494 matches found
Zend Framework Information Disclosure
Zend Framework before 2.4.9, zend-framework/zend-crypt 2.4.x before 2.4.9, and 2.5.x before 2.5.2 allows remote attackers to recover the RSA private key...
GHSA-PM9M-W23Q-5967 Zend Framework Information Disclosure
Zend Framework before 2.4.9, zend-framework/zend-crypt 2.4.x before 2.4.9, and 2.5.x before 2.5.2 allows remote attackers to recover the RSA private key...
Zend Framework Allows SQL Injection
The 1 order and 2 group methods in ZendDbSelect in the Zend Framework before 1.12.19 might allow remote attackers to conduct SQL injection attacks via vectors related to use of the character pattern \w in a regular expression...
Zend Framework Allows SQL Injection
The 1 order and 2 group methods in ZendDbSelect in the Zend Framework before 1.12.20 might allow remote attackers to conduct SQL injection attacks by leveraging failure to remove comments from an SQL statement before validation...
GHSA-XFJQ-W3CW-H5FQ Zend Framework Allows SQL Injection
The 1 order and 2 group methods in ZendDbSelect in the Zend Framework before 1.12.20 might allow remote attackers to conduct SQL injection attacks by leveraging failure to remove comments from an SQL statement before validation...
GHSA-P9HP-3GPV-52W3 Zend Framework Allows SQL Injection
The 1 order and 2 group methods in ZendDbSelect in the Zend Framework before 1.12.19 might allow remote attackers to conduct SQL injection attacks via vectors related to use of the character pattern \w in a regular expression...
GHSA-GP39-H9C2-QW79 Several Zend Products Vulnerable to XXE and XEE attacks
Zend Framework 1 ZF1 before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendServiceAudioScrobbler, ZendServiceNirvanix, ZendServiceSlideShare, ZendServiceTechnorati, and ZendServiceWindowsAzure before 2.0.2, ZendServiceAmazon before 2.0.3, and ZendServiceAp...
Several Zend Products Vulnerable to XXE and XEE attacks
Zend Framework 1 ZF1 before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendServiceAudioScrobbler, ZendServiceNirvanix, ZendServiceSlideShare, ZendServiceTechnorati, and ZendServiceWindowsAzure before 2.0.2, ZendServiceAmazon before 2.0.3, and ZendServiceAp...
GHSA-43XG-87XW-JPV8 Several Zend Products Vulnerable to XXE and XEE attacks
Zend Framework 1 ZF1 before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendServiceAudioScrobbler, ZendServiceNirvanix, ZendServiceSlideShare, ZendServiceTechnorati, and ZendServiceWindowsAzure before 2.0.2, ZendServiceAmazon before 2.0.3, and ZendServiceAp...
GHSA-5WM2-38Q5-5RXV Several Zend Products Vulnerable to XXE and XEE attacks
Zend Framework 1 ZF1 before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendServiceAudioScrobbler, ZendServiceNirvanix, ZendServiceSlideShare, ZendServiceTechnorati, and ZendServiceWindowsAzure before 2.0.2, ZendServiceAmazon before 2.0.3, and ZendServiceAp...
Several Zend Products Vulnerable to XXE and XEE attacks
Zend Framework 1 ZF1 before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendServiceAudioScrobbler, ZendServiceNirvanix, ZendServiceSlideShare, ZendServiceTechnorati, and ZendServiceWindowsAzure before 2.0.2, ZendServiceAmazon before 2.0.3, and ZendServiceAp...
Several Zend Products Vulnerable to XXE and XEE attacks
Zend Framework 1 ZF1 before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendServiceAudioScrobbler, ZendServiceNirvanix, ZendServiceSlideShare, ZendServiceTechnorati, and ZendServiceWindowsAzure before 2.0.2, ZendServiceAmazon before 2.0.3, and ZendServiceAp...
GHSA-F6P5-76FP-M248 URL Rewrite vulnerability in multiple zendframework components
zend-diactoros and, by extension, Expressive, zend-http and, by extension, Zend Framework MVC projects, and zend-feed specifically, its PubSubHubbub sub-component each contain a potential URL rewrite exploit. In each case, marshaling a request URI includes logic that introspects HTTP request...
URL Rewrite vulnerability in multiple zendframework components
zend-diactoros and, by extension, Expressive, zend-http and, by extension, Zend Framework MVC projects, and zend-feed specifically, its PubSubHubbub sub-component each contain a potential URL rewrite exploit. In each case, marshaling a request URI includes logic that introspects HTTP request...
ownCloud < 5.0.15, 6.0.x < 6.0.2 Multiple Vulnerabilities
ownCloud is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:owncloud:owncloud"; ifdescription...
GHSA-M496-X567-F98C Fixes a bug in Zend Framework's Stream HTTP Wrapper
Impact CVE-2021-3007: Backport of ZendHttpResponseStream, added certain type checking as a way to prevent exploitation. https://vulners.com/cve/CVE-2021-3007 This vulnerability is caused by the unsecured deserialization of an object. In versions higher than Zend Framework 3.0.0, the attacker abus...
Fixes a bug in Zend Framework's Stream HTTP Wrapper
Impact CVE-2021-3007: Backport of ZendHttpResponseStream, added certain type checking as a way to prevent exploitation. https://vulners.com/cve/CVE-2021-3007 This vulnerability is caused by the unsecured deserialization of an object. In versions higher than Zend Framework 3.0.0, the attacker abus...
CVE-2021-21426
Magento-lts is a long-term support alternative to Magento Community Edition CE. In magento-lts versions 19.4.12 and prior and 20.0.8 and prior, there is a vulnerability caused by the unsecured deserialization of an object. A patch in versions 19.4.13 and 20.0.9 was back ported from Zend Framework...
CVE-2021-21426
Magento-lts is a long-term support alternative to Magento Community Edition CE. In magento-lts versions 19.4.12 and prior and 20.0.8 and prior, there is a vulnerability caused by the unsecured deserialization of an object. A patch in versions 19.4.13 and 20.0.9 was back ported from Zend Framework...
Deserialization of untrusted data
Magento-lts is a long-term support alternative to Magento Community Edition CE. In magento-lts versions 19.4.12 and prior and 20.0.8 and prior, there is a vulnerability caused by the unsecured deserialization of an object. A patch in versions 19.4.13 and 20.0.9 was back ported from Zend Framework...