RSS   Podatności dla 'Ez publish'   RSS

2009-07-02
 
CVE-2008-6844

 

 
The registration view (/user/register) in eZ Publish 3.5.6 and earlier, and possibly other versions before 3.9.5, 3.10.1, and 4.0.1, allows remote attackers to gain privileges as other users via modified ContentObjectAttribute_data_user_login_30, ContentObjectAttribute_data_user_password_30, and other parameters.

 
2007-08-22
 
CVE-2007-4494

 

 
The tipafriend function in eZ publish before 3.8.9, and 3.9 before 3.9.3, does not limit access by anonymous users, which allows remote attackers to conduct spam attacks.

 
 
CVE-2007-4493

 

 
eZ publish before 3.8.9, and 3.9 before 3.9.3, does not properly check permissions on module views that lack a policy function, which has unknown impact and attack vectors, as demonstrated by a vulnerability in the discount functionality in the shop module.

 
2006-02-28
 
CVE-2006-0938

CWE-79
 

 
Cross-site scripting (XSS) vulnerability in eZ publish 3.7.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the RefererURL parameter.

 

 >>> Vendor: Ez systems 2 Produkty
Httpbench
Ez publish


Copyright 2024, cxsecurity.com

 

Back to Top