|
306931
|
- |
|
ez
|
ez_publish
|
eZ publish 3.5 through 3.7 before 20050830 does not use a folder's read permissions to restrict notifications, which allows remote authenticated users to obtain sensitive information about changes to…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2005-4854
|
2015-07-28 23:55 |
2005-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306932
|
- |
|
ez
|
ez_publish
|
The default configuration of the forum package in eZ publish 3.5 before 3.5.5, 3.6 before 3.6.2, 3.7 before 3.7.0rc2, and 3.8 before 20050818 does not restrict edit permissions to a posting's owner, …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2005-4853
|
2015-07-28 23:41 |
2005-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306933
|
- |
|
ez
|
ez_publish
|
Vendor has fixed this vulnerability in an upgrade starting at 3.5.5: http://ez.no/download/ez_publish
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2005-4853
|
2015-07-28 23:41 |
2005-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306934
|
- |
|
ez
|
ez_publish
|
eZ publish before 3.8.1 does not properly enforce permissions for "content edit Language" when there are four or more languages, which allows remote authenticated users to perform translations into l…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2006-7218
|
2015-07-28 23:35 |
2007-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306935
|
- |
|
ez
|
ez_publish
|
eZ publish before 3.8.5 does not properly enforce permissions for editing in a specific language, which allows remote authenticated users to create a draft in an unauthorized language by editing an a…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2006-7219
|
2015-07-28 23:35 |
2007-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306936
|
- |
|
ez
|
ez_publish
|
eZ publish before 3.8.9, and 3.9 before 3.9.3, does not properly check permissions on module views that lack a policy function, which has unknown impact and attack vectors, as demonstrated by a vulne…
|
NVD-CWE-noinfo
|
CVE-2007-4493
|
2015-07-28 03:36 |
2007-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306937
|
- |
|
ez
|
ez_publish
|
The tipafriend function in eZ publish before 3.8.9, and 3.9 before 3.9.3, does not limit access by anonymous users, which allows remote attackers to conduct spam attacks.
|
NVD-CWE-noinfo
|
CVE-2007-4494
|
2015-07-28 03:36 |
2007-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306938
|
- |
|
ghostscript
|
ghostscript
|
Stack-based buffer overflow in the errprintf function in base/gsmisc.c in ghostscript 8.64 through 8.70 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary cod…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2009-4270
|
2015-01-10 08:42 |
2009-12-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306939
|
- |
|
ibm
|
websphere_application_server
|
The JAX-RPC WS-Security runtime in the Web Services Security component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.23 and 7.0 before 7.0.0.3, when APAR PK41002 is installed, does not p…
|
CWE-20
Improper Input Validation
|
CVE-2009-1172
|
2014-10-24 14:37 |
2009-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
306940
|
- |
|
ibm
|
websphere_application_server
|
IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.3 uses weak permissions (777) for files associated with unspecified "interim fixes," which allows attackers to modify files that would not have…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-1173
|
2014-10-24 14:37 |
2009-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
