Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
ZendZend Framework*

8 matches found

CVE
CVEadded 2017/12/29 2:29 p.m.201 views

CVE-2014-4914

The Zend_Db_Select::order function in Zend Framework before 1.12.7 does not properly handle parentheses, which allows remote attackers to conduct SQL injection attacks via unspecified vectors.

9.8CVSS7.9AI score0.03436EPSS
CVE
CVEadded 2020/02/17 10:15 p.m.122 views

CVE-2014-8089

SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote attackers to execute arbitrary SQL commands via a null byte.

9.8CVSS9.8AI score0.01115EPSS
CVE
CVEadded 2020/01/03 5:15 p.m.118 views

CVE-2012-4451

Multiple cross-site scripting (XSS) vulnerabilities in Zend Framework 2.0.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified input to (1) Debug, (2) Feed\PubSubHubbub, (3) Log\Formatter\Xml, (4) Tag\Cloud\Decorator, (5) Uri, (6) View\Helper\HeadStyle, (7) V...

6.1CVSS6AI score0.01779EPSS
CVE
CVEadded 2019/12/15 10:15 p.m.86 views

CVE-2014-4913

ZF2014-03 has a potential cross site scripting vector in multiple view helpers

6.1CVSS6.1AI score0.00565EPSS
CVE
CVEadded 2020/01/27 4:15 p.m.79 views

CVE-2015-3154

CRLF injection vulnerability in Zend\Mail (Zend_Mail) in Zend Framework before 1.12.12, 2.x before 2.3.8, and 2.4.x before 2.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the header of an email.

6.1CVSS6.4AI score0.00274EPSS
CVE
CVEadded 2014/11/16 12:59 a.m.69 views

CVE-2014-2683

Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure before 2.0.2, ZendService_Amazon before 2.0.3, and ZendSer...

5CVSS9.1AI score0.02975EPSS
CVE
CVEadded 2014/11/16 12:59 a.m.68 views

CVE-2014-2682

Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure before 2.0.2, ZendService_Amazon before 2.0.3, and ZendSer...

6.8CVSS9.4AI score0.01826EPSS
CVE
CVEadded 2014/11/16 12:59 a.m.65 views

CVE-2014-2681

Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 and 2.2.x before 2.2.6, ZendOpenId, ZendRest, ZendService_AudioScrobbler, ZendService_Nirvanix, ZendService_SlideShare, ZendService_Technorati, and ZendService_WindowsAzure before 2.0.2, ZendService_Amazon before 2.0.3, and ZendSer...

6.4CVSS9.3AI score0.03452EPSS