The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Zope 2

computer vulnerability alert 21616

Zope 2: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Zope 2.
Impacted products: Zope 2.
Severity: 2/4.
Creation date: 18/01/2017.
Revision date: 16/02/2017.
Identifiers: VIGILANCE-VUL-21616.

Description of the vulnerability

Several vulnerabilities were announced in Zope 2.

An attacker can trigger a Cross Site Scripting via findResult, in order to run JavaScript code in the context of the web site. [severity:2/4]

An attacker can bypass security features via str.format, in order to escalate his privileges. [severity:2/4]
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce 21587

Zope 2: Cross Site Scripting via manage_tabs and manage_container

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via manage_tabs, manage_container of Zope 2, in order to run JavaScript code in the context of the web site.
Impacted products: Zope 2.
Severity: 2/4.
Creation date: 16/01/2017.
Identifiers: 1995972, VIGILANCE-VUL-21587.

Description of the vulnerability

The Zope 2 product offers a web service.

However, it does not filter received processed in "manage_tabs" and "manage_container" before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting via manage_tabs, manage_container of Zope 2, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability announce 21457

Zope 2: Cross Site Scripting via manage_tabs

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via manage_tabs of Zope 2, in order to run JavaScript code in the context of the web site.
Impacted products: Zope 2.
Severity: 2/4.
Creation date: 22/12/2016.
Identifiers: VIGILANCE-VUL-21457.

Description of the vulnerability

The Zope 2 product offers a web service.

However, it does not filter received data via manage_tabs before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting via manage_tabs of Zope 2, in order to run JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability note 18054

Zope Management Interface: Cross Site Request Forgery

Synthesis of the vulnerability

An attacker can trigger a Cross Site Request Forgery of Zope Management Interface, in order to force the victim to perform operations.
Impacted products: Zope 2, BlueBream.
Severity: 2/4.
Creation date: 07/10/2015.
Identifiers: VIGILANCE-VUL-18054.

Description of the vulnerability

The Zope Management Interface product offers a web service.

However, the origin of queries is not checked. They can for example originate from an image included in an HTML document.

An attacker can therefore trigger a Cross Site Request Forgery of Zope Management Interface, in order to force the victim to perform operations.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability alert CVE-2009-5145

Zope: Cross Site Scripting of Products.PluggableAuthService

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting in Products.PluggableAuthService of Zope, in order to execute JavaScript code in the context of the web site.
Impacted products: Zope 2.
Severity: 2/4.
Creation date: 03/03/2015.
Identifiers: CVE-2009-5145, VIGILANCE-VUL-16291.

Description of the vulnerability

The Zope product offers a web service.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting in Products.PluggableAuthService of Zope, in order to execute JavaScript code in the context of the web site.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert 13136

Zope: denial of service via zlib

Synthesis of the vulnerability

An attacker can use a malicious cookie, in order to trigger a denial of service in zlib of Zope.
Impacted products: Zope 2.
Severity: 2/4.
Creation date: 17/07/2013.
Identifiers: VIGILANCE-VUL-13136.

Description of the vulnerability

An attacker can use a malicious cookie, in order to trigger a denial of service in zlib of Zope.

Technical details are unknown.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability note CVE-2012-5485 CVE-2012-5486 CVE-2012-5487

Zope: several vulnerabilities

Synthesis of the vulnerability

Several vulnerabilities of Zope were announced.
Impacted products: RHEL, Zope 2, BlueBream.
Severity: 2/4.
Creation date: 12/11/2012.
Identifiers: 20121106, CVE-2012-5485, CVE-2012-5486, CVE-2012-5487, CVE-2012-5488, CVE-2012-5489, CVE-2012-5490, CVE-2012-5491, CVE-2012-5492, CVE-2012-5493, CVE-2012-5494, CVE-2012-5495, CVE-2012-5496, CVE-2012-5497, CVE-2012-5498, CVE-2012-5499, CVE-2012-5500, CVE-2012-5501, CVE-2012-5502, CVE-2012-5503, CVE-2012-5504, CVE-2012-5505, CVE-2012-5506, CVE-2012-5507, CVE-2012-5508, CVE-2012-6661, RHSA-2014:1194-01, VIGILANCE-VUL-12129.

Description of the vulnerability

A hotfix was published for Plone, a CMS based on Zope.

Several corrected vulnerabilities also impact Zope.

Technical details are unknown.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability alert 11926

Zope: vulnerabilities of AccessControl

Synthesis of the vulnerability

An attacker can use two vulnerabilities of AccessControl, in order access to Zope.
Impacted products: Unix (platform) ~ not comprehensive, Zope 2.
Severity: 2/4.
Creation date: 10/09/2012.
Identifiers: 1047318, VIGILANCE-VUL-11926.

Description of the vulnerability

The AccessControl module processes Zope2 authentication. It is impacted by two vulnerabilities.

A restricted module can import code. [severity:2/4; 1047318]

An attacker can override the rolesForPermissionOn variable of ZopeSecurityPolicy.py. [severity:2/4]

An attacker can therefore use two vulnerabilities of AccessControl, in order access to Zope.
Complete Vigil@nce bulletin.... (Free trial)

computer vulnerability CVE-2011-4924

Zope 2: Cross Site Scripting via standard_error_message

Synthesis of the vulnerability

An attacker can generate a Cross Site Scripting in the error template of Zope version 2.
Impacted products: Zope 2.
Severity: 2/4.
Creation date: 19/01/2012.
Identifiers: CVE-2010-1104-ERROR, CVE-2011-4924, VIGILANCE-VUL-11305.

Description of the vulnerability

The bulletin VIGILANCE-VUL-9343 describes a Cross Site Scripting in the error template of Zope version 2.

However, an attack variant was not corrected.

An attacker can therefore generate a Cross Site Scripting in the error template of Zope version 2.
Complete Vigil@nce bulletin.... (Free trial)

vulnerability bulletin 11213

Zope: vulnerability of authentication

Synthesis of the vulnerability

An attacker can use a vulnerability of authentication.
Impacted products: Zope 2.
Severity: 3/4.
Creation date: 13/12/2011.
Identifiers: VIGILANCE-VUL-11213.

Description of the vulnerability

An attacker can use a vulnerability of authentication.

Technical details are unknown.
Complete Vigil@nce bulletin.... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Zope 2: