Vulnerabilities > EZ > EZ Publish > 3.7.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-12-31 | CVE-2005-4856 | Data Processing Errors vulnerability in EZ Publish The admin interface in eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051110 does not properly handle authorization errors, which allows remote attackers to obtain sensitive information and see the admin pagelayout and associated templates via a request with (1) "anything after the url" or (2) a "wrong url". | 5.0 |
2005-12-31 | CVE-2005-4855 | Permissions, Privileges, and Access Controls vulnerability in EZ Publish Unrestricted file upload vulnerability in eZ publish 3.5 before 3.5.5, 3.6 before 3.6.2, 3.7 before 3.7.0rc2, and 3.8 before 20050922 does not restrict Image datatype uploads to image content types, which allows remote authenticated users to upload certain types of files, as demonstrated by .js files, which may enable cross-site scripting (XSS) attacks or other attacks. | 3.5 |
2005-12-31 | CVE-2005-4854 | Permissions, Privileges, and Access Controls vulnerability in EZ Publish eZ publish 3.5 through 3.7 before 20050830 does not use a folder's read permissions to restrict notifications, which allows remote authenticated users to obtain sensitive information about changes to content in arbitrary folders. | 5.0 |