Lucene search
K

494 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 5:21 a.m.4 views

SUSE CVE-2015-1555

Zend/Session/SessionManager in Zend Framework 2.2.x before 2.2.9, 2.3.x before 2.3.4 allows remote attackers to create valid sessions without using session validators...

9.1CVSS7AI score0.01393EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 5:16 a.m.9 views

SUSE CVE-2015-5161

The ZendXmlSecurity::scan in ZendXml before 1.0.1 and Zend Framework before 1.12.14, 2.x before 2.4.6, and 2.5.x before 2.5.2, when running under PHP-FPM in a threaded environment, allows remote attackers to bypass security checks and conduct XML external entity XXE and XML entity expansion XEE...

6.8CVSS7.1AI score0.09911EPSS
Exploits7References4
SUSE CVE
SUSE CVE
added 2023/02/15 4:54 a.m.5 views

SUSE CVE-2016-10034

The setFrom function in the Sendmail adapter in the zend-mail component before 2.4.11, 2.5.x, 2.6.x, and 2.7.x before 2.7.2, and Zend Framework before 2.4.11 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a " backslash double...

9.8CVSS8AI score0.38438EPSS
Exploits10References4
OSV
OSV
added 2022/05/24 5:7 p.m.19 views

GHSA-5957-5CRX-79JX Zenario CMS vulnerable to CRLF injection

CRLF injection vulnerability in Zend\Mail ZendMail in Zend Framework before 1.12.12, 2.x before 2.3.8, and 2.4.x before 2.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the header of an email...

6.1CVSS6.4AI score0.01009EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2022/05/24 5:7 p.m.19 views

Zenario CMS vulnerable to CRLF injection

CRLF injection vulnerability in Zend\Mail ZendMail in Zend Framework before 1.12.12, 2.x before 2.3.8, and 2.4.x before 2.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the header of an email...

6.1CVSS7.4AI score0.01009EPSS
Exploits1References6Affected Software3
OSV
OSV
added 2022/05/24 4:59 p.m.23 views

GHSA-V59P-P692-V382 Zend Framework Allows SQL Injection

Zend Framework before 2.2.10 and 2.3.x before 2.3.5 has Potential SQL injection in PostgreSQL Zend\Db adapter...

9.8CVSS9.9AI score0.01103EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2022/05/24 4:59 p.m.21 views

Zend Framework Allows SQL Injection

Zend Framework before 2.2.10 and 2.3.x before 2.3.5 has Potential SQL injection in PostgreSQL Zend\Db adapter...

9.8CVSS8.1AI score0.01103EPSS
Exploits0References6Affected Software2
OSV
OSV
added 2022/05/17 5:14 a.m.27 views

GHSA-H5P3-7MG6-HGJ4 Zend Framework XEE Vulnerability

1 ZendDom, 2 ZendFeed, and 3 ZendSoap in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 do not properly handle SimpleXMLElement classes, which allow remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC...

6.4CVSS9.2AI score0.02519EPSS
Exploits0References9
Github Security Blog
Github Security Blog
added 2022/05/17 5:14 a.m.28 views

Zend Framework XEE Vulnerability

1 ZendDom, 2 ZendFeed, and 3 ZendSoap in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 do not properly handle SimpleXMLElement classes, which allow remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC...

6.4CVSS7.6AI score0.02519EPSS
Exploits0References9Affected Software1
OSV
OSV
added 2022/05/17 5:10 a.m.23 views

GHSA-9M5V-VQ4F-MRVF Zend Framework XXE Vulnerability

The 1 ZendFeedRss and 2 ZendFeedAtom classes in ZendFeed in Zend Framework 1.11.x before 1.11.15 and 1.12.x before 1.12.1 allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, and possibly cause a denial of service CPU and memory consumption via an XML External...

5CVSS9.2AI score0.01705EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2022/05/17 5:10 a.m.24 views

Zend Framework XXE Vulnerability

The 1 ZendFeedRss and 2 ZendFeedAtom classes in ZendFeed in Zend Framework 1.11.x before 1.11.15 and 1.12.x before 1.12.1 allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, and possibly cause a denial of service CPU and memory consumption via an XML External...

