Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ez vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2009-1626
SQL injection vulnerability in public/specific.php in EZ-Blog before Beta 2 20090427, when magic_quotes_gpc is disabled, allows remote malicious users to execute arbitrary SQL commands via the category parameter.
Will Kraft Ez-blog
Will Kraft Ez-blog -
1 EDB exploit
2.1
CVSSv2
CVE-2003-0887
ez-ipupdate 3.0.11b7 and previous versions creates insecure temporary cache files, which allows local users to conduct unauthorized operations via a symlink attack on the ez-ipupdate.cache file.
Angus Mackay Ez-ipupdate 3.0.11b5
Angus Mackay Ez-ipupdate 3.0.11b7
NA
CVE-2022-48365
An issue exists in eZ Platform Ibexa Kernel prior to 1.3.26. The Company admin role gives excessive privileges.
Ibexa Digital Experience Platform
Ibexa Ez Platform Kernel
Ibexa Ez Platform
7.5
CVSSv2
CVE-2012-0983
SQL injection vulnerability in Scriptsez.net Ez Album allows remote malicious users to execute arbitrary SQL commands via the id parameter in a view action to index.php.
Scriptsez Ez Album -
1 EDB exploit
4.3
CVSSv2
CVE-2009-4317
Cross-site scripting (XSS) vulnerability in index.php in ScriptsEz Ez Cart allows remote malicious users to inject arbitrary web script or HTML via the sid parameter in a showcat action.
Scriptsez Ez Cart
4.3
CVSSv2
CVE-2009-4364
Cross-site scripting (XSS) vulnerability in index.php in ScriptsEz Ez Blog allows remote malicious users to inject arbitrary web script or HTML via the cname parameter, related to the act and id parameters. NOTE: the provenance of this information is unknown; the details are obta...
Scriptsez Ez Blog
2 EDB exploits
10
CVSSv2
CVE-2004-0980
Format string vulnerability in ez-ipupdate.c for ez-ipupdate 3.0.10 up to and including 3.0.11b8, when running in daemon mode with certain service types in use, allows remote servers to execute arbitrary code.
Angus Mackay Ez-ipupdate 3.0.11b5
Angus Mackay Ez-ipupdate 3.0.11b8
Debian Debian Linux 3.0
Gentoo Linux
4.3
CVSSv2
CVE-2022-25336
Ibexa DXP ezsystems/ezpublish-kernel 7.5.x prior to 7.5.26 and 1.3.x prior to 1.3.12 allows Insecure Direct Object Reference (IDOR) attacks against image files because the image path and filename can be correctly deduced.
Ibexa Ez Platform Kernel
7.5
CVSSv2
CVE-2009-4801
EZ-Blog Beta 1 does not require authentication, which allows remote malicious users to create or delete arbitrary posts via requests to PHP scripts.
Will Kraft Ez-blog -
1 EDB exploit
6.8
CVSSv2
CVE-2009-4805
Multiple SQL injection vulnerabilities in EZ-Blog Beta 1, when magic_quotes_gpc is disabled, allow remote malicious users to execute arbitrary SQL commands via (1) the storyid parameter to public/view.php or (2) the kill parameter to admin/remove.php.
Will Kraft Ez-blog -
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »