Lucene search
K

494 matches found

cve
cve
added 2021/04/21 8:15 p.m.100 views

CVE-2021-21426

CVE-2021-21426 relates to Magento-lts (versions <= 19.4.12 and

9.8CVSS9.3AI score0.01203EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2021/04/21 8:15 p.m.36 views

CVE-2021-21426 Fixes a bug in Zend Framework's Stream HTTP Wrapper

Magento-lts is a long-term support alternative to Magento Community Edition CE. In magento-lts versions 19.4.12 and prior and 20.0.8 and prior, there is a vulnerability caused by the unsecured deserialization of an object. A patch in versions 19.4.13 and 20.0.9 was back ported from Zend Framework...

9.8CVSS9.6AI score0.01203EPSS
Exploits0References1
threatpost
threatpost
added 2021/01/19 3:51 p.m.78 views

Linux Devices Under Attack by New FreakOut Malware

Researchers are warning a novel malware variant is targeting Linux devices, in order to add endpoints to a botnet to then be utilized in distributed-denial-of-service DDoS attacks and cryptomining. The malware variant, called FreakOut, has a variety of capabilities. Those include port scanning,...

10CVSS10AI score0.99783EPSS
Exploits16References8
checkpoint_advisories
checkpoint_advisories
added 2021/01/17 12:0 a.m.12 views

Zend Framework Remote Code Execution (CVE-2021-3007)

A remote code execution vulnerability exists in Zend Framework. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

7.5CVSS5.5AI score0.75313EPSS
Exploits3
vulncheck_kev
vulncheck_kev
added 2021/01/14 12:0 a.m.4 views

VulnCheck KEV: CVE-2021-3007

Laminas Project laminas-http before 2.14.2, and Zend Framework 3.0.0, has a deserialization vulnerability that can lead to remote code execution if the content is controllable, related to the destruct method of the Zend\Http\Response\Stream class in Stream.php. NOTE: Zend Framework is no longer...

9.8CVSS8AI score0.75313EPSS
Exploits3References1
threatpost
threatpost
added 2021/01/05 10:28 p.m.211 views

RCE 'Bug' Found and Disputed in Popular PHP Scripting Framework

Versions of the popular developer tool Zend Framework and its successor Laminas Project can be abused by an attacker to execute remote code on PHP-based websites, if they are running web-based applications that are vulnerable to attack. However, those that maintain Zend Framework emphasize that t...

9.8AI score0.75313EPSS
Exploits3References10
osv
osv
added 2021/01/04 3:15 a.m.10 views

CVE-2021-3007

Laminas Project laminas-http before 2.14.2, and Zend Framework 3.0.0, has a deserialization vulnerability that can lead to remote code execution if the content is controllable, related to the destruct method of the Zend\Http\Response\Stream class in Stream.php. NOTE: Zend Framework is no longer...

9.8CVSS9.8AI score
Exploits0References5
nvd
nvd
added 2021/01/04 3:15 a.m.24 views

CVE-2021-3007

Laminas Project laminas-http before 2.14.2, and Zend Framework 3.0.0, has a deserialization vulnerability that can lead to remote code execution if the content is controllable, related to the destruct method of the Zend\Http\Response\Stream class in Stream.php. NOTE: Zend Framework is no longer...

9.8CVSS9.8AI score0.75313EPSS
Exploits3References5
prion
prion
added 2021/01/04 3:15 a.m.31 views

Deserialization of untrusted data

DISPUTED Laminas Project laminas-http before 2.14.2, and Zend Framework 3.0.0, has a deserialization vulnerability that can lead to remote code execution if the content is controllable, related to the destruct method of the Zend\Http\Response\Stream class in Stream.php. NOTE: Zend Framework is no...

7.5CVSS9.7AI score0.75313EPSS
Exploits3References5Affected Software2
attackerkb
attackerkb
added 2021/01/04 3:15 a.m.63 views

CVE-2021-3007

Laminas Project laminas-http before 2.14.2, and Zend Framework 3.0.0, has a deserialization vulnerability that can lead to remote code execution if the content is controllable, related to the destruct method of the Zend\Http\Response\Stream class in Stream.php. NOTE: Zend Framework is no longer...

9.8CVSS8.1AI score0.75313EPSS
In wildExploits3References7
cve
cve
added 2021/01/04 2:26 a.m.440 views

CVE-2021-3007

Laminas-http

9.8CVSS9.6AI score0.75313EPSS
In wildExploits3References5Affected Software2
cvelist
cvelist
added 2021/01/04 2:26 a.m.75 views

CVE-2021-3007

Laminas Project laminas-http before 2.14.2, and Zend Framework 3.0.0, has a deserialization vulnerability that can lead to remote code execution if the content is controllable, related to the destruct method of the Zend\Http\Response\Stream class in Stream.php. NOTE: Zend Framework is no longer...

10AI score0.75313EPSS
Exploits3References5
ptsecurity
ptsecurity
added 2021/01/04 12:0 a.m.8 views

PT-2021-18593 · Zend +1 · Zend Framework +1

Name of the Vulnerable Software and Affected Versions: Laminas Project laminas-http versions prior to 2.14.2 Zend Framework version 3.0.0 Description: The issue is related to a deserialization vulnerability that can lead to remote code execution if the content is controllable. This is due to the...

9.8CVSS9.9AI score0.75313EPSS
Exploits3References17
cnnvd
cnnvd
added 2021/01/03 12:0 a.m.9 views

Laminas Project laminas-http and Zend Framework Code Issues Vulnerabilities

ZEND Zend Framework is an open source PHP development framework from ZEND Corporation, which is mainly used for developing web programs and services.Laminas Project laminas-http is an HTTP message and header abstraction and HTTP client implementation of the Laminas Project. A code issue...

9.8CVSS7.8AI score0.75313EPSS
Exploits3References7
nvd
nvd
added 2020/02/17 10:15 p.m.24 views

CVE-2014-8089

SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote attackers to execute arbitrary SQL commands via a null byte...

9.8CVSS10AI score0.0255EPSS
Exploits1References4
ubuntucve
ubuntucve
added 2020/02/17 10:15 p.m.27 views

CVE-2014-8089

SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote attackers to execute arbitrary SQL commands via a null byte...

9.8CVSS7.5AI score0.0255EPSS
Exploits1References3
prion
prion
added 2020/02/17 10:15 p.m.25 views

Sql injection

SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote attackers to execute arbitrary SQL commands via a null byte...

7.5CVSS8.8AI score0.0255EPSS
Exploits1References4Affected Software3
osv
osv
added 2020/02/17 10:15 p.m.5 views

UBUNTU-CVE-2014-8089

SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote attackers to execute arbitrary SQL commands via a null byte...

9.8CVSS7.7AI score0.0255EPSS
Exploits1References4
cve
cve
added 2020/02/17 9:39 p.m.139 views

CVE-2014-8089

CVE-2014-8089 describes a SQL injection in Zend Framework when using the sqlsrv PHP extension. The vulnerability affects: Zend Framework 1.x up to 1.12.9; 2.2.x before 2.2.8; and 2.3.x before 2.3.3, enabling remote attackers to execute arbitrary SQL commands via a null byte in input. Documents fr...

9.8CVSS9.8AI score0.0255EPSS
Exploits1References4Affected Software1
cvelist
cvelist
added 2020/02/17 9:39 p.m.32 views

CVE-2014-8089

SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote attackers to execute arbitrary SQL commands via a null byte...

9.9AI score0.0255EPSS
Exploits1References4
Rows per page
Query Builder