Nidelven IT - All about Python, Zope & Plone - and Open Source!

Here you'll find issues related to our services. Mostly about Python, Zope and Plone, as well as hosting-related issues.

"Keeping IT real"

Older entries

Learning things the hackish way
Company website upgrade & update, now and then
Merry Christmas - happy new year, God Jul - godt nytt år, Feliz Navidad - feliz año nuevo!
Company website upgrade, day 3.5
Company website upgrade, day 2&3
Company website upgrade, day 1
Downtime on email
Plone vulnerability info
2 new products released, PloneboardComments and CalendarListingPortlet
Functional testing - there's no excuse now
New releases of MegamanicEdit and Products.MegamanicEditContentTypes
Scheduled downtime on metallica
collective.easyslider and AttributeError: 'NoneType' object has no attribute 'getData'
Discovering sets. . What? That fast?
Products.SimpleCalendar - new (but yet old) accessible calendar for Plone
Printing and recursion, a printer for list, tuple and dictionary
Making PatchPloneContent play nicely with blobs
Downtime on email
Scheduled downtime on homla
List comprehensions vs filter and for loop [update 2]
New releases of MegamanicEdit and Products.MegamanicEditContentTypes
Some accessibility improvements, ScreenReaderNavigation
Products.BlobNewsItem - strange issues and new release
Are those eggs on my face? Proper development-release cycle
Python style & flexibility, tabs or spaces
Updates to MegamanicEdit and Products.MegamanicEditContentTypes
Minimalistic Python, Python as a system administration language
An event with extended attendee handling, updates to ME and MECT
Products.MegamanicEditContentTypes - a new content class group
Products.RFC822AddressFieldValidator - A sparse beginning
New beta release of email_backport
Products.NewsPage - for powerusers
Scheduled downtime on mail
Working on a simple mailing package + MegamanicEdit Content Types and GrailTact
email_backport - modern email package for older Python versions
Python-only or Python related
A little about Products.EnhancedNewsItemImage
Products.ForumPage
Issues with email
Page Templates slots - Necessity is the mother of invention
Paid Support simplified and reduced
All about contacts and multiediting
If they're serious about standards..
Automating Plone setups - Faking a Zope user
Plone news items with blob storage!
Terms of service, per 2012-02-20
Clearing out an old mess the backwards way
Problems with email
New pricing for consulting time, new customers
New pricing for consulting time
Accessibility
Zope/Plone Security vulnerability: Privilege escalation
Multiple vulnerabilities discovered in Zope/Plone
DoS discovered in Zope PAS
New hosting partner Copyleft, Nidelven IT LTD focuses on consulting
Notice on server security May 2010
Sporadic limited outages on begna
Scheduled Downtime
Planned downtime on servers
Terms of service, per 2011-04-08
Main server (FBD)
Unexpected downtime
Some information about the upcoming Plone patch
Scheduled downtime, email
Update on mitigation procedure
Plone vulnerability (privilege escalation)
Oasis is being decomissioned
reload being decomissioned
Unscheduled downtime on email
Upgrades 25% complete
Scheduled upgrades and downtime
Possible downtime tonight on mail
Merry Christmas and a happy new year
More load related problems on fbd
Load problems on fbd
Issues with begna
Moving shared.nidelven-it.no to new server
Another update on connectivity issues
Update on connectivity issues
Connectivity issues (firewall/routing)
Misuse of domain, backscatter
Server issues for thewall yesterday
Terms of service, per 2010-12-01
Planned downtime on webmail
Servers reboots
Some servers will be rebooted tomorrow
Slow disks, migrations
Scheduled downtime on infernal-love
Terms of service, per 2010-10-20 (updated ToS link)
Terms of service, per 2010-10-19
Server restarts, migration to faster disks
Servers restarts, faster disks (migration)
Urgent maintenance on begna and vorma
Scheduled downtime on infernal-love
Plone HTML injection vulnerability
Maintenance on infernal-love
Planned downtime on servers
Scheduled maintenance on metallica.nidelven-it.no
Scheduled downtime on metallica
Problems with SMTP services on metallica

Atom - Subscribe - Categories

Previous | Next

DoS discovered in Zope PAS

A Denial-of-Service has been discovered in Zope's PAS module:

https://bugs.launchpad.net/zope-pas/+bug/789858

Where a logged-in user can change their username to someone else's and by doing so, deny the user with the other username authenticated access.

We don't see this bug being serious enough to warrant a patch as it isn't a privilege escalation, and we also believe it would affect a small share of our hosting customers.

[Permalink] [By morphex] [Zope instance management (Atom feed)] [2011 31 May 07:25 GMT+2]

Nidelven IT - All about Python, Zope & Plone - and Open Source!

Older entries

DoS discovered in Zope PAS

Add comment (text format)