1702 matches found
Ability to enable/disable object support in YAML parsing and dumping
More info at https://symfony.com/blog/security-release-symfony-2-0-22-and-2-1-7-released...
Ability to enable/disable object support in YAML parsing and dumping
More info at https://symfony.com/blog/security-release-symfony-2-0-22-and-2-1-7-released...
Ability to enable/disable PHP parsing in Yaml::parse()
More info at https://symfony.com/blog/security-release-symfony-2-0-22-and-2-1-7-released...
Ability to enable/disable PHP parsing in Yaml::parse()
More info at https://symfony.com/blog/security-release-symfony-2-0-22-and-2-1-7-released...
Code execution vulnerability via the "internal" routes
More info at https://symfony.com/blog/security-release-symfony-2-0-20-and-2-1-5-released...
Potential XML eXternal Entity injection vectors in Zend Framework 1 Zend_Feed component
More info at https://framework.zend.com/security/advisory/ZF2012-05...
code injection in `Wrapper::buildClientWrapperCode` via manipulation of the `$client` argument
security fix: hardened the Client::send method against misuse of the $method argument issue 81. Abusing its value, it was possible to force the client to access local files or connect to undesired urls instead of the intended target server's url the one used in the Client constructor. This weakne...
local file access in `Client:send` via manipulation of `$protocol` argument
security fix: hardened the Client::send method against misuse of the $method argument issue 81. Abusing its value, it was possible to force the client to access local files or connect to undesired urls instead of the intended target server's url the one used in the Client constructor. This weakne...
Request::getClientIp() when the trust proxy mode is enabled
More info at https://symfony.com/blog/security-release-symfony-2-0-19-and-2-1-4...
Request::getClientIp() when the trust proxy mode is enabled
More info at https://symfony.com/blog/security-release-symfony-2-0-19-and-2-1-4...
Vulnerability in the EntityUserProvider as provided in the Doctrine bridge
More info at https://symfony.com/blog/security-release-symfony-2-0-6...
Potential Proxy Injection Vulnerabilities in Multiple Zend Framework 2 Components
More info at https://framework.zend.com/security/advisory/ZF2012-04...
DOS attack in FOSUserBundle login form
More info at https://symfony.com/cve-2013-5750...
Denial of Service vector via XEE injection
More info at https://framework.zend.com/security/advisory/ZF2012-02...
Potential XSS Vectors in Multiple Zend Framework 2 Components
More info at https://framework.zend.com/security/advisory/ZF2012-03...
Security fixes related to the way XML is handled
More info at https://symfony.com/blog/security-release-symfony-2-0-17-released...
Security fixes related to the way XML is handled
More info at https://symfony.com/blog/security-release-symfony-2-0-17-released...
Security fixes related to the way XML is handled
More info at https://symfony.com/blog/security-release-symfony-2-0-17-released...
Security fixes related to the way XML is handled
More info at https://symfony.com/blog/security-release-symfony-2-0-17-released...
Security fixes related to the way XML is handled
More info at https://symfony.com/blog/security-release-symfony-2-0-17-released...
Local file disclosure via XXE injection in Zend_XmlRpc
More info at https://framework.zend.com/security/advisory/ZF2012-01...
Fixes a security issue where the session could be hijacked
Changelog ========= 4.1.0 2026-02-13 Convert XML config files to other formats to fix the deprecation of XML config files in Symfony Add PHP routing files alongside the XML ones. Loading the XML routing files triggers a deprecation in Symfony 7.4. Fix deprecation in the UserChecker Fix the...
Fixed the user refreshing to check the identity by primary key instead of username
Changelog ========= 4.1.0 2026-02-13 Convert XML config files to other formats to fix the deprecation of XML config files in Symfony Add PHP routing files alongside the XML ones. Loading the XML routing files triggers a deprecation in Symfony 7.4. Fix deprecation in the UserChecker Fix the...
Potential XSS in Development Environment Error View Script
More info at https://framework.zend.com/security/advisory/ZF2011-01...
Insecure Unserialize Vulnerability in FLOW3
More info at https://www.neos.io/blog/flow-sa-2012-001.html...
Insecure Unserialize Vulnerability in FLOW3
More info at https://www.neos.io/blog/flow-sa-2012-001.html...
Routes behind a firewall are accessible even when not logged in
More info at https://symfony.com/blog/security-release-symfony-2-0-20-and-2-1-5-released...
Routes behind a firewall are accessible even when not logged in
More info at https://symfony.com/blog/security-release-symfony-2-0-20-and-2-1-5-released...
Routes behind a firewall are accessible even when not logged in
More info at https://symfony.com/blog/security-release-symfony-2-0-20-and-2-1-5-released...
Routes behind a firewall are accessible even when not logged in
More info at https://symfony.com/blog/security-release-symfony-2-0-20-and-2-1-5-released...
XML decoding attack vector through external entities
More info at https://symfony.com/blog/security-release-symfony-2-0-11-released...
XML decoding attack vector through external entities
More info at https://symfony.com/blog/security-release-symfony-2-0-11-released...
SQL injection possibility
More info at https://www.doctrine-project.org/blog/doctrine-security-fix.html...
SQL injection possibility
More info at https://www.doctrine-project.org/blog/dbal-security-2011-1.html...
Potential SQL Injection Vector When Using PDO_MySql
More info at https://framework.zend.com/security/advisory/ZF2011-02...
XSS vulnerability exploitable on Internet Explorer
More info at http://htmlpurifier.org/news/2010/0531-4.1.1-released...
XSS vulnerability exploitable on Internet Explorer
More info at http://htmlpurifier.org/news/2010/0531-4.1.1-released...
Multiple XSS vulnerabilities exploitable on Internet Explorer
More info at http://htmlpurifier.org/security/2010/css-quoting...
Potential Security Issues in Bundled Dojo Library
More info at https://framework.zend.com/security/advisory/ZF2010-07...
Potential Security Issues in Bundled Dojo Library
More info at https://framework.zend.com/security/advisory/ZF2010-06...
Potential XSS vector in Zend_Filter_StripTags when comments allowed
More info at https://framework.zend.com/security/advisory/ZF2010-03...
Potential XSS vector in Zend_Service_ReCaptcha_MailHide
More info at https://framework.zend.com/security/advisory/ZF2010-05...
Potential XSS vectors due to inconsistent encodings
More info at https://framework.zend.com/security/advisory/ZF2010-01...
Potential XSS vector in Zend_Dojo_View_Helper_Editor
More info at https://framework.zend.com/security/advisory/ZF2010-02...
XSS vector in Zend_Filter_StripTags
More info at https://framework.zend.com/security/advisory/ZF2009-02...
LFI vector in Zend_View::setScriptPath() and render()
More info at https://framework.zend.com/security/advisory/ZF2009-01...
Filter input to avoid XPath injection
In order to avoid XPath injection, user input must be filtered before it ends up in the query. Unfortunately, there's no way to do this with a standard method in PHP, so we need our own filtering function. Current best practice recommends using white lists instead of black lists to allow only a...
PHP Code Injection
phpWhois PHP Code Injection\nVulnerability Overview\nphpWhois and some of its forks in versions before 5.1.0 are prone to a\ncode injection vulnerability due to insufficient sanitization of returned\nWHOIS data. This allows attackers controlling the WHOIS information of a\nrequested domain to...
PHP Code Injection
phpWhois PHP Code Injection\nVulnerability Overview\nphpWhois and some of its forks in versions before 5.1.0 are prone to a\ncode injection vulnerability due to insufficient sanitization of returned\nWHOIS data. This allows attackers controlling the WHOIS information of a\nrequested domain to...
Padding Oracle Vulnerability in RSA Encryption
Hi, https://github.com/pagarme/pagarme-php/blob/master/lib/Pagarme/CardHashCommon.php This class has a confusing name. CardHash implies a cryptographic hash e.g. SHA256 is being used, but you're encrypting with RSA. Interestingly, you're not specifying the padding client-side, so you're encryptin...