Lucene search
K

494 matches found

OSV
OSV
added 2013/02/13 5:55 p.m.1 views

UBUNTU-CVE-2012-6531

1 ZendDom, 2 ZendFeed, and 3 ZendSoap in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 do not properly handle SimpleXMLElement classes, which allow remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC...

6.4CVSS7.5AI score0.02519EPSS
Exploits0References8
Prion
Prion
added 2013/02/13 5:55 p.m.25 views

Xxe

ZendXmlRpc in Zend Framework 1.x before 1.11.12 and 1.12.x before 1.12.0 does not properly handle SimpleXMLElement classes, which allows remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, aka an XML...

6.4CVSS7AI score0.50248EPSS
Exploits1References12Affected Software3
OSV
OSV
added 2013/02/13 5:55 p.m.6 views

UBUNTU-CVE-2012-3363

ZendXmlRpc in Zend Framework 1.x before 1.11.12 and 1.12.x before 1.12.0 does not properly handle SimpleXMLElement classes, which allows remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, aka an XML...

9.1CVSS5.9AI score0.50248EPSS
Exploits1References4
Prion
Prion
added 2013/02/13 5:55 p.m.25 views

Xxe

1 ZendDom, 2 ZendFeed, and 3 ZendSoap in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 do not properly handle SimpleXMLElement classes, which allow remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC...

6.4CVSS7.3AI score0.50248EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2013/02/13 5:55 p.m.3 views

UBUNTU-CVE-2012-6532

1 ZendDom, 2 ZendFeed, 3 ZendSoap, and 4 ZendXmlRpc in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 allow remote attackers to cause a denial of service CPU consumption via recursive or circular references in an XML entity definition in an XML DOCTYPE declaration, aka an XML Entity...

5CVSS7.3AI score0.01848EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2013/02/13 5:55 p.m.20 views

CVE-2012-6532

1 ZendDom, 2 ZendFeed, 3 ZendSoap, and 4 ZendXmlRpc in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 allow remote attackers to cause a denial of service CPU consumption via recursive or circular references in an XML entity definition in an XML DOCTYPE declaration, aka an XML Entity...

5CVSS7.2AI score0.01848EPSS
Exploits0References2
Cvelist
Cvelist
added 2013/02/13 5:0 p.m.35 views

CVE-2012-3363

ZendXmlRpc in Zend Framework 1.x before 1.11.12 and 1.12.x before 1.12.0 does not properly handle SimpleXMLElement classes, which allows remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, aka an XML...

9.2AI score0.50248EPSS
Exploits1References12
Cvelist
Cvelist
added 2013/02/13 5:0 p.m.30 views

CVE-2012-6532

1 ZendDom, 2 ZendFeed, 3 ZendSoap, and 4 ZendXmlRpc in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 allow remote attackers to cause a denial of service CPU consumption via recursive or circular references in an XML entity definition in an XML DOCTYPE declaration, aka an XML Entity...

9.1AI score0.01848EPSS
Exploits0References2
CVE
CVE
added 2013/02/13 5:0 p.m.76 views

CVE-2012-6532

CVE-2012-6532 affects Zend Framework 1.x: Zend_Dom, Zend_Feed, Zend_Soap, and Zend_XmlRpc before 1.11.13 and 1.12.x before 1.12.0. It allows remote attackers to cause a denial of service via XML Entity Expansion (XEE) caused by recursive or circular references in a DOCTYPE declaration. The vulner...

5CVSS8.9AI score0.01848EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2013/02/13 5:0 p.m.6 views

CVE-2012-3363

ZendXmlRpc in Zend Framework 1.x before 1.11.12 and 1.12.x before 1.12.0 does not properly handle SimpleXMLElement classes, which allows remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request, aka an XML...

7.2AI score0.50248EPSS
Exploits1References12
Cvelist
Cvelist
added 2013/02/13 5:0 p.m.31 views

CVE-2012-6531

1 ZendDom, 2 ZendFeed, and 3 ZendSoap in Zend Framework 1.x before 1.11.13 and 1.12.x before 1.12.0 do not properly handle SimpleXMLElement classes, which allow remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC...

9.2AI score0.02519EPSS
Exploits0References6
CVE
CVE
added 2013/02/13 5:0 p.m.74 views

CVE-2012-6531

CVE-2012-6531 affects Zend Framework 1.x: Zend_Dom, Zend_Feed, and Zend_Soap (versions before 1.11.13; 1.12.x before 1.12.0) fail to properly handle SimpleXMLElement, enabling remote XXE injection via a DOCTYPE in XML-RPC requests to read files or initiate TCP connections. This is a separate issu...

