Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zope vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2001-1227
Zope prior to 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags.
Zope Zope 2.2.3
Zope Zope 2.2.4
Zope Zope 2.2.0
Zope Zope 2.2.1
Zope Zope 2.2.2
Zope Zope 2.2.5
668
VMScore
CVE-2001-1278
Zope prior to 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags.
Zope Zope 2.2.4
Zope Zope 2.2.0
Zope Zope 2.2.1
Zope Zope 2.2.2
Zope Zope 2.2.3
641
VMScore
CVE-2000-0725
Zope prior to 2.2.1 does not properly restrict access to the getRoles method, which allows users who can edit DTML to add or modify roles by modifying the roles list that is included in a request.
Zope Zope 2.1.1
Zope Zope 2.1.7
Zope Zope 2.2 Beta1
Zope Zope 1.10.3
383
VMScore
CVE-2010-3495
Race condition in ZEO/StorageServer.py in Zope Object Database (ZODB) prior to 3.10.0 allows remote malicious users to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the accept function having an unexpected retu...
Zope Zodb 2.10.9
Zope Zodb 2.11.4
Zope Zodb 3.8.0
Zope Zodb 3.5
Zope Zodb 3.6
Zope Zodb 3.4.1
Zope Zodb 3.4
Zope Zodb 2.9.11
Zope Zodb 3.9.0b5
Zope Zodb 3.9.0b3
Zope Zodb 3.7
Zope Zodb 3.1.1
Zope Zodb 3.1
Zope Zodb 3.8.6
Zope Zodb 3.9.0
Zope Zodb 3.8.2
Zope Zodb 3.8.1
Zope Zodb 3.8
Zope Zodb 3.3.3
Zope Zodb 3.3
Zope Zodb 2.8.11
Zope Zodb 3.9.0b4
578
VMScore
CVE-2009-0668
Unspecified vulnerability in Zope Object Database (ZODB) prior to 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote malicious users to execute arbitrary Python code via vectors involving the ZEO network protocol.
Zope Zodb 3.8.0
Zope Zodb 3.7
Zope Zodb 3.2.4
Zope Zodb 3.1
Zope Zodb 3.6
Zope Zodb 3.5
Zope Zodb 3.1.1
Zope Zodb 2.9.11
Zope Zodb
Zope Zodb 3.3.3
Zope Zodb 3.2
Zope Zodb 2.10.9
Zope Zodb 3.4
Zope Zodb 3.4.1
Zope Zodb 3.3
Zope Zodb 2.8.11
Zope Zodb 2.11.4
668
VMScore
CVE-2011-2528
Unspecified vulnerability in (1) Zope 2.12.x prior to 2.12.19 and 2.13.x prior to 2.13.8, as used in Plone 4.x and other products, and (2) PloneHotfix20110720 for Plone 3.x allows malicious users to gain privileges via unspecified vectors, related to a "highly serious vulner...
Plone Plone Hotfix 20110720
Plone Plone 3.1.4
Plone Plone 3.1.3
Plone Plone 3.1.2
Plone Plone 3.1.1
Plone Plone 3.1
Plone Plone 3.0.3
Plone Plone 3.0.4
Plone Plone 3.0.5
Plone Plone 3.0
Plone Plone 3.1.6
Plone Plone 3.0.6
Plone Plone 3.3.1
Plone Plone 3.3.5
Plone Plone 3.3.4
Plone Plone 3.0.2
Plone Plone 3.3.6
Plone Plone 3.2.3
Plone Plone 3.2.2
Plone Plone 3.2.1
Plone Plone 3.2
Plone Plone 3.1.5.1
534
VMScore
CVE-2009-2701
Unspecified vulnerability in the Zope Enterprise Objects (ZEO) storage-server functionality in Zope Object Database (ZODB) 3.8 prior to 3.8.3 and 3.9.x prior to 3.9.0c2, when certain ZEO database sharing and blob support are enabled, allows remote authenticated users to read or d...
Zope Zodb 3.9.0
Zope Zodb 3.8.1
Zope Zodb 3.8.0
Zope Zodb 3.9.0b5
Zope Zodb 3.9.0b4
Zope Zodb 3.9.0b3
Zope Zodb 3.9.0b2
Zope Zodb 3.8
Zope Zodb 3.9.0c1
Zope Zodb 3.9.0b1
Zope Zodb 3.8.2
578
VMScore
CVE-2012-5489
The App.Undo.UndoSupport.get_request_var_or_attr function in Zope prior to 2.12.21 and 3.13.x prior to 2.13.11, as used in Plone prior to 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via unspecified vectors.
Plone Plone 4.2
Plone Plone 4.1.6
Plone Plone 4.1.5
Plone Plone 4.1.4
Plone Plone 3.3.1
Plone Plone 3.3
Plone Plone 3.2.3
Plone Plone 3.2.2
Plone Plone 3.0.3
Plone Plone 3.0.2
Plone Plone 3.0.1
Plone Plone 3.0
Plone Plone 2.0.3
Plone Plone 2.0.2
Plone Plone 2.0.1
Plone Plone 2.0
Plone Plone
Plone Plone 4.1
Plone Plone 4.0.5
Plone Plone 3.3.4
Plone Plone 3.3.2
Plone Plone 3.2.1
668
VMScore
CVE-2002-0688
ZCatalog plug-in index support capability for Zope 2.4.0 up to and including 2.5.1 allows anonymous users and untrusted code to bypass access restrictions and call arbitrary methods of catalog indexes.
Zope Zope 2.5.1
Zope Zope 2.4.0
890
VMScore
CVE-2000-0062
The DTML implementation in the Z Object Publishing Environment (Zope) allows remote malicious users to conduct unauthorized activities.
Zope Zope 1.10.3
Zope Zope 2.1.1
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654
CVE-2024-2757
authentication bypass
CVE-2024-3194
CVE-2024-33640
CVE-2024-21111
dos
insecure direct object reference
CVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »