Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zope vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2001-1227
Zope prior to 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags.
Zope Zope 2.2.3
Zope Zope 2.2.4
Zope Zope 2.2.0
Zope Zope 2.2.1
Zope Zope 2.2.2
Zope Zope 2.2.5
7.5
CVSSv2
CVE-2001-1278
Zope prior to 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags.
Zope Zope 2.2.4
Zope Zope 2.2.0
Zope Zope 2.2.1
Zope Zope 2.2.2
Zope Zope 2.2.3
7.2
CVSSv2
CVE-2000-0725
Zope prior to 2.2.1 does not properly restrict access to the getRoles method, which allows users who can edit DTML to add or modify roles by modifying the roles list that is included in a request.
Zope Zope 2.1.1
Zope Zope 2.1.7
Zope Zope 2.2 Beta1
Zope Zope 1.10.3
4.3
CVSSv2
CVE-2010-3495
Race condition in ZEO/StorageServer.py in Zope Object Database (ZODB) prior to 3.10.0 allows remote malicious users to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected retu...
Zope Zodb 2.10.9
Zope Zodb 2.11.4
Zope Zodb 3.8.0
Zope Zodb 3.5
Zope Zodb 3.6
Zope Zodb 3.4.1
Zope Zodb 3.4
Zope Zodb 2.9.11
Zope Zodb 3.9.0b5
Zope Zodb 3.9.0b3
Zope Zodb 3.7
Zope Zodb 3.1.1
Zope Zodb 3.1
Zope Zodb 3.8.6
Zope Zodb 3.9.0
Zope Zodb 3.8.2
Zope Zodb 3.8.1
Zope Zodb 3.8
Zope Zodb 3.3.3
Zope Zodb 3.3
Zope Zodb 2.8.11
Zope Zodb 3.9.0b4
6.5
CVSSv2
CVE-2009-0668
Unspecified vulnerability in Zope Object Database (ZODB) prior to 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote malicious users to execute arbitrary Python code via vectors involving the ZEO network protocol.
Zope Zodb 3.8.0
Zope Zodb 3.7
Zope Zodb 3.2.4
Zope Zodb 3.1
Zope Zodb 3.6
Zope Zodb 3.5
Zope Zodb 3.1.1
Zope Zodb 2.9.11
Zope Zodb
Zope Zodb 3.3.3
Zope Zodb 3.2
Zope Zodb 2.10.9
Zope Zodb 3.4
Zope Zodb 3.4.1
Zope Zodb 3.3
Zope Zodb 2.8.11
Zope Zodb 2.11.4
7.5
CVSSv2
CVE-2011-2528
Unspecified vulnerability in (1) Zope 2.12.x prior to 2.12.19 and 2.13.x prior to 2.13.8, as used in Plone 4.x and other products, and (2) PloneHotfix20110720 for Plone 3.x allows malicious users to gain privileges via unspecified vectors, related to a "highly serious vulner...
Plone Plone Hotfix 20110720
Plone Plone 3.1.4
Plone Plone 3.1.3
Plone Plone 3.1.2
Plone Plone 3.1.1
Plone Plone 3.1
Plone Plone 3.0.3
Plone Plone 3.0.4
Plone Plone 3.0.5
Plone Plone 3.0
Plone Plone 3.1.6
Plone Plone 3.0.6
Plone Plone 3.3.1
Plone Plone 3.3.5
Plone Plone 3.3.4
Plone Plone 3.0.2
Plone Plone 3.3.6
Plone Plone 3.2.3
Plone Plone 3.2.2
Plone Plone 3.2.1
Plone Plone 3.2
Plone Plone 3.1.5.1
6
CVSSv2
CVE-2009-2701
Unspecified vulnerability in the Zope Enterprise Objects (ZEO) storage-server functionality in Zope Object Database (ZODB) 3.8 prior to 3.8.3 and 3.9.x prior to 3.9.0c2, when certain ZEO database sharing and blob support are enabled, allows remote authenticated users to read or d...
Zope Zodb 3.9.0
Zope Zodb 3.8.1
Zope Zodb 3.8.0
Zope Zodb 3.9.0b5
Zope Zodb 3.9.0b4
Zope Zodb 3.9.0b3
Zope Zodb 3.9.0b2
Zope Zodb 3.8
Zope Zodb 3.9.0c1
Zope Zodb 3.9.0b1
Zope Zodb 3.8.2
6.5
CVSSv2
CVE-2012-5489
The App.Undo.UndoSupport.get_request_var_or_attr function in Zope prior to 2.12.21 and 3.13.x prior to 2.13.11, as used in Plone prior to 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via unspecified vectors.
Plone Plone 4.2
Plone Plone 4.1.6
Plone Plone 4.1.5
Plone Plone 4.1.4
Plone Plone 3.3.1
Plone Plone 3.3
Plone Plone 3.2.3
Plone Plone 3.2.2
Plone Plone 3.0.3
Plone Plone 3.0.2
Plone Plone 3.0.1
Plone Plone 3.0
Plone Plone 2.0.3
Plone Plone 2.0.2
Plone Plone 2.0.1
Plone Plone 2.0
Plone Plone
Plone Plone 4.1
Plone Plone 4.0.5
Plone Plone 3.3.4
Plone Plone 3.3.2
Plone Plone 3.2.1
10
CVSSv2
CVE-2000-0062
The DTML implementation in the Z Object Publishing Environment (Zope) allows remote malicious users to conduct unauthorized activities.
Zope Zope 1.10.3
Zope Zope 2.1.1
4.6
CVSSv2
CVE-2001-0567
Digital Creations Zope 2.3.2 and previous versions allows a local malicious user to gain additional privileges via the changing of ZClass permission mappings for objects and methods in the ZClass.
Zope Zope 7.1
Zope Zope 7.2
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693
CVE-2024-30851
CVE-2024-34460
CVE-2024-2887
local
CVE-2024-27956
remote code execution
CVE-2024-34475
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »