Ez

Ez Publish

20 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2006-0938

Exploit
  • EPSS 0.5%
  • Veröffentlicht 01.03.2006 02:02:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in eZ publish 3.7.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the RefererURL parameter.

4

CVE-2005-4857

  • EPSS 0.54%
  • Veröffentlicht 31.12.2005 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty Search...

5

CVE-2005-4856

  • EPSS 0.33%
  • Veröffentlicht 31.12.2005 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

The admin interface in eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051110 does not properly handle authorization errors, which allows remote attackers to obtain sensitive information and see the admin pagelayout ...

3.5

CVE-2005-4855

  • EPSS 0.2%
  • Veröffentlicht 31.12.2005 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Unrestricted file upload vulnerability in eZ publish 3.5 before 3.5.5, 3.6 before 3.6.2, 3.7 before 3.7.0rc2, and 3.8 before 20050922 does not restrict Image datatype uploads to image content types, which allows remote authenticated users to upload c...

5

CVE-2005-4854

  • EPSS 0.25%
  • Veröffentlicht 31.12.2005 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

eZ publish 3.5 through 3.7 before 20050830 does not use a folder's read permissions to restrict notifications, which allows remote authenticated users to obtain sensitive information about changes to content in arbitrary folders.

9.4

CVE-2005-4853

  • EPSS 0.5%
  • Veröffentlicht 31.12.2005 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

The default configuration of the forum package in eZ publish 3.5 before 3.5.5, 3.6 before 3.6.2, 3.7 before 3.7.0rc2, and 3.8 before 20050818 does not restrict edit permissions to a posting's owner, which allows remote authenticated users to edit arb...

5

CVE-2005-4852

  • EPSS 0.18%
  • Veröffentlicht 31.12.2005 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

The siteaccess URIMatching implementation in eZ publish 3.5 through 3.8 before 20050812 converts all non-alphanumeric characters in a URI to '_' (underscore), which allows remote attackers to bypass access restrictions by inserting certain characters...

4

CVE-2005-4851

  • EPSS 0.15%
  • Veröffentlicht 31.12.2005 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

eZ publish 3.4.4 through 3.7 before 20050722 applies certain permissions on the node level, which allows remote authenticated users to bypass the original permissions on embedded objects in XML fields and read these objects.

5

CVE-2005-4850

  • EPSS 0.25%
  • Veröffentlicht 31.12.2005 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

eZ publish 3.5 through 3.7 before 20050608 requires both edit and create permissions in order to submit data, which allows remote attackers to edit data submitted by arbitrary anonymous users.

6.8

CVE-2003-0310

  • EPSS 0.37%
  • Veröffentlicht 16.06.2003 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in articleview.php for eZ publish 2.2 allows remote attackers to insert arbitrary web script.