The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Zope 2

vulnerability bulletin 28473

Zope2: information disclosure via Fields Password String

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Fields Password String of Zope2, in order to obtain sensitive information.
Impacted products: Zope 2.
Severity: 1/4.
Consequences: data reading.
Provenance: user shell.
Creation date: 11/02/2019.
Identifiers: VIGILANCE-VUL-28473.

Description of the vulnerability

An attacker can bypass access restrictions to data via Fields Password String of Zope2, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note 27839

Zope 2: information disclosure via Passw String

Synthesis of the vulnerability

An attacker can bypass access restrictions to data via Passw String of Zope 2, in order to obtain sensitive information.
Impacted products: Zope 2.
Severity: 2/4.
Consequences: data reading.
Provenance: internet server.
Creation date: 20/11/2018.
Identifiers: VIGILANCE-VUL-27839.

Description of the vulnerability

An attacker can bypass access restrictions to data via Passw String of Zope 2, in order to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce 27717

Zope 2: vulnerability

Synthesis of the vulnerability

A vulnerability of Zope 2 was announced.
Impacted products: Zope 2.
Severity: 2/4.
Consequences: unknown consequence, administrator access/rights, privileged access/rights, user access/rights, client access/rights, data reading, data creation/edition, data deletion, data flow, denial of service on server, denial of service on service, denial of service on client, disguisement.
Provenance: internet client.
Creation date: 07/11/2018.
Identifiers: VIGILANCE-VUL-27717.

Description of the vulnerability

A vulnerability of Zope 2 was announced.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert 21616

Zope 2: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Zope 2.
Impacted products: Zope 2.
Severity: 2/4.
Consequences: client access/rights, data reading.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 18/01/2017.
Revision date: 16/02/2017.
Identifiers: VIGILANCE-VUL-21616.

Description of the vulnerability

Several vulnerabilities were announced in Zope 2.

An attacker can trigger a Cross Site Scripting via findResult, in order to run JavaScript code in the context of the web site. [severity:2/4]

An attacker can bypass security features via str.format, in order to escalate his privileges. [severity:2/4]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce 21587

Zope 2: Cross Site Scripting via manage_tabs and manage_container

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via manage_tabs, manage_container of Zope 2, in order to run JavaScript code in the context of the web site.
Impacted products: Zope 2.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 16/01/2017.
Identifiers: 1995972, VIGILANCE-VUL-21587.

Description of the vulnerability

The Zope 2 product offers a web service.

However, it does not filter received processed in "manage_tabs" and "manage_container" before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting via manage_tabs, manage_container of Zope 2, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce 21457

Zope 2: Cross Site Scripting via manage_tabs

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting via manage_tabs of Zope 2, in order to run JavaScript code in the context of the web site.
Impacted products: Zope 2.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 22/12/2016.
Identifiers: VIGILANCE-VUL-21457.

Description of the vulnerability

The Zope 2 product offers a web service.

However, it does not filter received data via manage_tabs before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting via manage_tabs of Zope 2, in order to run JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

vulnerability note 18054

Zope Management Interface: Cross Site Request Forgery

Synthesis of the vulnerability

An attacker can trigger a Cross Site Request Forgery of Zope Management Interface, in order to force the victim to perform operations.
Impacted products: Zope 2, BlueBream.
Severity: 2/4.
Consequences: user access/rights.
Provenance: internet client.
Creation date: 07/10/2015.
Identifiers: VIGILANCE-VUL-18054.

Description of the vulnerability

The Zope Management Interface product offers a web service.

However, the origin of queries is not checked. They can for example originate from an image included in an HTML document.

An attacker can therefore trigger a Cross Site Request Forgery of Zope Management Interface, in order to force the victim to perform operations.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2009-5145

Zope: Cross Site Scripting of Products.PluggableAuthService

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting in Products.PluggableAuthService of Zope, in order to execute JavaScript code in the context of the web site.
Impacted products: Zope 2.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 03/03/2015.
Identifiers: CVE-2009-5145, VIGILANCE-VUL-16291.

Description of the vulnerability

The Zope product offers a web service.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting in Products.PluggableAuthService of Zope, in order to execute JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert 13136

Zope: denial of service via zlib

Synthesis of the vulnerability

An attacker can use a malicious cookie, in order to trigger a denial of service in zlib of Zope.
Impacted products: Zope 2.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: document.
Creation date: 17/07/2013.
Identifiers: VIGILANCE-VUL-13136.

Description of the vulnerability

An attacker can use a malicious cookie, in order to trigger a denial of service in zlib of Zope.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2012-5485 CVE-2012-5486 CVE-2012-5487

Zope: several vulnerabilities

Synthesis of the vulnerability

Several vulnerabilities of Zope were announced.
Impacted products: RHEL, Zope 2, BlueBream.
Severity: 2/4.
Consequences: unknown consequence, administrator access/rights, privileged access/rights, user access/rights, client access/rights, data reading, data creation/edition, data deletion, data flow, denial of service on server, denial of service on service, denial of service on client, disguisement.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 25.
Creation date: 12/11/2012.
Identifiers: 20121106, CVE-2012-5485, CVE-2012-5486, CVE-2012-5487, CVE-2012-5488, CVE-2012-5489, CVE-2012-5490, CVE-2012-5491, CVE-2012-5492, CVE-2012-5493, CVE-2012-5494, CVE-2012-5495, CVE-2012-5496, CVE-2012-5497, CVE-2012-5498, CVE-2012-5499, CVE-2012-5500, CVE-2012-5501, CVE-2012-5502, CVE-2012-5503, CVE-2012-5504, CVE-2012-5505, CVE-2012-5506, CVE-2012-5507, CVE-2012-5508, CVE-2012-6661, RHSA-2014:1194-01, VIGILANCE-VUL-12129.

Description of the vulnerability

A hotfix was published for Plone, a CMS based on Zope.

Several corrected vulnerabilities also impact Zope.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Zope 2: