E Publish
Products
2- 6 CVEs
- 1 CVE
Recent CVEs
6| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-6844 | 0.03 | — | 0.03 | Jul 2, 2009 | The registration view (/user/register) in eZ Publish 3.5.6 and earlier, and possibly other versions before 3.9.5, 3.10.1, and 4.0.1, allows remote attackers to gain privileges as other users via modified ContentObjectAttribute_data_user_login_30,… | |||
| CVE-2008-1981 | 0.00 | — | 0.01 | Apr 27, 2008 | Cross-site request forgery (CSRF) vulnerability in E-Publish 5.x before 5.x-1.1 and 6.x before 6.x-1.0 beta1, a Drupal module, allows remote attackers to perform unauthorized actions as other users via unspecified vectors. | |||
| CVE-2007-4494 | 0.00 | — | 0.02 | Aug 23, 2007 | The tipafriend function in eZ publish before 3.8.9, and 3.9 before 3.9.3, does not limit access by anonymous users, which allows remote attackers to conduct spam attacks. | |||
| CVE-2006-2128 | 0.00 | — | 0.02 | May 1, 2006 | Multiple SQL injection vulnerabilities in Pro Publish 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) email and (2) password parameter to (a) admin/login.php, (3) find_str parameter to (b) search.php, or (4) artid parameter to (c) art.php, or (5) catid… | |||
| CVE-2005-4393 | 0.00 | — | 0.01 | Dec 20, 2005 | Cross-site scripting (XSS) vulnerability in show.cfm in e-publish CMS 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) obcatid and (2) comid parameters. | |||
| CVE-1999-1177 | 0.00 | — | 0.03 | Dec 31, 1999 | Directory traversal vulnerability in nph-publish before 1.2 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the pathname for an upload operation. |
- CVE-2008-6844Jul 2, 2009risk 0.03cvss —epss 0.03
The registration view (/user/register) in eZ Publish 3.5.6 and earlier, and possibly other versions before 3.9.5, 3.10.1, and 4.0.1, allows remote attackers to gain privileges as other users via modified ContentObjectAttribute_data_user_login_30,…
- CVE-2008-1981Apr 27, 2008risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in E-Publish 5.x before 5.x-1.1 and 6.x before 6.x-1.0 beta1, a Drupal module, allows remote attackers to perform unauthorized actions as other users via unspecified vectors.
- CVE-2007-4494Aug 23, 2007risk 0.00cvss —epss 0.02
The tipafriend function in eZ publish before 3.8.9, and 3.9 before 3.9.3, does not limit access by anonymous users, which allows remote attackers to conduct spam attacks.
- CVE-2006-2128May 1, 2006risk 0.00cvss —epss 0.02
Multiple SQL injection vulnerabilities in Pro Publish 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) email and (2) password parameter to (a) admin/login.php, (3) find_str parameter to (b) search.php, or (4) artid parameter to (c) art.php, or (5) catid…
- CVE-2005-4393Dec 20, 2005risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in show.cfm in e-publish CMS 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) obcatid and (2) comid parameters.
- CVE-1999-1177Dec 31, 1999risk 0.00cvss —epss 0.03
Directory traversal vulnerability in nph-publish before 1.2 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the pathname for an upload operation.