5CVSS7.4AI score0.01705EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2022/05/17 5:10 a.m.24 views

GHSA-JH4X-4WMF-67PR Zend Framework XEE Vulnerability

1 ZendDom, 2 ZendFeed, 3 ZendSoap, and 4 ZendXmlRpc in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 allow remote attackers to cause a denial of service CPU consumption via recursive or circular references in an XML entity definition in an XML DOCTYPE declaration, aka an XML Entity...

5CVSS9.1AI score0.01848EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/05/17 5:10 a.m.21 views

Zend Framework XEE Vulnerability

1 ZendDom, 2 ZendFeed, 3 ZendSoap, and 4 ZendXmlRpc in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 allow remote attackers to cause a denial of service CPU consumption via recursive or circular references in an XML entity definition in an XML DOCTYPE declaration, aka an XML Entity...

5CVSS7.2AI score0.01848EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/17 4:56 a.m.25 views

Zend Framework XXE Vulnerability

ZendXmlRpc in Zend Framework 1.x before 1.11.12 and 1.12.x before 1.12.0 does not properly handle SimpleXMLElement classes, which allows remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, aka an XML...

9.1CVSS9.2AI score0.50248EPSS
Exploits1References16Affected Software1
OSV
OSV
added 2022/05/17 3:44 a.m.22 views

GHSA-2HVH-C5C2-VJ85 Zend Framework SQL injection vector using null byte for PDO

The PDO adapters in Zend Framework before 1.12.16 do not filer null bytes in SQL statements, which allows remote attackers to execute arbitrary SQL commands via a crafted query...

9.8CVSS9.7AI score0.02972EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2022/05/17 3:44 a.m.29 views

Zend Framework SQL injection vector using null byte for PDO

The PDO adapters in Zend Framework before 1.12.16 do not filer null bytes in SQL statements, which allows remote attackers to execute arbitrary SQL commands via a crafted query...

9.8CVSS8.1AI score0.02972EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2022/05/17 3:16 a.m.29 views

GHSA-XP8P-9RQ5-4WGV ZendXml and Zend Framework contain XXE and XEE Vulnerabilities

The ZendXmlSecurity::scan in ZendXml before 1.0.1 and Zend Framework before 1.12.14, 2.x before 2.4.6, and 2.5.x before 2.5.2, when running under PHP-FPM in a threaded environment, allows remote attackers to bypass security checks and conduct XML external entity XXE and XML entity expansion XEE...

6.8CVSS6.8AI score0.09911EPSS
Exploits7References19
Github Security Blog
Github Security Blog
added 2022/05/17 3:16 a.m.52 views

ZendXml and Zend Framework contain XXE and XEE Vulnerabilities

The ZendXmlSecurity::scan in ZendXml before 1.0.1 and Zend Framework before 1.12.14, 2.x before 2.4.6, and 2.5.x before 2.5.2, when running under PHP-FPM in a threaded environment, allows remote attackers to bypass security checks and conduct XML external entity XXE and XML entity expansion XEE...

6.8CVSS6.9AI score0.09911EPSS
Exploits7References20Affected Software3
OSV
OSV
added 2022/05/17 2:41 a.m.15 views

GHSA-GWWQ-54QP-9PGP Zend Framework CSRF Vulnerability

Cross-site request forgery CSRF vulnerability in Zend/Validator/Csrf in Zend Framework 2.3.x before 2.3.6 via null or malformed token identifiers...

8.8CVSS8.8AI score0.00656EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2022/05/17 2:41 a.m.39 views

Zend Framework CSRF Vulnerability

Cross-site request forgery CSRF vulnerability in Zend/Validator/Csrf in Zend Framework 2.3.x before 2.3.6 via null or malformed token identifiers...

8.8CVSS7AI score0.00656EPSS
Exploits0References9Affected Software1
Rows per page
Query Builder