6.4CVSS9.1AI score0.02519EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2013/02/13 5:0 p.m.205 views

CVE-2012-3363

CVE-2012-3363 : Zend_XmlRpc in Zend Framework 1.x before 1.11.12 and 1.12.x before 1.12.0 mishandles SimpleXMLElement classes, enabling remote attackers to read arbitrary files or make TCP connections via an external entity reference in a DOCTYPE element in an XML-RPC request (XXE). This is cause...

9.1CVSS9AI score0.50248EPSS
Exploits1References12Affected Software1
Positive Technologies
Positive Technologies
added 2013/02/13 12:0 a.m.5 views

PT-2013-1601 · Zend · Zend Framework

Name of the Vulnerable Software and Affected Versions: Zend Framework versions 1.x prior to 1.11.12 Zend Framework versions 1.12.x prior to 1.12.0 Description: The issue allows remote attackers to read arbitrary files or create TCP connections via an external entity reference in a DOCTYPE element...

9.1CVSS7.7AI score0.50248EPSS
Exploits1References23
Amazon
Amazon
added 2013/02/04 12:0 a.m.47 views

Medium: php-ZendFramework

Issue Overview: The 1 ZendFeedRss and 2 ZendFeedAtom classes in ZendFeed in Zend Framework 1.11.x before 1.11.15 and 1.12.x before 1.12.1 allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, and possibly cause a denial of service CPU and memory consumption via a...

5CVSS9.7AI score0.01705EPSS
Exploits0
Fedora
Fedora
added 2013/01/20 3:8 a.m.31 views

[SECURITY] Fedora 16 Update: php-ZendFramework-1.12.1-1.fc16

Extending the art & spirit of PHP, Zend Framework is based on simplicity, object-oriented best practices, corporate friendly licensing, and a rigorou sly tested agile code base. Zend Framework is focused on building more secure, reliable, and modern Web 2.0 applications & web services, and...

5CVSS2.3AI score0.01705EPSS
Exploits0
Fedora
Fedora
added 2013/01/20 3:2 a.m.25 views

[SECURITY] Fedora 18 Update: php-ZendFramework-1.12.1-1.fc18

Extending the art & spirit of PHP, Zend Framework is based on simplicity, object-oriented best practices, corporate friendly licensing, and a rigorou sly tested agile code base. Zend Framework is focused on building more secure, reliable, and modern Web 2.0 applications & web services, and...

5CVSS2.3AI score0.01705EPSS
Exploits0
seebug.org
seebug.org
added 2012/12/21 12:0 a.m.18 views

Zend Framework 'Zend_Feed'组件信息泄露漏洞

BUGTRAQ ID: 56982 Zend Framework ZF 是一个开放源代码的 PHP5 开发框架,可用于来开发 web 程序和服务。 Zend Framework 1.11.15、1.12.1之前版本的ZendFeedRss、ZendFeedAtom类由于使用了不安全的PHP DOM扩展,其"ZendFeed"组件在处理xml数据时存在漏洞,通过发送包含有外部实体引用的特制XML数据,攻击者可利用此漏洞打开任意文件,最终导致了本地文件信息泄露漏洞。 0 Zend Zend Framework 1.11.6 Zend Zend Framework 1.11.4 Zend Ze...

7.2AI score
Exploits0
Friends Of PHP
Friends Of PHP
added 2012/12/18 4:17 p.m.12 views

Potential XML eXternal Entity injection vectors in Zend Framework 1 Zend_Feed component

More info at https://framework.zend.com/security/advisory/ZF2012-05...

7.2AI score
Exploits0Affected Software1
Tenable Nessus
Tenable Nessus
added 2012/10/17 12:0 a.m.39 views

FreeBSD : Zend Framework -- Multiple vulnerabilities via XXE injection (ec34d0c2-1799-11e2-b4ab-000c29033c32)

The Zend Framework team reports : The XmlRpc package of Zend Framework is vulnerable to XML eXternal Entity Injection attacks both server and client. The SimpleXMLElement class SimpleXML PHP extension is used in an insecure way to parse XML data. External entities can be specified by adding a...

9.1CVSS7.9AI score0.50248EPSS
Exploits1References7
Rows per page
Query Builder