Lucene search
K

494 matches found

Positive Technologies
Positive Technologies
added 2024/05/30 12:0 a.m.5 views

PT-2024-40459 · Libxml2 +1 · Libxml2 +1

Name of the Vulnerable Software and Affected Versions: Zend Framework 2 affected versions not specified Description: The issue concerns XML Entity Expansion XEE attacks, specifically Quadratic Blowup Attacks, which can lead to Denial Of Service attacks against a host's RAM. This is due to the lac...

7.5CVSS6.9AI score
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/05/30 12:0 a.m.5 views

PT-2024-40416 · Libxml2 +2 · Libxml2 +2

Name of the Vulnerable Software and Affected Versions: Zend Framework 2 affected versions not specified Description: The issue concerns XML Entity Expansion XEE attacks, which can lead to Denial Of Service attacks against a host's RAM. This occurs because there is no current method of disabling...

7.5CVSS7AI score
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/05/29 12:0 a.m.4 views

PT-2024-40236 · Libxml2 +1 · Libxml2 +1

Name of the Vulnerable Software and Affected Versions: Zend Framework 2 affected versions not specified Description: The issue concerns a vulnerability to XML Entity Expansion XEE attacks, specifically Quadratic Blowup Attacks, in software utilizing libxml2. This vulnerability allows for Denial O...

7.5CVSS6.9AI score
Exploits0References5
OSV
OSV
added 2024/05/15 10:33 p.m.12 views

GHSA-26HQ-7286-MG8F Magento Patch SUPEE-9652 - Remote Code Execution using mail vulnerability

Zend Framework 1 vulnerability can be remotely exploited to execute code in Magento 1. While the issue is not reproducible in Magento 2, the library code is the same so it was fixed as well. Note: while the vulnerability is scored as critical, few systems are affected. To be affected by the...

7.3AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2024/05/15 10:33 p.m.13 views

Magento Patch SUPEE-9652 - Remote Code Execution using mail vulnerability

Zend Framework 1 vulnerability can be remotely exploited to execute code in Magento 1. While the issue is not reproducible in Magento 2, the library code is the same so it was fixed as well. Note: while the vulnerability is scored as critical, few systems are affected. To be affected by the...

7.3AI score
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2024/05/15 12:0 a.m.5 views

PT-2024-40011 · Zend +1 · Zend Framework 1 +1

Name of the Vulnerable Software and Affected Versions: Zend Framework 1 affected versions not specified Magento 1 affected versions not specified Description: The issue allows for remote code execution and is considered critical, although few systems are affected. To be vulnerable, the installati...

7.9AI score
Exploits0References4
Veracode
Veracode
added 2024/04/26 12:28 p.m.26 views

Sql Injection

Zend framework is vulnerable to Sql Injection. The vulnerability is due to improper input validation, allowing remote attackers to execute arbitrary SQL commands via a null byte...

9.8CVSS8AI score0.0255EPSS
Exploits1References9Affected Software3
OSV
OSV
added 2024/04/23 10:39 p.m.28 views

GHSA-QH9W-R7G5-Q939 Zend Framework SQL injection vulnerability

SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote attackers to execute arbitrary SQL commands via a null byte...

9.8CVSS9.8AI score0.0255EPSS
Exploits1References9
Github Security Blog
Github Security Blog
added 2024/04/23 10:39 p.m.28 views

Zend Framework SQL injection vulnerability

SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote attackers to execute arbitrary SQL commands via a null byte...

9.8CVSS8.5AI score0.0255EPSS
Exploits1References10Affected Software3
OSV
OSV
added 2023/04/04 3:15 p.m.3 views

CVE-2020-29312

An issue found in Zend Framework v.3.1.3 and before allow a remote attacker to execute arbitrary code via the unserialize function. Note: This has been disputed by third parties as incomplete and incorrect. The framework does not have a version that surpasses 2.x.x and was deprecated in early 202...

9.8CVSS6.1AI score0.01256EPSS
Exploits0References3
Prion
Prion
added 2023/04/04 3:15 p.m.21 views

Design/Logic Flaw

An issue found in Zend Framework v.3.1.3 and before allow a remote attacker to execute arbitrary code via the unserialize function...

7.5CVSS9.6AI score0.01256EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2023/04/04 12:0 a.m.27 views

CVE-2020-29312

An issue found in Zend Framework v.3.1.3 and before allow a remote attacker to execute arbitrary code via the unserialize function. Note: This has been disputed by third parties as incomplete and incorrect. The framework does not have a version that surpasses 2.x.x and was deprecated in early 202...

9.8AI score0.01256EPSS
Exploits0References2
CVE
CVE
added 2023/04/04 12:0 a.m.72 views

CVE-2020-29312

CVE-2020-29312 affects Zend Framework in versions up to 3.1.3 (and before) and is described as allowing a remote attacker to execute arbitrary code via the unserialize function. The connected records corroborate the issue scope (Zend Framework, unserialize-based code execution, deprecated status ...

9.8CVSS9.7AI score0.01256EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2023/04/04 12:0 a.m.6 views

ZEND Zend Framework 代码问题漏洞

ZEND Zend Framework ZF is a suite of open source PHP development frameworks from ZEND Corporation, USA, which is primarily used for developing web programs and services. A code issue vulnerability exists in Zend Framework version 3.1.3, which stems from allowing remote attackers to execute...

9.8CVSS9.1AI score0.01256EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/04/04 12:0 a.m.4 views

PT-2023-11776

Name of the Vulnerable Software and Affected Versions Zend Framework versions prior to 2.x.x Description The issue allows a remote attacker to execute arbitrary code via the unserialize function. Note that the information about version 3.1.3 has been disputed by third parties as incomplete and...

9.8CVSS7.5AI score0.01256EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2023/04/04 12:0 a.m.10 views

CVE-2020-29312

An issue found in Zend Framework v.3.1.3 and before allow a remote attacker to execute arbitrary code via the unserialize function. Note: This has been disputed by third parties as incomplete and incorrect. The framework does not have a version that surpasses 2.x.x and was deprecated in early 202...

8AI score0.01256EPSS
Exploits0References2
F5 Networks
F5 Networks
added 2023/02/21 8:0 p.m.29 views

K06430416: Zend Framework vulnerability CVE-2015-7695

Security Advisory Description The PDO adapters in Zend Framework before 1.12.16 do not filer null bytes in SQL statements, which allows remote attackers to execute arbitrary SQL commands via a crafted query. CVE-2015-7695 Impact There is no impact; F5 products are not affected by this...

9.8CVSS9.7AI score0.02972EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 6:53 p.m.29 views

K10280318: Zend Framework vulnerability CVE-2016-6233

Security Advisory Description The 1 order and 2 group methods in ZendDbSelect in the Zend Framework before 1.12.19 might allow remote attackers to conduct SQL injection attacks via vectors related to use of the character pattern \w in a regular expression. CVE-2016-6233 Impact There is no impact;...

9.8CVSS9.6AI score0.02047EPSS
Exploits1
F5 Networks
F5 Networks
added 2023/02/21 6:34 p.m.60 views

K79502122: Zend Framework vulnerability CVE-2016-10034

Security Advisory Description The setFrom function in the Sendmail adapter in the zend-mail component before 2.4.11, 2.5.x, 2.6.x, and 2.7.x before 2.7.2, and Zend Framework before 2.4.11 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary...

9.8CVSS9.6AI score0.38438EPSS
Exploits10
CNNVD
CNNVD
added 2023/02/21 12:0 a.m.6 views

irontec klear-library chloe SQL注入漏洞

klear-library is a Zend Framework 1 public site external library open source by Irontec. Irontec klear-library chloe has a SQL injection vulnerability , the vulnerability stems from the file Controller/Rest/BaseController.php function prepareWhere has a problem , which will lead to sql injection...

9.8CVSS6.3AI score0.00691EPSS
Exploits0References5
Rows per page
Query Builder