Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zope zope vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2001-1278
Zope prior to 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags.
Zope Zope 2.2.1
Zope Zope 2.2.0
Zope Zope 2.2.4
Zope Zope 2.2.2
Zope Zope 2.2.3
7.5
CVSSv2
CVE-2000-1211
Zope 2.2.0 up to and including 2.2.4 does not properly perform security registration for legacy names of object constructors such as DTML method objects, which could allow malicious users to perform unauthorized activities.
Zope Zope 2.2.0b2
Zope Zope 2.2.1
Zope Zope 2.2.0b4
Zope Zope 2.2.0
Zope Zope 2.2.1b1
Zope Zope 2.2.4
Zope Zope 2.2.2
Zope Zope 2.2.0b1
Zope Zope 2.2.0b3
Zope Zope 2.2.0a1
Zope Zope 2.2.3
7.5
CVSSv2
CVE-2000-0483
The DocumentTemplate package in Zope 2.2 and previous versions allows a remote malicious user to modify DTMLDocuments or DTMLMethods without authorization.
Zope Zope 1.10.3
Redhat Linux Powertools 6.1
Zope Zope 2.1.1
Zope Zope 2.1.7
Redhat Linux Powertools 6.2
7.2
CVSSv2
CVE-2001-0128
Zope prior to 2.2.4 does not properly compute local roles, which could allow users to bypass specified access restrictions and gain privileges.
Zope Zope
Conectiva Linux 4.2
Conectiva Linux 6.0
Conectiva Linux 5.1
Redhat Linux Powertools 6.1
Redhat Linux Powertools 7.0
Conectiva Linux 5.0
Redhat Linux Powertools 6.2
Mandrakesoft Mandrake Linux 7.2
Debian Debian Linux 2.2
Redhat Linux 7.0
Redhat Linux 6.1
Redhat Linux 6.2
Mandrakesoft Mandrake Linux 7.1
Freebsd Freebsd 6.2
7.2
CVSSv2
CVE-2000-0725
Zope prior to 2.2.1 does not properly restrict access to the getRoles method, which allows users who can edit DTML to add or modify roles by modifying the roles list that is included in a request.
Zope Zope 1.10.3
Zope Zope 2.1.1
Zope Zope 2.2 Beta1
Zope Zope 2.1.7
6.8
CVSSv2
CVE-2021-36089
Grok 7.6.6 up to and including 9.2.0 has a heap-based buffer overflow in grk::FileFormatDecompress::apply_palette_clr (called from grk::FileFormatDecompress::applyColour).
Zope Grok
6.8
CVSSv2
CVE-2015-7293
Multiple cross-site request forgery (CSRF) vulnerabilities in Zope Management Interface 4.3.7 and previous versions, and Plone prior to 5.x.
Plone Plone 3.3
Plone Plone 4.3.3
Plone Plone 4.3.11
Plone Plone 4.0.5
Plone Plone 4.3.6
Plone Plone 4.2.3
Plone Plone 4.0.2
Plone Plone 3.3.5
Plone Plone 4.3.5
Plone Plone 4.3.10
Plone Plone 4.3
Plone Plone 4.2.2
Plone Plone 4.0.8
Plone Plone 3.3.4
Plone Plone 4.0.7
Plone Plone 3.3.2
Plone Plone 4.2.7
Plone Plone 4.2.5
Plone Plone 4.1.6
Plone Plone 4.0.4
Plone Plone 4.3.4
Plone Plone 4.0.9
1 EDB exploit
6.5
CVSSv2
CVE-2021-32811
Zope is an open-source web application server. Zope versions prior to versions 4.6.3 and 5.3 have a remote code execution security issue. In order to be affected, one must use Python 3 for one's Zope deployment, run Zope 4 below version 4.6.3 or Zope 5 below version 5.3, and...
Zope Accesscontrol
Zope Zope
6.5
CVSSv2
CVE-2021-32807
The module `AccessControl` defines security policies for Python code used in restricted code within Zope applications. Restricted code is any code that resides in Zope's object database, such as the contents of `Script (Python)` objects. The policies defined in `AccessContro...
Zope Accesscontrol
6.5
CVSSv2
CVE-2021-32674
Zope is an open-source web application server. This advisory extends the previous advisory at https://github.com/zopefoundation/Zope/security/advisories/GHSA-5pr9-v234-jw36 with additional cases of TAL expression traversal vulnerabilities. Most Python modules are not available fo...
Zope Zope
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSRF
server-side request forgery
CVE-2024-30067
CVE-2024-5553
CVE-2024-30095
IDOR
CVE-2024-35252
CVE-2024-23692
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »