494 matches found
PT-2024-40459 · Libxml2 +1 · Libxml2 +1
Name of the Vulnerable Software and Affected Versions: Zend Framework 2 affected versions not specified Description: The issue concerns XML Entity Expansion XEE attacks, specifically Quadratic Blowup Attacks, which can lead to Denial Of Service attacks against a host's RAM. This is due to the lac...
PT-2024-40416 · Libxml2 +2 · Libxml2 +2
Name of the Vulnerable Software and Affected Versions: Zend Framework 2 affected versions not specified Description: The issue concerns XML Entity Expansion XEE attacks, which can lead to Denial Of Service attacks against a host's RAM. This occurs because there is no current method of disabling...
PT-2024-40236 · Libxml2 +1 · Libxml2 +1
Name of the Vulnerable Software and Affected Versions: Zend Framework 2 affected versions not specified Description: The issue concerns a vulnerability to XML Entity Expansion XEE attacks, specifically Quadratic Blowup Attacks, in software utilizing libxml2. This vulnerability allows for Denial O...
GHSA-26HQ-7286-MG8F Magento Patch SUPEE-9652 - Remote Code Execution using mail vulnerability
Zend Framework 1 vulnerability can be remotely exploited to execute code in Magento 1. While the issue is not reproducible in Magento 2, the library code is the same so it was fixed as well. Note: while the vulnerability is scored as critical, few systems are affected. To be affected by the...
Magento Patch SUPEE-9652 - Remote Code Execution using mail vulnerability
Zend Framework 1 vulnerability can be remotely exploited to execute code in Magento 1. While the issue is not reproducible in Magento 2, the library code is the same so it was fixed as well. Note: while the vulnerability is scored as critical, few systems are affected. To be affected by the...
PT-2024-40011 · Zend +1 · Zend Framework 1 +1
Name of the Vulnerable Software and Affected Versions: Zend Framework 1 affected versions not specified Magento 1 affected versions not specified Description: The issue allows for remote code execution and is considered critical, although few systems are affected. To be vulnerable, the installati...
Sql Injection
Zend framework is vulnerable to Sql Injection. The vulnerability is due to improper input validation, allowing remote attackers to execute arbitrary SQL commands via a null byte...
GHSA-QH9W-R7G5-Q939 Zend Framework SQL injection vulnerability
SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote attackers to execute arbitrary SQL commands via a null byte...
Zend Framework SQL injection vulnerability
SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote attackers to execute arbitrary SQL commands via a null byte...
CVE-2020-29312
An issue found in Zend Framework v.3.1.3 and before allow a remote attacker to execute arbitrary code via the unserialize function. Note: This has been disputed by third parties as incomplete and incorrect. The framework does not have a version that surpasses 2.x.x and was deprecated in early 202...
Design/Logic Flaw
An issue found in Zend Framework v.3.1.3 and before allow a remote attacker to execute arbitrary code via the unserialize function...
CVE-2020-29312
An issue found in Zend Framework v.3.1.3 and before allow a remote attacker to execute arbitrary code via the unserialize function. Note: This has been disputed by third parties as incomplete and incorrect. The framework does not have a version that surpasses 2.x.x and was deprecated in early 202...
CVE-2020-29312
CVE-2020-29312 affects Zend Framework in versions up to 3.1.3 (and before) and is described as allowing a remote attacker to execute arbitrary code via the unserialize function. The connected records corroborate the issue scope (Zend Framework, unserialize-based code execution, deprecated status ...
ZEND Zend Framework 代码问题漏洞
ZEND Zend Framework ZF is a suite of open source PHP development frameworks from ZEND Corporation, USA, which is primarily used for developing web programs and services. A code issue vulnerability exists in Zend Framework version 3.1.3, which stems from allowing remote attackers to execute...
PT-2023-11776
Name of the Vulnerable Software and Affected Versions Zend Framework versions prior to 2.x.x Description The issue allows a remote attacker to execute arbitrary code via the unserialize function. Note that the information about version 3.1.3 has been disputed by third parties as incomplete and...
CVE-2020-29312
An issue found in Zend Framework v.3.1.3 and before allow a remote attacker to execute arbitrary code via the unserialize function. Note: This has been disputed by third parties as incomplete and incorrect. The framework does not have a version that surpasses 2.x.x and was deprecated in early 202...
K06430416: Zend Framework vulnerability CVE-2015-7695
Security Advisory Description The PDO adapters in Zend Framework before 1.12.16 do not filer null bytes in SQL statements, which allows remote attackers to execute arbitrary SQL commands via a crafted query. CVE-2015-7695 Impact There is no impact; F5 products are not affected by this...
K10280318: Zend Framework vulnerability CVE-2016-6233
Security Advisory Description The 1 order and 2 group methods in ZendDbSelect in the Zend Framework before 1.12.19 might allow remote attackers to conduct SQL injection attacks via vectors related to use of the character pattern \w in a regular expression. CVE-2016-6233 Impact There is no impact;...
K79502122: Zend Framework vulnerability CVE-2016-10034
Security Advisory Description The setFrom function in the Sendmail adapter in the zend-mail component before 2.4.11, 2.5.x, 2.6.x, and 2.7.x before 2.7.2, and Zend Framework before 2.4.11 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary...
irontec klear-library chloe SQL注入漏洞
klear-library is a Zend Framework 1 public site external library open source by Irontec. Irontec klear-library chloe has a SQL injection vulnerability , the vulnerability stems from the file Controller/Rest/BaseController.php function prepareWhere has a problem , which will lead to sql injection...