/6282 http://www.redhat.com/support/errata/RHSA-2000-125.html http://www.zope.org/Products/Zope/Hotfix_2000-12-08/security_alert •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2000-0725
https://notcve.org/view.php?id=CVE-2000-0725
Zope before 2.2.1 does not properly restrict access to the getRoles method, which allows users who can edit DTML to add or modify roles by modifying the roles list that is included in a request. • http://archives.neohapsis.com/archives/bugtraq/2000-08/0198.html http://archives.neohapsis.com/archives/bugtraq/2000-08/0259.html http://www.debian.org/security/2000/20000821 http://www.redhat.com/support/errata/RHSA-2000-052.html http://www.securityfocus.com/bid/1577 http://www.zope.org/Products/Zope/Hotfix_08_09_2000/security_alert •
CVSS: 7.5EPSS: 1%CPEs: 5EXPL: 0CVE-2000-0483
https://notcve.org/view.php?id=CVE-2000-0483
The DocumentTemplate package in Zope 2.2 and earlier allows a remote attacker to modify DTMLDocuments or DTMLMethods without authorization. • ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00%3A38.zope.asc http://archives.neohapsis.com/archives/bugtraq/2000-06/0144.html http://archives.neohapsis.com/archives/bugtraq/2000-07/0412.html http://www.redhat.com/support/errata/RHSA-2000-038.html http://www.securityfocus.com/bid/1354 http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000616103807.A3768%40conectiva.com.br http://www.zope.org/Products/Zope/Hotfix_06_16_2000/security_alert https://exch •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2000-0062
https://notcve.org/view.php?id=CVE-2000-0062
The DTML implementation in the Z Object Publishing Environment (Zope) allows remote attackers to conduct unauthorized activities. • http://www.securityfocus.com/bid/922 http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000104222219.B41650%40schvin.net •