CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

25 matches found

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2015-4618

Malware in sbrugna...

7.5CVSS7.8AI score0.03843EPSS

Exploits0References23

Github Security Blog•added 2024/06/07 9:49 p.m.•20 views

Zend-JSON vulnerable to XXE/XEE attacks

Numerous components utilizing PHP's DOMDocument, SimpleXML, and xmlparse functionality are vulnerable to two types of attacks: - XML eXternal Entity XXE Injection attacks. The above mentioned extensions are insecure by default, allowing external entities to be specified by adding a specific DOCTY...

7.4AI score

Exploits0References9Affected Software1

OSV•added 2024/06/07 9:49 p.m.•16 views

GHSA-8X2V-PCG7-94F4 Zend-JSON vulnerable to XXE/XEE attacks

9.8CVSS7.4AI score

Exploits0References9

Github Security Blog•added 2024/06/07 9:16 p.m.•10 views

ZendFramework potential XML eXternal Entity injection vectors

7.4AI score

Exploits0References3Affected Software1

OSV•added 2024/06/07 9:16 p.m.•6 views

GHSA-MHPX-3RV8-WRJM ZendFramework potential XML eXternal Entity injection vectors

9.8CVSS7.4AI score

Exploits0References3

Github Security Blog•added 2024/06/07 9:10 p.m.•17 views

ZendFramework vulnerable to XXE/XEE attacks

7.4AI score

Exploits0References9Affected Software1

OSV•added 2024/06/07 9:10 p.m.•12 views

GHSA-F4FJ-Q6M4-CC52 ZendFramework vulnerable to XXE/XEE attacks

9.8CVSS7.4AI score

Exploits0References9

Github Security Blog•added 2024/06/07 8:30 p.m.•12 views

Zendframework vulnerable to XXE/XEE attacks

7.4AI score

Exploits0References9Affected Software1

OSV•added 2024/06/07 8:30 p.m.•8 views

GHSA-QC7W-4567-84WV Zendframework vulnerable to XXE/XEE attacks

9.8CVSS7.4AI score

Exploits0References9

BDU FSTEC•added 2016/05/31 12:0 a.m.•4 views

The vulnerability of the PHP interpreter allows attackers to read arbitrary files or write to them.

The vulnerability of the PHP interpreter lies in the lack of checks for the sequence “%00” in the path name. Exploiting this vulnerability allows an attacker to read arbitrary files or write to them using specially crafted input data for an application that calls the DOMDocument save method or th...

7.5CVSS7.3AI score0.03843EPSS

Exploits0References4Affected Software1

Prion•added 2016/05/16 10:59 a.m.•32 views

Code injection

PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls 1 a DOMDocument load method, 2 the xmlwriteropenuri function, 3 t...

6.4CVSS7.1AI score0.03439EPSS

Exploits1References10Affected Software8

Prion•added 2016/05/16 10:59 a.m.•37 views

Design/Logic Flaw

PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to read or write to arbitrary files via crafted input to an application that calls 1 a DOMDocument save method or 2 the GD imagepsloadfont function...

7.5CVSS7.1AI score0.03843EPSS

Exploits0References12Affected Software8

Packet Storm•added 2015/11/09 12:0 a.m.•26 views

Google AdWords API PHP Client Library 6.2.0 XXE Injection

Advisory URL: http://legalhackers.com/advisories/Google-AdWords-API-libraries-XXE-Injection-Vulnerability.txt ============================================= - Release date: 06.11.2015 - Discovered by: Dawid Golunski - Severity: Medium/High ============================================= I...

0.3AI score

Exploits0

0day.today•added 2015/11/09 12:0 a.m.•33 views

Google AdWords API PHP Client Library 6.2.0 XXE Injection Vulnerability

Google AdWords API PHP client library versions 6.2.0 and below suffer from an XML eXternal Entity injection vulnerability. ============================================= - Release date: 06.11.2015 - Discovered by: Dawid Golunski - Severity: Medium/High =============================================...

7.5AI score

Exploits0

exploitpack•added 2015/08/13 12:0 a.m.•75 views

Zend Framework 2.4.2 - PHP FPM XML eXternal Entity Injection

Zend Framework 2.4.2 - PHP FPM XML eXternal Entity Injection ============================================= - Release date: 12.08.2015 - Discovered by: Dawid Golunski - Severity: High - CVE-ID: CVE-2015-5161 ============================================= I. VULNERABILITY -------------------------...

6.8CVSS0.1AI score0.09911EPSS

Exploits7

Packet Storm•added 2015/08/13 12:0 a.m.•99 views

Zend Framework 2.4.2 / 1.12.13 XXE Injection

============================================= - Release date: 12.08.2015 - Discovered by: Dawid Golunski - Severity: High - CVE-ID: CVE-2015-5161 ============================================= I. VULNERABILITY ------------------------- Zend Framework From http://framework.zend.com/about/ website:...

6.8CVSS0.09911EPSS

Exploits7

Mageia•added 2014/10/29 11:30 a.m.•42 views

Updated zabbix package fixes security vulnerability

It was reported that the Zabbix frontend supported an XML data import feature, where on the server it used DOMDocument to parse the XML. By default, DOMDocument also parses the external DTD, which could allow a remote attacker to use a crafted XML file causing Zabbix to read an arbitrary local...

9.8CVSS8.8AI score0.05303EPSS

Exploits1References5

OSV•added 2014/10/29 11:30 a.m.•4 views

MGASA-2014-0433 Updated zabbix package fixes security vulnerability

9.8CVSS9AI score0.05303EPSS

Exploits1References6