publish software vulnerabilities
vulnerabilities.aspcode.net
Searching publish software vulnerabilities
Example applications (Exampleapps) in ColdFusio
applications
|
Example
|
Example applications (Exampleapps) in ColdFusion Server 4.x do not properly restrict prevent access from outside the local host's domain, which allows remote attackers to conduct upload, read, or execute files by spoofing the "HTTP Host" (CGI.Host) variable in (1) the "Web Publish" example script, and (2) the "Email" example script.
PHP remote file inclusion vulnerability in publ
publish_xp_docsphp
|
vulnerability
|
inclusion
|
Gallery
|
remote
|
file
|
PHP
|
PHP remote file inclusion vulnerability in publish_xp_docs.php for Gallery 1.3.2 allows remote attackers to inject arbitrary PHP code by specifying a URL to an init.php file in the GALLERY_BASEDIR parameter.
publish_xp_docs.php in Gallery 1.3.2 allows rem
publish_xp_docsphp
|
Gallery
|
publish_xp_docs.php in Gallery 1.3.2 allows remote attackers to execute arbitrary PHP code by modifying the GALLERY_BASEDIR parameter to reference a URL on a remote web server that contains the code.
Cross-site scripting (XSS) vulnerability in art
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in articleview.php for eZ publish 2.2 allows remote attackers to insert arbitrary web script.
SQL injection vulnerability in printer_friendly
printer_friendlycfm
|
vulnerability
|
attackers
|
arbitrary
|
e-publish
|
injection
|
parameter
|
commands
|
execute
|
earlier
|
allows
|
remote
|
SQL
|
via
|
CMS
|
SQL injection vulnerability in printer_friendly.cfm in e-publish CMS 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
Cross-site scripting (XSS) vulnerability in sho
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in show.cfm in e-publish CMS 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) obcatid and (2) comid parameters.
eZ publish 3.5 through 3.7 before 20050608 requ
through
|
publish
|
before
|
eZ publish 3.5 through 3.7 before Wednesday, June 08, 2005 requires both edit and create permissions in order to submit data, which allows remote attackers to edit data submitted by arbitrary anonymous users.
eZ publish 3.4.4 through 3.7 before 20050722 ap
publish
|
eZ publish 3.4.4 through 3.7 before Friday, July 22, 2005 applies certain permissions on the node level, which allows remote authenticated users to bypass the original permissions on embedded objects in XML fields and read these objects.
The default configuration of the forum package
configuration
|
package
|
publish
|
default
|
before
|
forum
|
The default configuration of the forum package in eZ publish 3.5 before 3.5.5, 3.6 before 3.6.2, 3.7 before 3.7.0rc2, and 3.8 before Thursday, August 18, 2005 does not restrict edit permissions to a posting's owner, which allows remote authenticated users to edit arbitrary postings.
eZ publish 3.5 through 3.7 before 20050830 does
through
|
publish
|
before
|
eZ publish 3.5 through 3.7 before Tuesday, August 30, 2005 does not use a folder's read permissions to restrict notifications, which allows remote authenticated users to obtain sensitive information about changes to content in arbitrary folders.
eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5,
publish
|
before
|
eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before Monday, November 28, 2005 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a "memory addressing error".
Cross-site scripting (XSS) vulnerability in eZ
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in eZ publish 3.7.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the RefererURL parameter.
Multiple SQL injection vulnerabilities in Pro P
vulnerabilities
|
arbitrary
|
attackers
|
injection
|
Multiple
|
commands
|
execute
|
Publish
|
remote
|
allow
|
via
|
SQL
|
Pro
|
Multiple SQL injection vulnerabilities in Pro Publish 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) email and (2) password parameter to (a) admin/login.php, (3) find_str parameter to (b) search.php, or (4) artid parameter to (c) art.php, or (5) catid parameter to (d) cat.php.
Direct static code injection vulnerability in P
vulnerability
|
authenticated
|
adminitrators
|
set_incphp
|
arbitrary
|
injection
|
settings
|
execute
|
certain
|
editing
|
Publish
|
allows
|
stored
|
static
|
Direct
|
rmeote
|
which
|
code
|
PHP
|
Pro
|
Direct static code injection vulnerability in Pro Publish 2.0 allows rmeote authenticated adminitrators to execute arbitrary PHP code by editing certain settings, which are stored in set_inc.php.
Multiple cross-site scripting (XSS) vulnerabili
cross-site
|
scripting
|
Multiple
|
Multiple cross-site scripting (XSS) vulnerabilities in DeltaScripts Pro Publish allow remote attackers to inject arbitrary web script or HTML via the (1) artid parameter in art.php and the (2) catname parameter in cat.php.
Cross-site scripting (XSS) vulnerability in cat
Cross-site
|
scripting
|
Cross-site scripting (XSS) vulnerability in cat.php in PHP Pro Publish 2.0 allows remote attackers to inject arbitrary web script or HTML via the catname parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
eZ publish before 3.8.1 does not properly enfor
publish
|
before
|
eZ publish before 3.8.1 does not properly enforce permissions for "content edit Language" when there are four or more languages, which allows remote authenticated users to perform translations into languages that are not listed in a Module Function Limitation policy.
eZ publish before 3.8.5 does not properly enfor
publish
|
before
|
eZ publish before 3.8.5 does not properly enforce permissions for editing in a specific language, which allows remote authenticated users to create a draft in an unauthorized language by editing an archived version of an object, and then using Manage Versions to copy this version to a new draft.
eZ publish before 3.8.9, and 3.9 before 3.9.3,
publish
|
before
|
eZ publish before 3.8.9, and 3.9 before 3.9.3, does not properly check permissions on module views that lack a policy function, which has unknown impact and attack vectors, as demonstrated by a vulnerability in the discount functionality in the shop module.
The tipafriend function in eZ publish before 3.
tipafriend
|
function
|
publish
|
before
|
The tipafriend function in eZ publish before 3.8.9, and 3.9 before 3.9.3, does not limit access by anonymous users, which allows remote attackers to conduct spam attacks.
Software vulnerabilities results 1 to 20 of 27
Page:
1
2
►