15 matches found
Debian DLA-1403-1 : zendframework security update
CVE-2016-4861 Allowing remote attackers to conduct SQL injection attacks by leveraging failure to remove comments from a SQL statement before validation. For Debian 8 'Jessie', these problems have been fixed in version 1.12.9+dfsg-2+deb8u7. We recommend that you upgrade your zendframework package...
[SECURITY] [DLA 1403-1] zendframework security update
Package : zendframework Version : 1.12.9+dfsg-2+deb8u7 CVE ID : CVE-2016-4861 CVE-2016-4861 Allowing remote attackers to conduct SQL injection attacks by leveraging failure to remove comments from an SQL statement before validation. For Debian 8 "Jessie", these problems have been fixed in version...
CVE-2016-4861
The 1 order and 2 group methods in ZendDbSelect in the Zend Framework before 1.12.20 might allow remote attackers to conduct SQL injection attacks by leveraging failure to remove comments from an SQL statement before validation...
CVE-2016-4861
The 1 order and 2 group methods in ZendDbSelect in the Zend Framework before 1.12.20 might allow remote attackers to conduct SQL injection attacks by leveraging failure to remove comments from an SQL statement before validation...
CVE-2016-4861
The CVE-2016-4861 entry concerns Zend Framework’s Zend_Db_Select (order and group methods) with a SQL injection risk due to failure to remove comments from SQL prior to validation. Affected component: Zend Framework prior to 1.12.20. Impact: remote attackers could exploit to conduct SQL injection...
Fedora Update for php-ZendFramework FEDORA-2016-666d95d1d5
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Amazon Linux AMI : php-ZendFramework (ALAS-2016-767)
The implementation of ORDER BY and GROUP BY in ZendDbSelect was discovered to be vulnerable to SQL injection. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Amazon Linux AMI Security Advisory ALAS-2016-767. include'compat.inc'; if...
Medium: php-ZendFramework
Issue Overview: The implementation of ORDER BY and GROUP BY in ZendDbSelect was discovered to be vulnerable to SQL injection. Affected Packages: php-ZendFramework Issue Correction: Run yum update php-ZendFramework or yum update --advisory ALAS-2016-767 to update your system. New Packages: noarch:...
Fedora 25 : php-ZendFramework (2016-666d95d1d5)
Probably the last update for Zend Framework 1 as it is being EOLd on September 28, 2016. Fixes two security issues, CVE-2016-4861 and CVE-2016-6233 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempte...
MGASA-2016-0352 Updated php-ZendFramework packages fix security vulnerability
The implementation of ORDER BY and GROUP BY in ZendDbSelect remained prone to SQL injection when a combination of SQL expressions and comments were used. This security patch provides a comprehensive solution that identifies and removes comments prior to checking validity of the statement to ensur...
Updated php-ZendFramework packages fix security vulnerability
The implementation of ORDER BY and GROUP BY in ZendDbSelect remained prone to SQL injection when a combination of SQL expressions and comments were used. This security patch provides a comprehensive solution that identifies and removes comments prior to checking validity of the statement to ensur...
Fedora 24 : php-ZendFramework (2016-7f193a0c59)
Probably the last update for Zend Framework 1 as it is being EOLd on September 28, 2016. Fixes two security issues, CVE-2016-4861 and CVE-2016-6233 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempte...
Fedora 23 : php-ZendFramework (2016-77e5105570)
Probably the last update for Zend Framework 1 as it is being EOLd on September 28, 2016. Fixes two security issues, CVE-2016-4861 and CVE-2016-6233 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempte...
Debian DLA-646-1 : zendframework security update
CVE-2016-4861 The implementation of ORDER BY and GROUP BY in ZendDbSelect remained prone to SQL injection when a combination of SQL expressions and comments were used. This security patch provides a comprehensive solution that identifies and removes comments prior to checking validity of the...
DLA-646-1 zendframework - security update
Bulletin has no description...