LiveActive security incident?Get immediate response
CVE archive

July 2005

Browse CVE records published in July 2005, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 286 matching CVEs · Page 1 of 6.

Unknown · CVSS Not scored

CVE-2005-4855: Unrestricted file upload vulnerability in eZ publish 3.5 before 3.5.5, 3.6 before 3.6.2, 3.7 before 3.7.0rc...

Unrestricted file upload vulnerability in eZ publish 3.5 before 3.5.5, 3.6 before 3.6.2, 3.7 before 3.7.0rc2, and 3.8 before 20050922 does not restrict Image datatype uploads to image content types, which allows remote authenticated users to upload certain types of files, as demonstrated by .js files, which may enable cross-site scripting (XSS) attacks or other attacks.

Published Jul 6, 2007 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2005-4856: The admin interface in eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 2005...

The admin interface in eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051110 does not properly handle authorization errors, which allows remote attackers to obtain sensitive information and see the admin pagelayout and associated templates via a request with (1) "anything after the url" or (2) a "wrong url".

Published Jul 6, 2007 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2005-4852: The siteaccess URIMatching implementation in eZ publish 3.5 through 3.8 before 20050812 converts all non-al...

The siteaccess URIMatching implementation in eZ publish 3.5 through 3.8 before 20050812 converts all non-alphanumeric characters in a URI to '_' (underscore), which allows remote attackers to bypass access restrictions by inserting certain characters in a URI, as demonstrated by a request for /admin:de, which matches a rule allowing only /admin_de to access /admin.

Published Jul 6, 2007 · Updated Sep 17, 2024