Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zope vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2002-0688
ZCatalog plug-in index support capability for Zope 2.4.0 up to and including 2.5.1 allows anonymous users and untrusted code to bypass access restrictions and call arbitrary methods of catalog indexes.
Zope Zope 2.5.1
Zope Zope 2.4.0
7.5
CVSSv2
CVE-2000-0483
The DocumentTemplate package in Zope 2.2 and previous versions allows a remote malicious user to modify DTMLDocuments or DTMLMethods without authorization.
Zope Zope 1.10.3
Redhat Linux Powertools 6.1
Zope Zope 2.1.1
Zope Zope 2.1.7
Redhat Linux Powertools 6.2
NA
CVE-2023-41050
AccessControl provides a general security framework for use in Zope. Python's "format" functionality allows someone controlling the format string to "read" objects accessible (recursively) via attribute access and subscription from accessible objects. Tho...
Zope Accesscontrol
Zope Zope
6.5
CVSSv2
CVE-2021-32811
Zope is an open-source web application server. Zope versions prior to versions 4.6.3 and 5.3 have a remote code execution security issue. In order to be affected, one must use Python 3 for one's Zope deployment, run Zope 4 below version 4.6.3 or Zope 5 below version 5.3, and...
Zope Accesscontrol
Zope Zope
4.3
CVSSv2
CVE-2012-5507
AccessControl/AuthEncoding.py in Zope prior to 2.13.19, as used in Plone prior to 4.2.3 and 4.3 before beta 1, allows remote malicious users to obtain passwords via vectors involving timing discrepancies in password validation.
Zope Zope 2.10.3
Zope Zope 2.11.3
Zope Zope 2.6.1
Zope Zope 2.7.0
Zope Zope 2.7.7
Zope Zope 2.8.1
Zope Zope 2.9.5
Zope Zope 2.9.7
Zope Zope 2.10.8
Zope Zope 2.11.0
Zope Zope 2.11.1
Zope Zope 2.11.2
Zope Zope 2.8.6
Zope Zope 2.8.8
Zope Zope 2.9.2
Zope Zope 2.9.3
Zope Zope 2.7.3
Zope Zope 2.7.4
Zope Zope 2.7.5
Zope Zope 2.7.6
Zope Zope 2.13.18
Zope Zope 2.5.1
6.4
CVSSv2
CVE-2012-5486
ZPublisher.HTTPRequest._scrubHeader in Zope 2 prior to 2.13.19, as used in Plone prior to 4.3 beta 1, allows remote malicious users to inject arbitrary HTTP headers via a linefeed (LF) character.
Plone Plone 3.3
Plone Plone 1.0
Plone Plone 4.2
Plone Plone 4.0.5
Plone Plone 3.0.1
Plone Plone 1.0.3
Plone Plone 3.0
Plone Plone 3.2.3
Plone Plone 3.1.4
Plone Plone 3.1.5.1
Plone Plone 4.2.0.1
Plone Plone 2.1.4
Plone Plone 4.0.2
Plone Plone 4.2.1.1
Plone Plone 3.3.5
Plone Plone 3.0.6
Plone Plone 2.5.4
Plone Plone 3.2
Plone Plone 3.1.1
Plone Plone 4.3
Plone Plone 2.1.1
Plone Plone 3.3.4
7.5
CVSSv2
CVE-2005-3323
docutils in Zope 2.6, 2.7 prior to 2.7.8, and 2.8 prior to 2.8.2 allows remote malicious users to include arbitrary files via include directives in RestructuredText functionality.
Zope Zope 2.6
Zope Zope
Debian Debian Linux 3.1
Debian Debian Linux 3.0
7.5
CVSSv2
CVE-2009-0669
Zope Object Database (ZODB) prior to 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote malicious users to bypass authentication via vectors involving the ZEO network protocol.
Zope Zodb
Zope Zodb 3.8.0
Zope Zodb 3.8
4.3
CVSSv2
CVE-2011-4924
Cross-site scripting (XSS) vulnerability in Zope 2.8.x prior to 2.8.12, 2.9.x prior to 2.9.12, 2.10.x prior to 2.10.11, 2.11.x prior to 2.11.6, and 2.12.x prior to 2.12.3, 3.1.1 up to and including 3.4.1. allows remote malicious users to inject arbitrary web script or HTML via ve...
Zope Zope
5
CVSSv2
CVE-2002-0687
The "through the web code" capability for Zope 2.0 up to and including 2.5.1 b1 allows untrusted users to shut down the Zope server via certain headers.
Zope Zope
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693
CVE-2024-30851
CVE-2024-34460
CVE-2024-2887
local
CVE-2024-27956
remote code execution
CVE-2024-34475
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »