VYPR

E Publish

by E Publish

CVEs (6)

  • CVE-2008-6844Jul 2, 2009
    risk 0.03cvss epss 0.03

    The registration view (/user/register) in eZ Publish 3.5.6 and earlier, and possibly other versions before 3.9.5, 3.10.1, and 4.0.1, allows remote attackers to gain privileges as other users via modified ContentObjectAttribute_data_user_login_30,…

  • CVE-2008-1981Apr 27, 2008
    risk 0.00cvss epss 0.01

    Cross-site request forgery (CSRF) vulnerability in E-Publish 5.x before 5.x-1.1 and 6.x before 6.x-1.0 beta1, a Drupal module, allows remote attackers to perform unauthorized actions as other users via unspecified vectors.

  • CVE-2007-4494Aug 23, 2007
    risk 0.00cvss epss 0.02

    The tipafriend function in eZ publish before 3.8.9, and 3.9 before 3.9.3, does not limit access by anonymous users, which allows remote attackers to conduct spam attacks.

  • CVE-2006-2128May 1, 2006
    risk 0.00cvss epss 0.02

    Multiple SQL injection vulnerabilities in Pro Publish 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) email and (2) password parameter to (a) admin/login.php, (3) find_str parameter to (b) search.php, or (4) artid parameter to (c) art.php, or (5) catid…

  • CVE-2005-4393Dec 20, 2005
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in show.cfm in e-publish CMS 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) obcatid and (2) comid parameters.

  • CVE-1999-1177Dec 31, 1999
    risk 0.00cvss epss 0.03

    Directory traversal vulnerability in nph-publish before 1.2 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the pathname for an upload operation.