Lucene search
K

15 matches found

Tenable Nessus
Tenable Nessus
added 2018/06/29 12:0 a.m.30 views

Debian DLA-1403-1 : zendframework security update

CVE-2016-4861 Allowing remote attackers to conduct SQL injection attacks by leveraging failure to remove comments from a SQL statement before validation. For Debian 8 'Jessie', these problems have been fixed in version 1.12.9+dfsg-2+deb8u7. We recommend that you upgrade your zendframework package...

9.8CVSS8.5AI score0.04124EPSS
Exploits1References3
Debian
Debian
added 2018/06/28 8:5 p.m.27 views

[SECURITY] [DLA 1403-1] zendframework security update

Package : zendframework Version : 1.12.9+dfsg-2+deb8u7 CVE ID : CVE-2016-4861 CVE-2016-4861 Allowing remote attackers to conduct SQL injection attacks by leveraging failure to remove comments from an SQL statement before validation. For Debian 8 "Jessie", these problems have been fixed in version...

9.8CVSS10AI score0.04124EPSS
Exploits1
NVD
NVD
added 2017/02/17 2:59 a.m.14 views

CVE-2016-4861

The 1 order and 2 group methods in ZendDbSelect in the Zend Framework before 1.12.20 might allow remote attackers to conduct SQL injection attacks by leveraging failure to remove comments from an SQL statement before validation...

9.8CVSS9.8AI score0.04124EPSS
Exploits1References8
UbuntuCve
UbuntuCve
added 2017/02/17 2:59 a.m.23 views

CVE-2016-4861

The 1 order and 2 group methods in ZendDbSelect in the Zend Framework before 1.12.20 might allow remote attackers to conduct SQL injection attacks by leveraging failure to remove comments from an SQL statement before validation...

9.8CVSS7.3AI score0.04124EPSS
Exploits1References2
CVE
CVE
added 2017/02/16 6:0 p.m.90 views

CVE-2016-4861

The CVE-2016-4861 entry concerns Zend Framework’s Zend_Db_Select (order and group methods) with a SQL injection risk due to failure to remove comments from SQL prior to validation. Affected component: Zend Framework prior to 1.12.20. Impact: remote attackers could exploit to conduct SQL injection...

9.8CVSS9.6AI score0.04124EPSS
Exploits1References8Affected Software1
OpenVAS
OpenVAS
added 2016/12/07 12:0 a.m.24 views

Fedora Update for php-ZendFramework FEDORA-2016-666d95d1d5

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.6AI score0.04124EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2016/11/21 12:0 a.m.35 views

Amazon Linux AMI : php-ZendFramework (ALAS-2016-767)

The implementation of ORDER BY and GROUP BY in ZendDbSelect was discovered to be vulnerable to SQL injection. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Amazon Linux AMI Security Advisory ALAS-2016-767. include'compat.inc'; if...

9.8CVSS8.3AI score0.04124EPSS
Exploits2References3
Amazon
Amazon
added 2016/11/18 12:0 a.m.39 views

Medium: php-ZendFramework

Issue Overview: The implementation of ORDER BY and GROUP BY in ZendDbSelect was discovered to be vulnerable to SQL injection. Affected Packages: php-ZendFramework Issue Correction: Run yum update php-ZendFramework or yum update --advisory ALAS-2016-767 to update your system. New Packages: noarch:...

9.8CVSS10AI score0.04124EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2016/11/15 12:0 a.m.31 views

Fedora 25 : php-ZendFramework (2016-666d95d1d5)

Probably the last update for Zend Framework 1 as it is being EOLd on September 28, 2016. Fixes two security issues, CVE-2016-4861 and CVE-2016-6233 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempte...

9.8CVSS8.2AI score0.04124EPSS
Exploits2References3
OSV
OSV
added 2016/10/21 2:48 p.m.4 views

MGASA-2016-0352 Updated php-ZendFramework packages fix security vulnerability

The implementation of ORDER BY and GROUP BY in ZendDbSelect remained prone to SQL injection when a combination of SQL expressions and comments were used. This security patch provides a comprehensive solution that identifies and removes comments prior to checking validity of the statement to ensur...

9.8CVSS9.8AI score0.04124EPSS
Exploits1References4
Mageia
Mageia
added 2016/10/21 2:48 p.m.34 views

Updated php-ZendFramework packages fix security vulnerability

The implementation of ORDER BY and GROUP BY in ZendDbSelect remained prone to SQL injection when a combination of SQL expressions and comments were used. This security patch provides a comprehensive solution that identifies and removes comments prior to checking validity of the statement to ensur...

9.8CVSS3.9AI score0.04124EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2016/10/10 12:0 a.m.25 views

Fedora 24 : php-ZendFramework (2016-7f193a0c59)

Probably the last update for Zend Framework 1 as it is being EOLd on September 28, 2016. Fixes two security issues, CVE-2016-4861 and CVE-2016-6233 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempte...

9.8CVSS8.2AI score0.04124EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2016/10/10 12:0 a.m.34 views

Fedora 23 : php-ZendFramework (2016-77e5105570)

Probably the last update for Zend Framework 1 as it is being EOLd on September 28, 2016. Fixes two security issues, CVE-2016-4861 and CVE-2016-6233 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempte...

9.8CVSS8.2AI score0.04124EPSS
Exploits2References3
Tenable Nessus
Tenable Nessus
added 2016/10/06 12:0 a.m.26 views

Debian DLA-646-1 : zendframework security update

CVE-2016-4861 The implementation of ORDER BY and GROUP BY in ZendDbSelect remained prone to SQL injection when a combination of SQL expressions and comments were used. This security patch provides a comprehensive solution that identifies and removes comments prior to checking validity of the...

9.8CVSS8.4AI score0.04124EPSS
Exploits1References3
OSV
OSV
added 2016/10/05 12:0 a.m.23 views

DLA-646-1 zendframework - security update

Bulletin has no description...

9.8CVSS9.3AI score0.04124EPSS
Exploits1
Rows per page
Query Builder