Vulnerabilities > Zope > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-11-17 | CVE-2008-5102 | Resource Management Errors vulnerability in Zope PythonScripts in Zope 2 2.11.2 and earlier, as used in Conga and other products, allows remote authenticated users to cause a denial of service (resource consumption or application halt) via certain (1) raise or (2) import statements. | 4.0 |
| 2007-03-22 | CVE-2007-0240 | HTML Injection vulnerability in Zope HTTP Get Request Cross-site scripting (XSS) vulnerability in Zope 2.10.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a HTTP GET request. network zope | 4.3 |
| 2006-09-19 | CVE-2006-4684 | Information Disclosure vulnerability in Zope CSV_Table The docutils module in Zope (Zope2) 2.7.0 through 2.7.9 and 2.8.0 through 2.8.8 does not properly handle web pages with reStructuredText (reST) markup, which allows remote attackers to read arbitrary files via a csv_table directive, a different vulnerability than CVE-2006-3458. | 5.0 |
| 2002-07-23 | CVE-2002-0687 | Remote Denial Of Service vulnerability in Zope 2.5.1 The "through the web code" capability for Zope 2.0 through 2.5.1 b1 allows untrusted users to shut down the Zope server via certain headers. | 5.0 |
| 2001-08-14 | CVE-2001-0567 | Denial-Of-Service vulnerability in Zope 7.1/7.2 Digital Creations Zope 2.3.2 and earlier allows a local attacker to gain additional privileges via the changing of ZClass permission mappings for objects and methods in the ZClass. | 4.6 |
| 2000-12-18 | CVE-2000-1212 | Unspecified vulnerability in Zope Zope 2.2.0 through 2.2.4 does not properly protect a data updating method on Image and File objects, which allows attackers with DTML editing privileges to modify the raw data of these objects. | 5.0 |