Show filters
7 Total Results
Displaying 1-7 of 7
Sort by:
Attacker Value
Unknown

CVE-2010-2672

Disclosure Date: July 08, 2010 (last updated October 04, 2023)
Multiple SQL injection vulnerabilities in eZ Publish 3.7.0 through 4.2.0 allow remote attackers to execute arbitrary SQL commands via the (1) SectionID and (2) SearchTimestamp parameters to the search feature and the (3) SearchContentClassAttributeID parameter to the advancedsearch feature.
0
Attacker Value
Unknown

CVE-2010-2671

Disclosure Date: July 08, 2010 (last updated October 04, 2023)
Cross-site scripting (XSS) vulnerability in advancedsearch.php in eZ Publish 3.7.0 through 4.2.0 allows remote attackers to inject arbitrary web script or HTML via the subTreeItem parameter.
0
Attacker Value
Unknown

CVE-2008-6844

Disclosure Date: July 02, 2009 (last updated October 04, 2023)
The registration view (/user/register) in eZ Publish 3.5.6 and earlier, and possibly other versions before 3.9.5, 3.10.1, and 4.0.1, allows remote attackers to gain privileges as other users via modified ContentObjectAttribute_data_user_login_30, ContentObjectAttribute_data_user_password_30, and other parameters.
0
Attacker Value
Unknown

CVE-2006-0938

Disclosure Date: March 01, 2006 (last updated February 22, 2025)
Cross-site scripting (XSS) vulnerability in eZ publish 3.7.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the RefererURL parameter.
0
Attacker Value
Unknown

CVE-2005-4854

Disclosure Date: December 31, 2005 (last updated February 22, 2025)
eZ publish 3.5 through 3.7 before 20050830 does not use a folder's read permissions to restrict notifications, which allows remote authenticated users to obtain sensitive information about changes to content in arbitrary folders.
0
Attacker Value
Unknown

CVE-2005-4856

Disclosure Date: December 31, 2005 (last updated February 22, 2025)
The admin interface in eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051110 does not properly handle authorization errors, which allows remote attackers to obtain sensitive information and see the admin pagelayout and associated templates via a request with (1) "anything after the url" or (2) a "wrong url".
0
Attacker Value
Unknown

CVE-2005-4857

Disclosure Date: December 31, 2005 (last updated February 22, 2025)
eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a "memory addressing error".
0