Vulnerabilities > EZ > EZ Publish > 3.7.3
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-12-31 | CVE-2005-4856 | Data Processing Errors vulnerability in EZ Publish The admin interface in eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051110 does not properly handle authorization errors, which allows remote attackers to obtain sensitive information and see the admin pagelayout and associated templates via a request with (1) "anything after the url" or (2) a "wrong url". | 5.0 |
2005-12-31 | CVE-2005-4854 | Permissions, Privileges, and Access Controls vulnerability in EZ Publish eZ publish 3.5 through 3.7 before 20050830 does not use a folder's read permissions to restrict notifications, which allows remote authenticated users to obtain sensitive information about changes to content in arbitrary folders. | 5.0 |