Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ez ez publish vulnerabilities and exploits
(subscribe to this query)
890
VMScore
CVE-2007-4493
eZ publish prior to 3.8.9, and 3.9 prior to 3.9.3, does not properly check permissions on module views that lack a policy function, which has unknown impact and attack vectors, as demonstrated by a vulnerability in the discount functionality in the shop module.
Ez Ez Publish 3.9.0
Ez Ez Publish 3.9.1
Ez Ez Publish
Ez Ez Publish 3.9.2
312
VMScore
CVE-2005-4855
Unrestricted file upload vulnerability in eZ publish 3.5 prior to 3.5.5, 3.6 prior to 3.6.2, 3.7 prior to 3.7.0rc2, and 3.8 prior to 20050922 does not restrict Image datatype uploads to image content types, which allows remote authenticated users to upload certain types of files,...
Ez Ez Publish
Ez Ez Publish 3.7.0
Ez Ez Publish 3.8.0
605
VMScore
CVE-2012-4053
Cross-site request forgery (CSRF) vulnerability in eZOE flash player in eZ Publish 4.1 up to and including 4.6 allows remote malicious users to hijack the authentication of unspecified victims via unknown vectors.
Ez Ez Publish 4.1.0
Ez Ez Publish 4.2.0
Ez Ez Publish 4.3.0
668
VMScore
CVE-2020-10806
eZ Publish Kernel prior to 5.4.14.1, 6.x prior to 6.13.6.2, and 7.x prior to 7.5.6.2 and eZ Publish Legacy prior to 5.4.14.1, 2017 prior to 2017.12.7.2, and 2019 prior to 2019.03.4.2 allow remote malicious users to execute arbitrary code by uploading PHP code, unless the vhost co...
Ez Ez Publish-kernel
Ez Ez Publish-legacy
356
VMScore
CVE-2006-7218
eZ publish prior to 3.8.1 does not properly enforce permissions for "content edit Language" when there are four or more languages, which allows remote authenticated users to perform translations into languages that are not listed in a Module Function Limitation policy.
Ez Ez Publish
383
VMScore
CVE-2017-1000431
eZ Systems eZ Publish version 5.4.0 to 5.4.9, and 5.3.12 and older, is vulnerable to an XSS issue in the search module, resulting in a risk of attackers injecting scripts which may e.g. steal authentication credentials.
Ez Ez Publish
445
VMScore
CVE-2005-4852
The siteaccess URIMatching implementation in eZ publish 3.5 up to and including 3.8 prior to 20050812 converts all non-alphanumeric characters in a URI to '_' (underscore), which allows remote malicious users to bypass access restrictions by inserting certain characters...
Ez Ez Publish
356
VMScore
CVE-2005-4851
eZ publish 3.4.4 up to and including 3.7 prior to 20050722 applies certain permissions on the node level, which allows remote authenticated users to bypass the original permissions on embedded objects in XML fields and read these objects.
Ez Ez Publish
356
VMScore
CVE-2006-7219
eZ publish prior to 3.8.5 does not properly enforce permissions for editing in a specific language, which allows remote authenticated users to create a draft in an unauthorized language by editing an archived version of an object, and then using Manage Versions to copy this versi...
Ez Ez Publish
445
VMScore
CVE-2005-4850
eZ publish 3.5 up to and including 3.7 prior to 20050608 requires both edit and create permissions in order to submit data, which allows remote malicious users to edit data submitted by arbitrary anonymous users.
Ez Ez Publish
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »