CVE-2015-3154

CRLF injection vulnerability in Zend\Mail ZendMail in Zend Framework before 1.12.12, 2.x before 2.3.8, and 2.4.x before 2.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the header of an email...

CVE-2016-6233

The 1 order and 2 group methods in ZendDbSelect in the Zend Framework before 1.12.19 might allow remote attackers to conduct SQL injection attacks via vectors related to use of the character pattern \w in a regular expression...

CVE-2012-5657

The 1 ZendFeedRss and 2 ZendFeedAtom classes in ZendFeed in Zend Framework 1.11.x before 1.11.15 and 1.12.x before 1.12.1 allow remote attackers to read arbitrary files, send HTTP requests to intranet servers, and possibly cause a denial of service CPU and memory consumption via an XML External...

CVE-2009-4417

The shutdown function in the ZendLogWriterMail class in Zend Framework ZF allows context-dependent attackers to send arbitrary e-mail messages to any recipient address via vectors related to "events not yet mailed."...

CVE-2009-4417

The CVE concerns Zend Framework’s Zend_Log_Writer_Mail shutdown function. Affected component is Zend Framework (ZF) – specifically Zend_Log_Writer_Mail – where the shutdown() path allows context-dependent attackers to cause arbitrary e-mails to be sent to any recipient via vectors related to “eve...