Zope

Zope

36 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2012-5507

  • EPSS 0.28%
  • Veröffentlicht 30.09.2014 14:55:06
  • Zuletzt bearbeitet 12.04.2025 10:46:40

AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote attackers to obtain passwords via vectors involving timing discrepancies in password validation.

6.5

CVE-2012-5489

  • EPSS 0.58%
  • Veröffentlicht 30.09.2014 14:55:06
  • Zuletzt bearbeitet 12.04.2025 10:46:40

The App.Undo.UndoSupport.get_request_var_or_attr function in Zope before 2.12.21 and 3.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via unspecified...

6.4

CVE-2012-5486

  • EPSS 0.82%
  • Veröffentlicht 30.09.2014 14:55:05
  • Zuletzt bearbeitet 12.04.2025 10:46:40

ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used in Plone before 4.3 beta 1, allows remote attackers to inject arbitrary HTTP headers via a linefeed (LF) character.

9.3

CVE-2011-3587

  • EPSS 90.59%
  • Veröffentlicht 10.10.2011 10:55:06
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2, allows remote attackers to execute arbitrary commands via vectors related to the p_ class in OFS/misc_.py and the use of Python mod...

7.5

CVE-2011-2528

  • EPSS 0.59%
  • Veröffentlicht 19.07.2011 20:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Unspecified vulnerability in (1) Zope 2.12.x before 2.12.19 and 2.13.x before 2.13.8, as used in Plone 4.x and other products, and (2) PloneHotfix20110720 for Plone 3.x allows attackers to gain privileges via unspecified vectors, related to a "highly...

4.3

CVE-2010-3198

Exploit
  • EPSS 0.86%
  • Veröffentlicht 08.09.2010 20:00:04
  • Zuletzt bearbeitet 11.04.2025 00:51:21

ZServer in Zope 2.10.x before 2.10.12 and 2.11.x before 2.11.7 allows remote attackers to cause a denial of service (crash of worker threads) via vectors that trigger uncaught exceptions.

4.3

CVE-2010-1104

  • EPSS 0.44%
  • Veröffentlicht 25.03.2010 17:30:00
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in Zope 2.8.x before 2.8.12, 2.9.x before 2.9.12, 2.10.x before 2.10.11, 2.11.x before 2.11.6, and 2.12.x before 2.12.3 allows remote attackers to inject arbitrary web script or HTML via vectors related to err...

4

CVE-2008-5102

  • EPSS 11.2%
  • Veröffentlicht 17.11.2008 18:18:47
  • Zuletzt bearbeitet 09.04.2025 00:30:58

PythonScripts in Zope 2 2.11.2 and earlier, as used in Conga and other products, allows remote authenticated users to cause a denial of service (resource consumption or application halt) via certain (1) raise or (2) import statements.

4.3

CVE-2007-0240

  • EPSS 0.79%
  • Veröffentlicht 22.03.2007 18:19:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Cross-site scripting (XSS) vulnerability in Zope 2.10.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a HTTP GET request.

5

CVE-2006-4684

  • EPSS 0.71%
  • Veröffentlicht 19.09.2006 18:07:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

The docutils module in Zope (Zope2) 2.7.0 through 2.7.9 and 2.8.0 through 2.8.8 does not properly handle web pages with reStructuredText (reST) markup, which allows remote attackers to read arbitrary files via a csv_table directive, a different vulne...