Lucene search

K
EzEz Publish

20 matches found

CVE
CVE
added 2012/10/06 9:55 p.m.48 views

CVE-2012-1565

Unspecified vulnerability in ez Publish 4.1.4, 4.2, 4.3, 4.4, 4.5, and 4.6 has unknown impact and attack vectors related to an insecure direct object reference.

7.5CVSS6.6AI score0.01752EPSS
CVE
CVE
added 2009/07/02 10:30 a.m.47 views

CVE-2008-6844

The registration view (/user/register) in eZ Publish 3.5.6 and earlier, and possibly other versions before 3.9.5, 3.10.1, and 4.0.1, allows remote attackers to gain privileges as other users via modified ContentObjectAttribute_data_user_login_30, ContentObjectAttribute_data_user_password_30, and ot...

7.5CVSS7.2AI score0.02382EPSS
CVE
CVE
added 2018/01/02 8:29 p.m.47 views

CVE-2017-1000431

eZ Systems eZ Publish version 5.4.0 to 5.4.9, and 5.3.12 and older, is vulnerable to an XSS issue in the search module, resulting in a risk of attackers injecting scripts which may e.g. steal authentication credentials.

6.1CVSS6.1AI score0.00292EPSS
CVE
CVE
added 2003/06/16 4:0 a.m.46 views

CVE-2003-0310

Cross-site scripting (XSS) vulnerability in articleview.php for eZ publish 2.2 allows remote attackers to insert arbitrary web script.

6.8CVSS5.9AI score0.00367EPSS
CVE
CVE
added 2010/07/08 10:30 p.m.43 views

CVE-2010-2672

Multiple SQL injection vulnerabilities in eZ Publish 3.7.0 through 4.2.0 allow remote attackers to execute arbitrary SQL commands via the (1) SectionID and (2) SearchTimestamp parameters to the search feature and the (3) SearchContentClassAttributeID parameter to the advancedsearch feature.

7.5CVSS8.8AI score0.00836EPSS
CVE
CVE
added 2007/07/06 7:30 p.m.40 views

CVE-2006-7218

eZ publish before 3.8.1 does not properly enforce permissions for "content edit Language" when there are four or more languages, which allows remote authenticated users to perform translations into languages that are not listed in a Module Function Limitation policy.

4CVSS6.3AI score0.00146EPSS
CVE
CVE
added 2007/08/23 1:17 a.m.39 views

CVE-2007-4493

eZ publish before 3.8.9, and 3.9 before 3.9.3, does not properly check permissions on module views that lack a policy function, which has unknown impact and attack vectors, as demonstrated by a vulnerability in the discount functionality in the shop module.

10CVSS6.6AI score0.00554EPSS
CVE
CVE
added 2007/07/06 7:0 p.m.38 views

CVE-2005-4855

Unrestricted file upload vulnerability in eZ publish 3.5 before 3.5.5, 3.6 before 3.6.2, 3.7 before 3.7.0rc2, and 3.8 before 20050922 does not restrict Image datatype uploads to image content types, which allows remote authenticated users to upload certain types of files, as demonstrated by .js fil...

3.5CVSS5.5AI score0.00149EPSS
CVE
CVE
added 2007/07/06 7:30 p.m.37 views

CVE-2006-7219

eZ publish before 3.8.5 does not properly enforce permissions for editing in a specific language, which allows remote authenticated users to create a draft in an unauthorized language by editing an archived version of an object, and then using Manage Versions to copy this version to a new draft.

4CVSS6.3AI score0.00146EPSS
CVE
CVE
added 2007/07/06 7:0 p.m.36 views

CVE-2005-4856

The admin interface in eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051110 does not properly handle authorization errors, which allows remote attackers to obtain sensitive information and see the admin pagelayout and associated templates via a request with (1) "...

5CVSS6.1AI score0.0025EPSS
CVE
CVE
added 2007/08/23 1:17 a.m.36 views

CVE-2007-4494

The tipafriend function in eZ publish before 3.8.9, and 3.9 before 3.9.3, does not limit access by anonymous users, which allows remote attackers to conduct spam attacks.

5CVSS6.7AI score0.01039EPSS
CVE
CVE
added 2007/07/06 7:0 p.m.35 views

CVE-2005-4850

eZ publish 3.5 through 3.7 before 20050608 requires both edit and create permissions in order to submit data, which allows remote attackers to edit data submitted by arbitrary anonymous users.

5CVSS6.8AI score0.00184EPSS
CVE
CVE
added 2007/07/06 7:0 p.m.34 views

CVE-2005-4852

The siteaccess URIMatching implementation in eZ publish 3.5 through 3.8 before 20050812 converts all non-alphanumeric characters in a URI to '_' (underscore), which allows remote attackers to bypass access restrictions by inserting certain characters in a URI, as demonstrated by a request for /admi...

5CVSS6.8AI score0.00138EPSS
CVE
CVE
added 2007/07/06 7:0 p.m.34 views

CVE-2005-4857

eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a...

4CVSS6.2AI score0.00403EPSS
CVE
CVE
added 2006/03/01 2:2 a.m.34 views

CVE-2006-0938

Cross-site scripting (XSS) vulnerability in eZ publish 3.7.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the RefererURL parameter.

4.3CVSS5.7AI score0.00504EPSS
CVE
CVE
added 2012/07/25 7:55 p.m.33 views

CVE-2012-4053

Cross-site request forgery (CSRF) vulnerability in eZOE flash player in eZ Publish 4.1 through 4.6 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

6.8CVSS7.3AI score0.00142EPSS
CVE
CVE
added 2007/07/06 7:0 p.m.30 views

CVE-2005-4851

eZ publish 3.4.4 through 3.7 before 20050722 applies certain permissions on the node level, which allows remote authenticated users to bypass the original permissions on embedded objects in XML fields and read these objects.

4CVSS6.2AI score0.00109EPSS
CVE
CVE
added 2007/07/06 7:0 p.m.30 views

CVE-2005-4853

The default configuration of the forum package in eZ publish 3.5 before 3.5.5, 3.6 before 3.6.2, 3.7 before 3.7.0rc2, and 3.8 before 20050818 does not restrict edit permissions to a posting's owner, which allows remote authenticated users to edit arbitrary postings.

9.4CVSS6.4AI score0.00441EPSS
CVE
CVE
added 2010/07/08 10:30 p.m.30 views

CVE-2010-2671

Cross-site scripting (XSS) vulnerability in advancedsearch.php in eZ Publish 3.7.0 through 4.2.0 allows remote attackers to inject arbitrary web script or HTML via the subTreeItem parameter.

4.3CVSS5.9AI score0.00516EPSS
CVE
CVE
added 2007/07/06 7:0 p.m.27 views

CVE-2005-4854

eZ publish 3.5 through 3.7 before 20050830 does not use a folder's read permissions to restrict notifications, which allows remote authenticated users to obtain sensitive information about changes to content in arbitrary folders.

5CVSS5.8AI score0.0019EPSS