| The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them. |
|
 |
|
|
Computer vulnerabilities of Zope 2
Zope 2: two vulnerabilities
Synthesis of the vulnerability
An attacker can use several vulnerabilities of Zope 2.
Impacted products: Zope 2.
Severity: 2/4.
Creation date: 18/01/2017.
Revision date: 16/02/2017.
Identifiers: VIGILANCE-VUL-21616.
Description of the vulnerability
Several vulnerabilities were announced in Zope 2.
An attacker can trigger a Cross Site Scripting via findResult, in order to run JavaScript code in the context of the web site. [severity:2/4]
An attacker can bypass security features via str.format, in order to escalate his privileges. [severity:2/4]
Complete Vigil@nce bulletin.... (Free trial) |
Zope 2: Cross Site Scripting via manage_tabs and manage_container
Synthesis of the vulnerability
An attacker can trigger a Cross Site Scripting via manage_tabs, manage_container of Zope 2, in order to run JavaScript code in the context of the web site.
Impacted products: Zope 2.
Severity: 2/4.
Creation date: 16/01/2017.
Identifiers: 1995972, VIGILANCE-VUL-21587.
Description of the vulnerability
The Zope 2 product offers a web service.
However, it does not filter received processed in "manage_tabs" and "manage_container" before inserting them in generated HTML documents.
An attacker can therefore trigger a Cross Site Scripting via manage_tabs, manage_container of Zope 2, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial) |
Zope 2: Cross Site Scripting via manage_tabs
Synthesis of the vulnerability
An attacker can trigger a Cross Site Scripting via manage_tabs of Zope 2, in order to run JavaScript code in the context of the web site.
Impacted products: Zope 2.
Severity: 2/4.
Creation date: 22/12/2016.
Identifiers: VIGILANCE-VUL-21457.
Description of the vulnerability
The Zope 2 product offers a web service.
However, it does not filter received data via manage_tabs before inserting them in generated HTML documents.
An attacker can therefore trigger a Cross Site Scripting via manage_tabs of Zope 2, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial) |
Zope Management Interface: Cross Site Request Forgery
Synthesis of the vulnerability
An attacker can trigger a Cross Site Request Forgery of Zope Management Interface, in order to force the victim to perform operations.
Impacted products: Zope 2, BlueBream.
Severity: 2/4.
Creation date: 07/10/2015.
Identifiers: VIGILANCE-VUL-18054.
Description of the vulnerability
The Zope Management Interface product offers a web service.
However, the origin of queries is not checked. They can for example originate from an image included in an HTML document.
An attacker can therefore trigger a Cross Site Request Forgery of Zope Management Interface, in order to force the victim to perform operations.
Complete Vigil@nce bulletin.... (Free trial) |
Zope: Cross Site Scripting of Products.PluggableAuthService
Synthesis of the vulnerability
An attacker can trigger a Cross Site Scripting in Products.PluggableAuthService of Zope, in order to execute JavaScript code in the context of the web site.
Impacted products: Zope 2.
Severity: 2/4.
Creation date: 03/03/2015.
Identifiers: CVE-2009-5145, VIGILANCE-VUL-16291.
Description of the vulnerability
The Zope product offers a web service.
However, it does not filter received data before inserting them in generated HTML documents.
An attacker can therefore trigger a Cross Site Scripting in Products.PluggableAuthService of Zope, in order to execute JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial) |
Zope: denial of service via zlib
Synthesis of the vulnerability
An attacker can use a malicious cookie, in order to trigger a denial of service in zlib of Zope.
Impacted products: Zope 2.
Severity: 2/4.
Creation date: 17/07/2013.
Identifiers: VIGILANCE-VUL-13136.
Description of the vulnerability
An attacker can use a malicious cookie, in order to trigger a denial of service in zlib of Zope.
Technical details are unknown.
Complete Vigil@nce bulletin.... (Free trial) |
Zope: several vulnerabilities
Synthesis of the vulnerability
Several vulnerabilities of Zope were announced.
Impacted products: RHEL, Zope 2, BlueBream.
Severity: 2/4.
Creation date: 12/11/2012.
Identifiers: 20121106, CVE-2012-5485, CVE-2012-5486, CVE-2012-5487, CVE-2012-5488, CVE-2012-5489, CVE-2012-5490, CVE-2012-5491, CVE-2012-5492, CVE-2012-5493, CVE-2012-5494, CVE-2012-5495, CVE-2012-5496, CVE-2012-5497, CVE-2012-5498, CVE-2012-5499, CVE-2012-5500, CVE-2012-5501, CVE-2012-5502, CVE-2012-5503, CVE-2012-5504, CVE-2012-5505, CVE-2012-5506, CVE-2012-5507, CVE-2012-5508, CVE-2012-6661, RHSA-2014:1194-01, VIGILANCE-VUL-12129.
Description of the vulnerability
A hotfix was published for Plone, a CMS based on Zope.
Several corrected vulnerabilities also impact Zope.
Technical details are unknown.
Complete Vigil@nce bulletin.... (Free trial) |
Zope: vulnerabilities of AccessControl
Synthesis of the vulnerability
An attacker can use two vulnerabilities of AccessControl, in order access to Zope.
Impacted products: Unix (platform) ~ not comprehensive, Zope 2.
Severity: 2/4.
Creation date: 10/09/2012.
Identifiers: 1047318, VIGILANCE-VUL-11926.
Description of the vulnerability
The AccessControl module processes Zope2 authentication. It is impacted by two vulnerabilities.
A restricted module can import code. [severity:2/4; 1047318]
An attacker can override the rolesForPermissionOn variable of ZopeSecurityPolicy.py. [severity:2/4]
An attacker can therefore use two vulnerabilities of AccessControl, in order access to Zope.
Complete Vigil@nce bulletin.... (Free trial) |
Zope 2: Cross Site Scripting via standard_error_message
Synthesis of the vulnerability
An attacker can generate a Cross Site Scripting in the error template of Zope version 2.
Impacted products: Zope 2.
Severity: 2/4.
Creation date: 19/01/2012.
Identifiers: CVE-2010-1104-ERROR, CVE-2011-4924, VIGILANCE-VUL-11305.
Description of the vulnerability
The bulletin VIGILANCE-VUL-9343 describes a Cross Site Scripting in the error template of Zope version 2.
However, an attack variant was not corrected.
An attacker can therefore generate a Cross Site Scripting in the error template of Zope version 2.
Complete Vigil@nce bulletin.... (Free trial) |
Zope: vulnerability of authentication
Synthesis of the vulnerability
An attacker can use a vulnerability of authentication.
Impacted products: Zope 2.
Severity: 3/4.
Creation date: 13/12/2011.
Identifiers: VIGILANCE-VUL-11213.
Description of the vulnerability
An attacker can use a vulnerability of authentication.
Technical details are unknown.
Complete Vigil@nce bulletin.... (Free trial) |
Our database contains other pages. You can request a free trial to read them.
Display information about Zope 2:
|