494 matches found
UBUNTU-CVE-2012-6531
1 ZendDom, 2 ZendFeed, and 3 ZendSoap in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 do not properly handle SimpleXMLElement classes, which allow remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC...
Xxe
ZendXmlRpc in Zend Framework 1.x before 1.11.12 and 1.12.x before 1.12.0 does not properly handle SimpleXMLElement classes, which allows remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, aka an XML...
UBUNTU-CVE-2012-3363
ZendXmlRpc in Zend Framework 1.x before 1.11.12 and 1.12.x before 1.12.0 does not properly handle SimpleXMLElement classes, which allows remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, aka an XML...
Xxe
1 ZendDom, 2 ZendFeed, and 3 ZendSoap in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 do not properly handle SimpleXMLElement classes, which allow remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC...
UBUNTU-CVE-2012-6532
1 ZendDom, 2 ZendFeed, 3 ZendSoap, and 4 ZendXmlRpc in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 allow remote attackers to cause a denial of service CPU consumption via recursive or circular references in an XML entity definition in an XML DOCTYPE declaration, aka an XML Entity...
CVE-2012-6532
1 ZendDom, 2 ZendFeed, 3 ZendSoap, and 4 ZendXmlRpc in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 allow remote attackers to cause a denial of service CPU consumption via recursive or circular references in an XML entity definition in an XML DOCTYPE declaration, aka an XML Entity...
CVE-2012-3363
ZendXmlRpc in Zend Framework 1.x before 1.11.12 and 1.12.x before 1.12.0 does not properly handle SimpleXMLElement classes, which allows remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, aka an XML...
CVE-2012-6532
1 ZendDom, 2 ZendFeed, 3 ZendSoap, and 4 ZendXmlRpc in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 allow remote attackers to cause a denial of service CPU consumption via recursive or circular references in an XML entity definition in an XML DOCTYPE declaration, aka an XML Entity...
CVE-2012-6532
CVE-2012-6532 affects Zend Framework 1.x: Zend_Dom, Zend_Feed, Zend_Soap, and Zend_XmlRpc before 1.11.13 and 1.12.x before 1.12.0. It allows remote attackers to cause a denial of service via XML Entity Expansion (XEE) caused by recursive or circular references in a DOCTYPE declaration. The vulner...
CVE-2012-3363
ZendXmlRpc in Zend Framework 1.x before 1.11.12 and 1.12.x before 1.12.0 does not properly handle SimpleXMLElement classes, which allows remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, aka an XML...
CVE-2012-6531
1 ZendDom, 2 ZendFeed, and 3 ZendSoap in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 do not properly handle SimpleXMLElement classes, which allow remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC...
CVE-2012-6531
CVE-2012-6531 affects Zend Framework 1.x: Zend_Dom, Zend_Feed, and Zend_Soap (versions before 1.11.13; 1.12.x before 1.12.0) fail to properly handle SimpleXMLElement, enabling remote XXE injection via a DOCTYPE in XML-RPC requests to read files or initiate TCP connections. This is a separate issu...
CVE-2012-3363
CVE-2012-3363 : Zend_XmlRpc in Zend Framework 1.x before 1.11.12 and 1.12.x before 1.12.0 mishandles SimpleXMLElement classes, enabling remote attackers to read arbitrary files or make TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request (XXE). This is cause...
PT-2013-1601 · Zend · Zend Framework
Name of the Vulnerable Software and Affected Versions: Zend Framework versions 1.x prior to 1.11.12 Zend Framework versions 1.12.x prior to 1.12.0 Description: The issue allows remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element...
Medium: php-ZendFramework
Issue Overview: The 1 ZendFeedRss and 2 ZendFeedAtom classes in ZendFeed in Zend Framework 1.11.x before 1.11.15 and 1.12.x before 1.12.1 allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, and possibly cause a denial of service CPU and memory consumption via a...
[SECURITY] Fedora 16 Update: php-ZendFramework-1.12.1-1.fc16
Extending the art & spirit of PHP, Zend Framework is based on simplicity, object-oriented best practices, corporate friendly licensing, and a rigorou sly tested agile code base. Zend Framework is focused on building more secure, reliable, and modern Web 2.0 applications & web services, and...
[SECURITY] Fedora 18 Update: php-ZendFramework-1.12.1-1.fc18
Extending the art & spirit of PHP, Zend Framework is based on simplicity, object-oriented best practices, corporate friendly licensing, and a rigorou sly tested agile code base. Zend Framework is focused on building more secure, reliable, and modern Web 2.0 applications & web services, and...
Zend Framework 'Zend_Feed'组件信息泄露漏洞
BUGTRAQ ID: 56982 Zend Framework ZF 是一个开放源代码的 PHP5 开发框架,可用于来开发 web 程序和服务。 Zend Framework 1.11.15、1.12.1之前版本的ZendFeedRss、ZendFeedAtom类由于使用了不安全的PHP DOM扩展,其"ZendFeed"组件在处理xml数据时存在漏洞,通过发送包含有外部实体引用的特制XML数据,攻击者可利用此漏洞打开任意文件,最终导致了本地文件信息泄露漏洞。 0 Zend Zend Framework 1.11.6 Zend Zend Framework 1.11.4 Zend Ze...
Potential XML eXternal Entity injection vectors in Zend Framework 1 Zend_Feed component
More info at https://framework.zend.com/security/advisory/ZF2012-05...
FreeBSD : Zend Framework -- Multiple vulnerabilities via XXE injection (ec34d0c2-1799-11e2-b4ab-000c29033c32)
The Zend Framework team reports : The XmlRpc package of Zend Framework is vulnerable to XML eXternal Entity Injection attacks both server and client. The SimpleXMLElement class SimpleXML PHP extension is used in an insecure way to parse XML data. External entities can be specified by adding a...