Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
ez vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2009-1626
SQL injection vulnerability in public/specific.php in EZ-Blog before Beta 2 20090427, when magic_quotes_gpc is disabled, allows remote malicious users to execute arbitrary SQL commands via the category parameter.
Will Kraft Ez-blog
Will Kraft Ez-blog -
1 EDB exploit
2.1
CVSSv2
CVE-2003-0887
ez-ipupdate 3.0.11b7 and previous versions creates insecure temporary cache files, which allows local users to conduct unauthorized operations via a symlink attack on the ez-ipupdate.cache file.
Angus Mackay Ez-ipupdate 3.0.11b5
Angus Mackay Ez-ipupdate 3.0.11b7
NA
CVE-2022-48365
An issue exists in eZ Platform Ibexa Kernel prior to 1.3.26. The Company admin role gives excessive privileges.
Ibexa Digital Experience Platform
Ibexa Ez Platform Kernel
Ibexa Ez Platform
7.5
CVSSv2
CVE-2012-0983
SQL injection vulnerability in Scriptsez.net Ez Album allows remote malicious users to execute arbitrary SQL commands via the id parameter in a view action to index.php.
Scriptsez Ez Album -
1 EDB exploit
4.3
CVSSv2
CVE-2009-4364
Cross-site scripting (XSS) vulnerability in index.php in ScriptsEz Ez Blog allows remote malicious users to inject arbitrary web script or HTML via the cname parameter, related to the act and id parameters. NOTE: the provenance of this information is unknown; the details are obta...
Scriptsez Ez Blog
2 EDB exploits
4.3
CVSSv2
CVE-2009-4317
Cross-site scripting (XSS) vulnerability in index.php in ScriptsEz Ez Cart allows remote malicious users to inject arbitrary web script or HTML via the sid parameter in a showcat action.
Scriptsez Ez Cart
10
CVSSv2
CVE-2004-0980
Format string vulnerability in ez-ipupdate.c for ez-ipupdate 3.0.10 up to and including 3.0.11b8, when running in daemon mode with certain service types in use, allows remote servers to execute arbitrary code.
Angus Mackay Ez-ipupdate 3.0.11b5
Angus Mackay Ez-ipupdate 3.0.11b8
Debian Debian Linux 3.0
Gentoo Linux
4.3
CVSSv2
CVE-2022-25336
Ibexa DXP ezsystems/ezpublish-kernel 7.5.x prior to 7.5.26 and 1.3.x prior to 1.3.12 allows Insecure Direct Object Reference (IDOR) attacks against image files because the image path and filename can be correctly deduced.
Ibexa Ez Platform Kernel
4.3
CVSSv2
CVE-2009-0762
Cross-site scripting (XSS) vulnerability in ScriptsEz Ez PHP Comment allows remote malicious users to inject arbitrary web script or HTML via the name parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Scriptsez Ez Php Comment -
7.5
CVSSv2
CVE-2009-4801
EZ-Blog Beta 1 does not require authentication, which allows remote malicious users to create or delete arbitrary posts via requests to PHP scripts.
Will Kraft Ez-blog -
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »