30 matches found
Zend-Navigation vulnerable to Cross-site Scripting
Many Zend Framework 2 view helpers were using the escapeHtml view helper in order to escape HTML attributes, instead of the more appropriate escapeHtmlAttr. In situations where user data and/or JavaScript is used to seed attributes, this can lead to potential cross site scripting XSS attack...
Zend-Form vulnerable to Cross-site Scripting
Many Zend Framework 2 view helpers were using the escapeHtml view helper in order to escape HTML attributes, instead of the more appropriate escapeHtmlAttr. In situations where user data and/or JavaScript is used to seed attributes, this can lead to potential cross site scripting XSS attack...
GHSA-GVPP-6JRJ-5PQC Zend-Form vulnerable to Cross-site Scripting
Many Zend Framework 2 view helpers were using the escapeHtml view helper in order to escape HTML attributes, instead of the more appropriate escapeHtmlAttr. In situations where user data and/or JavaScript is used to seed attributes, this can lead to potential cross site scripting XSS attack...
GHSA-JQ87-2WXP-8349 ZendFramework Route Parameter Injection Via Query String in `Zend\Mvc`
In Zend Framework 2, Zend\Mvc\Router\Http\Query is used primarily to allow appending query strings to URLs when assembled. However, due to the fact that it captures any query parameters into the RouteMatch, and the fact that RouteMatch parameters are merged with any parent routes, this can lead t...
PT-2024-40459 · Libxml2 +1 · Libxml2 +1
Name of the Vulnerable Software and Affected Versions: Zend Framework 2 affected versions not specified Description: The issue concerns XML Entity Expansion XEE attacks, specifically Quadratic Blowup Attacks, which can lead to Denial Of Service attacks against a host's RAM. This is due to the lac...
PT-2024-40416 · Libxml2 +2 · Libxml2 +2
Name of the Vulnerable Software and Affected Versions: Zend Framework 2 affected versions not specified Description: The issue concerns XML Entity Expansion XEE attacks, which can lead to Denial Of Service attacks against a host's RAM. This occurs because there is no current method of disabling...
Several Zend Products Vulnerable to XXE and XEE attacks
Zend Framework 1 ZF1 before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendServiceAudioScrobbler, ZendServiceNirvanix, ZendServiceSlideShare, ZendServiceTechnorati, and ZendServiceWindowsAzure before 2.0.2, ZendServiceAmazon before 2.0.3, and ZendServiceAp...
Several Zend Products Vulnerable to XXE and XEE attacks
Zend Framework 1 ZF1 before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendServiceAudioScrobbler, ZendServiceNirvanix, ZendServiceSlideShare, ZendServiceTechnorati, and ZendServiceWindowsAzure before 2.0.2, ZendServiceAmazon before 2.0.3, and ZendServiceAp...
[SECURITY] Fedora 23 Update: php-ZendFramework2-2.4.10-1.fc23
Zend Framework 2 is an open source framework for developing web applications and services using PHP 5.3+. Zend Framework 2 uses 100% object-oriented code and utilizes most of the new features of PHP 5.3, namely namespaces, late static binding, lambda functions and closures. Zend Framework 2 evolv...
[SECURITY] Fedora 21 Update: php-ZendFramework2-2.4.8-1.fc21
Zend Framework 2 is an open source framework for developing web applications and services using PHP 5.3+. Zend Framework 2 uses 100% object-oriented code and utilizes most of the new features of PHP 5.3, namely namespaces, late static binding, lambda functions and closures. Zend Framework 2 evolv...
[SECURITY] Fedora 22 Update: php-ZendFramework2-2.4.8-1.fc22
Zend Framework 2 is an open source framework for developing web applications and services using PHP 5.3+. Zend Framework 2 uses 100% object-oriented code and utilizes most of the new features of PHP 5.3, namely namespaces, late static binding, lambda functions and closures. Zend Framework 2 evolv...
[SECURITY] Fedora 23 Update: php-ZendFramework2-2.4.8-1.fc23
Zend Framework 2 is an open source framework for developing web applications and services using PHP 5.3+. Zend Framework 2 uses 100% object-oriented code and utilizes most of the new features of PHP 5.3, namely namespaces, late static binding, lambda functions and closures. Zend Framework 2 evolv...
[SECURITY] Fedora 21 Update: php-ZendFramework2-2.4.7-1.fc21
Zend Framework 2 is an open source framework for developing web applications and services using PHP 5.3+. Zend Framework 2 uses 100% object-oriented code and utilizes most of the new features of PHP 5.3, namely namespaces, late static binding, lambda functions and closures. Zend Framework 2 evolv...
[SECURITY] Fedora 22 Update: php-ZendFramework2-2.4.7-1.fc22
Zend Framework 2 is an open source framework for developing web applications and services using PHP 5.3+. Zend Framework 2 uses 100% object-oriented code and utilizes most of the new features of PHP 5.3, namely namespaces, late static binding, lambda functions and closures. Zend Framework 2 evolv...
[SECURITY] Fedora 23 Update: php-ZendFramework2-2.4.7-1.fc23
Zend Framework 2 is an open source framework for developing web applications and services using PHP 5.3+. Zend Framework 2 uses 100% object-oriented code and utilizes most of the new features of PHP 5.3, namely namespaces, late static binding, lambda functions and closures. Zend Framework 2 evolv...
Zend Framework 2.4.2 / 1.12.13 XXE Injection
============================================= - Release date: 12.08.2015 - Discovered by: Dawid Golunski - Severity: High - CVE-ID: CVE-2015-5161 ============================================= I. VULNERABILITY ------------------------- Zend Framework From http://framework.zend.com/about/ website:...
[SECURITY] Fedora 22 Update: php-ZendFramework2-2.3.8-1.fc22
Zend Framework 2 is an open source framework for developing web applications and services using PHP 5.3+. Zend Framework 2 uses 100% object-oriented code and utilizes most of the new features of PHP 5.3, namely namespaces, late static binding, lambda functions and closures. Zend Framework 2 evolv...
[SECURITY] Fedora 21 Update: php-ZendFramework2-2.3.8-1.fc21
Zend Framework 2 is an open source framework for developing web applications and services using PHP 5.3+. Zend Framework 2 uses 100% object-oriented code and utilizes most of the new features of PHP 5.3, namely namespaces, late static binding, lambda functions and closures. Zend Framework 2 evolv...
[SECURITY] Fedora 20 Update: php-ZendFramework2-2.3.8-1.fc20
Zend Framework 2 is an open source framework for developing web applications and services using PHP 5.3+. Zend Framework 2 uses 100% object-oriented code and utilizes most of the new features of PHP 5.3, namely namespaces, late static binding, lambda functions and closures. Zend Framework 2 evolv...
[SECURITY] Fedora 21 Update: php-ZendFramework2-2.3.7-1.fc21
Zend Framework 2 is an open source framework for developing web applications and services using PHP 5.3+. Zend Framework 2 uses 100% object-oriented code and utilizes most of the new features of PHP 5.3, namely namespaces, late static binding, lambda functions and closures. Zend Framework 2 evolv...