Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
zope zope 2.5.1 vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2002-0688
ZCatalog plug-in index support capability for Zope 2.4.0 up to and including 2.5.1 allows anonymous users and untrusted code to bypass access restrictions and call arbitrary methods of catalog indexes.
Zope Zope 2.5.1
Zope Zope 2.4.0
668
VMScore
CVE-2002-0170
Zope 2.2.0 up to and including 2.5.1 does not properly verify the access for objects with proxy roles, which could allow some users to access documents in violation of the intended configuration.
Zope Zope 2.2.2
Zope Zope 2.2.3
Zope Zope 2.2.4
Zope Zope 2.4.1
Zope Zope 2.4.2
Zope Zope 2.3.1
Zope Zope 2.3.2
Zope Zope 2.5.0
Zope Zope 2.5.1b1
Zope Zope 2.2.5
Zope Zope 2.3.0
Zope Zope 2.4.3
Zope Zope 2.4.4b1
Zope Zope 2.2.0
Zope Zope 2.2.1
Zope Zope 2.3.3
Zope Zope 2.4.0
405
VMScore
CVE-2008-5102
PythonScripts in Zope 2 2.11.2 and previous versions, as used in Conga and other products, allows remote authenticated users to cause a denial of service (resource consumption or application halt) via certain (1) raise or (2) import statements.
Zope Zope 2.10.3-final
Zope Zope 2.10.2-final
Zope Zope 2.10.5
Zope Zope 2.9.0-final
Zope Zope 2.9.6
Zope Zope 2.9.5
Zope Zope 2.8.0-final
Zope Zope 2.8.0-b2
Zope Zope 2.8.7
Zope Zope 2.8.6
Zope Zope 2.7.6-final
Zope Zope 2.7.6-b2
Zope Zope 2.7.4-c1
Zope Zope 2.7.4-b2
Zope Zope 2.7.1-b2
Zope Zope 2.7.1-b1
Zope Zope 2.7.0-b1
Zope Zope 2.7.0-a1
Zope Zope 2.6.2.b4
Zope Zope 2.6.2.b3
Zope Zope 2.6.4
Zope Zope 2.6.3
1 EDB exploit
578
VMScore
CVE-2012-5489
The App.Undo.UndoSupport.get_request_var_or_attr function in Zope prior to 2.12.21 and 3.13.x prior to 2.13.11, as used in Plone prior to 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via unspecified vectors.
Plone Plone 4.2
Plone Plone 4.1.6
Plone Plone 4.1.5
Plone Plone 4.1.4
Plone Plone 3.3.1
Plone Plone 3.3
Plone Plone 3.2.3
Plone Plone 3.2.2
Plone Plone 3.0.3
Plone Plone 3.0.2
Plone Plone 3.0.1
Plone Plone 3.0
Plone Plone 2.0.3
Plone Plone 2.0.2
Plone Plone 2.0.1
Plone Plone 2.0
Plone Plone
Plone Plone 4.1
Plone Plone 4.0.5
Plone Plone 3.3.4
Plone Plone 3.3.2
Plone Plone 3.2.1
383
VMScore
CVE-2012-5507
AccessControl/AuthEncoding.py in Zope prior to 2.13.19, as used in Plone prior to 4.2.3 and 4.3 before beta 1, allows remote malicious users to obtain passwords via vectors involving timing discrepancies in password validation.
Zope Zope 2.10.3
Zope Zope 2.11.3
Zope Zope 2.6.1
Zope Zope 2.7.0
Zope Zope 2.7.7
Zope Zope 2.8.1
Zope Zope 2.9.5
Zope Zope 2.9.7
Zope Zope 2.10.8
Zope Zope 2.11.0
Zope Zope 2.11.1
Zope Zope 2.11.2
Zope Zope 2.8.6
Zope Zope 2.8.8
Zope Zope 2.9.2
Zope Zope 2.9.3
Zope Zope 2.7.3
Zope Zope 2.7.4
Zope Zope 2.7.5
Zope Zope 2.7.6
Zope Zope 2.13.18
Zope Zope 2.5.1
570
VMScore
CVE-2012-5486
ZPublisher.HTTPRequest._scrubHeader in Zope 2 prior to 2.13.19, as used in Plone prior to 4.3 beta 1, allows remote malicious users to inject arbitrary HTTP headers via a linefeed (LF) character.
Plone Plone 3.3
Plone Plone 1.0
Plone Plone 4.2
Plone Plone 4.0.5
Plone Plone 3.0.1
Plone Plone 1.0.3
Plone Plone 3.0
Plone Plone 3.2.3
Plone Plone 3.1.4
Plone Plone 3.1.5.1
Plone Plone 4.2.0.1
Plone Plone 2.1.4
Plone Plone 4.0.2
Plone Plone 4.2.1.1
Plone Plone 3.3.5
Plone Plone 3.0.6
Plone Plone 2.5.4
Plone Plone 3.2
Plone Plone 3.1.1
Plone Plone 4.3
Plone Plone 2.1.1
Plone Plone 3.3.4
445
VMScore
CVE-2002-0687
The "through the web code" capability for Zope 2.0 up to and including 2.5.1 b1 allows untrusted users to shut down the Zope server via certain headers.
Zope Zope
383
VMScore
CVE-2021-33507
Zope Products.CMFCore prior to 2.5.1 and Products.PluggableAuthService prior to 2.6.2, as used in Plone up to and including 5.2.4 and other products, allow Reflected XSS.
Plone Plone
Zope Zope
668
VMScore
CVE-2007-5741
Plone 2.5 up to and including 2.5.4 and 3.0 up to and including 3.0.2 allows remote malicious users to execute arbitrary Python code via network data containing pickled objects for the (1) statusmessages or (2) linkintegrity module, which the module unpickles and executes.
Plone Plone 2.5
Plone Plone 2.5.1
Plone Plone 2.5 Beta1
Plone Plone 3.0
Plone Plone 3.0.1
Plone Plone 3.0.2
Plone Plone 2.5.1 Rc
Plone Plone 2.5.4
445
VMScore
CVE-2012-6661
Zope prior to 2.13.19, as used in Plone prior to 4.2.3 and 4.3 before beta 1, does not reseed the pseudo-random number generator (PRNG), which makes it easier for remote malicious users to guess the value via unspecified vectors. NOTE: this issue was SPLIT from CVE-2012-5508 due ...
Plone Plone 4.1.4
Plone Plone 4.0.6.1
Plone Plone 3.3.5
Plone Plone 3.3.3
Plone Plone 3.2.2
Plone Plone 3.2
Plone Plone 3.1.1
Plone Plone 3.0.6
Plone Plone 2.5.5
Plone Plone 2.5.3
Plone Plone 2.1.3
Plone Plone 2.1.1
Plone Plone 2.0
Plone Plone 1.0.5
Plone Plone 4.0.5
Plone Plone 4.0.4
Plone Plone 4.0.3
Plone Plone 4.0.2
Plone Plone 4.0.1
Plone Plone 3.1.6
Plone Plone 3.1.5.1
Plone Plone 3.1.4
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »